npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

cookie-lit

v2.0.0

Published

Library for serialization and parsing of server and client side cookies

Downloads

14

Readme

cookie-lit

cookie-lit is a library for parsing and serialization of server and client side cookies. It is heavily inspired by cookie and js-cookie and tries to combine both projects into one solution.

Installation

$ npm install cookie-lit

# Using yarn
$ yarn add cookie-lit

Usage

Basic

import CookieJar from 'cookie-lit';

// Create a new cookie jar
const jar = new CookieJar();

// Set cookies
jar.set('my-cookie', 'a value');
jar.set('my-second-cookie', 'another value');

// Get a cookie by name
jar.get('my-cookie');
// ➞ '{ "my-cookie": "a value" }'

// Get all cookies currently in the jar
jar.get();
// ➞ '{ "my-cookie": "a value", "my-second-cookie": "another value" }'

// Remove a cookie by name
jar.remove('my-cookie');

Set a cookie with options

import CookieJar from 'cookie-lit';
const jar = new CookieJar();

const cookie = jar.set('my-cookie', 'value', {
  expires: 1,
  secure: true,
});
// ➞ 'my-cookie=value; Expires=Wed, 15 Jan 2020 18:10:22 GMT; Secure'

You can read all about the possible options in the API chapter.

Create a pre-filled jar of cookies

You can pre-fill a cookie jar by passing in a valid cookie string.
This is useful when dealing with cookies coming from a HTTP request object.

export default (req, res) => {
  // req.headers.cookie ≙ 'my-cookie=value'
  const jar = new CookieJar(req.headers.cookie);
  const cookies = jar.get();
  // ➞ '{ "my-cookie": "value" }'
  ...
}

API

new CookieJar(cookies?)

Create a new cookie jar instance. You can pre-fill a cookie jar by passing in a valid HTTP Cookie header string or object containing cookie key-value pairs.

const jar = new CookieJar('my-cookie=value');
console.log(jar.get()); // '{ "my-cookie": "value" }'
const jar = new CookieJar({ my-cookie: 'value' );
console.log(jar.get()) // '{ "my-cookie": "value" }'

jar.set(name, value, options?)

Set a cookie name-value pair. The method will serialize the given pair into a Set-Cookie header string that is also returned from the method so you can use it to set a cookie as a HTTP response header. If called client side, the cookie pair will be added to document.cookie automatically for you.

name

The name of the cookie

value

The value to set the cookie to. If the value is of type object, we call JSON.stringify on it.

options

An optional object specifying additional cookie attributes.

encode

Us the encode property to specify a function that will be used to encode the value set by jar.set(). See RFC6265 Section 4.1.1 and RFC6265 Section 6.1 for detailed instructions on cookie value best-practices and limitations.

By default, we are using the global encodeURIComponent function, which will encode a string by replacing each instance of certain characters by UTF-8 representations.

domain

Specifies the Domain Set-Cookie attribute. By default, no domain is set and most clients will consider the cookie to apply to only the current domain.

jar.set('my-cookie', 'value', { domain: 'my-domain.com' });
// ➞ 'my-cookie=value; Domain=my-domain.com'
expires

Specifies the Expires Set-Cookie attribute. You can either set a specific Date instance or a Number that will be interpreted as days from time of creation.

By default, no expiration date is set. Most clients will consider this a session cookie and remove the cookie as soon as the browser window is closed.

// Expires one day from creation.
jar.set('my-cookie', 'value', { expires: 1 });
// ➞ 'my-cookie=value; Expires=Mon, 01 Jan 2020 00:00:00 GMT'

Note: If both expires and maxAge are set, maxAge takes precedence, but it is possible that not all clients obey this rule. So if both are set, they should be set to the same date and time.

httpOnly

Specifies the HttpOnly Set-Cookie attribute. When truthy, the attribute is set.

jar.set('my-cookie', 'value', { httpOnly: true });
// ➞ 'my-cookie=value; HttpOnly'

Note: When setting httpOnly to true, clients will not allow JavaScript to see this cookie.

maxAge

Specifies the Max-Age Set-Cookie attribute in seconds. The given number will be converted to an integer by rounding down.

jar.set('my-cookie', 'value', { maxAge: 60 });
// ➞ 'my-cookie=value; Max-Age=60'

Note: If both maxAge and expires are set, maxAge takes precedence, but it is possible that not all clients obey this rule. So if both are set, they should be set to the same date and time.

path

Specfies the Path Set-Cookie attribute. If the path attribute is omitted, the client will use the "directory" of the request-uri's path component as the default value.

jar.set('my-cookie', 'value', { path: '/' });
// ➞ 'my-cookie=value; Path=/'

Note: Although seemingly useful for isolating cookies between different paths within a given host, the Path attribute cannot be relied upon for security.

sameSite

Specifies the SameSite Set-Cookie attribute. Use one of the following possible values:

  • true will set the attribute to "Strict"
  • false will not set the attribute
  • lax will set the attribute to "Lax"
  • none will set the attribute to "None"
  • strict will set the attribute to "Strict"
jar.set('my-cookie', 'value', { sameSite: true });
// ➞ 'my-cookie=value; SameSite=Strict'

Note: Browsers are migrating to have cookies default to SameSite=Lax. If a cookie is needed to be sent cross-origin, opt out of the SameSite restriction using the None directive. The None directive requires the Secure attribute.

secure

Specifies the Secure Set-Cookie attribute. When truthy, the attribte is set.

Note: When setting secure to true, complient clients will not send the cookie over HTTP and you will not allow JavaScript to see this cookie on http://localhost.

jar.get(name?, options?)

Get all cookie name-value pairs currently stored in the cookie jar. By specifying the name argument you can query for a specific cookie value.

// document.cookie = 'my-cookie=value'

jar.get();
// ➞ '{ "my-cookie": "value" }'

name

An optional cookie header name to query a specific cookie value for.

options

An optional object specifying additional query options.

decode

Specifies a function that will be used to decode a previously-encoded cookie value into a JavaScript string or object.

By default this function is the global decodeURIComponent.

Note: If the decode function throws an error, the original value will be returned.

jar.remove(name, options?)

Delete a cookie from document.cookie and the cookie jar. The method will return an appropriate Set-Cookie header string to remove the cookie.

jar.set('my-cookie');
// document.cookie = 'my-cookie=value'
// jar.get() = '{ "my-cookie": "value" }'

jar.remove('my-cookie');
// ➞ 'my-cookie=; Expires=Thu, 01 Jan 1970 00:00:00 GMT; Max-Age=0'
// document.cookie = ''
// jar.get() = '{}'

name

The name of the cookie to be deleted.

options

An optional object containing additional cookie attributes. These attributes must match the attributes set on the cookie to be deleted.

jar.set('my-cookie', 'value', { path: '' });

// This will fail, as the `path` attributes don't match.
jar.remove('my-cookie');

// This will remove the cookie.
jar.remove('my-cookie', { path: '' });

Note: Removing a non-existent cookie neither raises any exception nor returns any value.