cookie-es 0.5.0 → 1.1.0

package/README.md

@@ -1,7 +1,13 @@
 
 # cookie-es
 
-[![bundle size](https://flat.badgen.net/bundlephobia/minzip/cookie-es)](https://bundlephobia.com/package/cookie-es)
+<!-- automd:badges bundlejs -->
+
+[![npm version](https://img.shields.io/npm/v/cookie-es)](https://npmjs.com/package/cookie-es)
+[![npm downloads](https://img.shields.io/npm/dm/cookie-es)](https://npmjs.com/package/cookie-es)
+[![bundle size](https://img.shields.io/bundlejs/size/cookie-es)](https://bundlejs.com/?q=cookie-es)
+
+<!-- /automd -->
 
 ESM build of [cookie](https://www.npmjs.com/package/cookie) with bundled types.
 
@@ -9,24 +15,53 @@ ESM build of [cookie](https://www.npmjs.com/package/cookie) with bundled types.
 
 Install:
 
+<!-- automd:pm-install -->
+
 ```sh
+# ✨ Auto-detect
+npx nypm install cookie-es
+
 # npm
-npm i cookie-es
+npm install cookie-es
 
 # yarn
 yarn add cookie-es
+
+# pnpm
+pnpm install cookie-es
+
+# bun
+bun install cookie-es
 ```
 
+<!-- /automd-->
+
 Import:
 
+
+<!-- automd:jsimport cdn cjs src=./src/index.ts -->
+
+**ESM** (Node.js, Bun)
+
 ```js
-// ESM
-import { parse, serialize } from 'cookie-es'
+import { parse, serialize } from "cookie-es";
+```
+
+**CommonJS** (Legacy Node.js)
 
-// CommonJS
-const { parse, serialize } = require('cookie-es')
+```js
+const { parse, serialize } = require("cookie-es");
 ```
 
+**CDN** (Deno, Bun and Browsers)
+
+```js
+import { parse, serialize } from "https://esm.sh/cookie-es";
+```
+
+<!-- /automd -->
+
+
 ## License
 
 [MIT](./LICENSE)

package/dist/index.cjs

@@ -1,53 +1,55 @@
 'use strict';
 
-Object.defineProperty(exports, '__esModule', { value: true });
-
-const decode = decodeURIComponent;
-const encode = encodeURIComponent;
-const pairSplitRegExp = /; */;
-const fieldContentRegExp = /^[\u0009\u0020-\u007e\u0080-\u00ff]+$/;
+const fieldContentRegExp = /^[\u0009\u0020-\u007E\u0080-\u00FF]+$/;
 function parse(str, options) {
   if (typeof str !== "string") {
     throw new TypeError("argument str must be a string");
   }
-  let obj = {};
-  let opt = options || {};
-  let pairs = str.split(pairSplitRegExp);
-  let dec = opt.decode || decode;
-  for (let i = 0; i < pairs.length; i++) {
-    let pair = pairs[i];
-    let eq_idx = pair.indexOf("=");
-    if (eq_idx < 0) {
-      continue;
+  const obj = {};
+  const opt = options || {};
+  const dec = opt.decode || decode;
+  let index = 0;
+  while (index < str.length) {
+    const eqIdx = str.indexOf("=", index);
+    if (eqIdx === -1) {
+      break;
     }
-    let key = pair.substr(0, eq_idx).trim();
-    let val = pair.substr(++eq_idx, pair.length).trim();
-    if (val[0] == '"') {
-      val = val.slice(1, -1);
+    let endIdx = str.indexOf(";", index);
+    if (endIdx === -1) {
+      endIdx = str.length;
+    } else if (endIdx < eqIdx) {
+      index = str.lastIndexOf(";", eqIdx - 1) + 1;
+      continue;
     }
-    if (obj[key] == void 0) {
+    const key = str.slice(index, eqIdx).trim();
+    if (void 0 === obj[key]) {
+      let val = str.slice(eqIdx + 1, endIdx).trim();
+      if (val.codePointAt(0) === 34) {
+        val = val.slice(1, -1);
+      }
       obj[key] = tryDecode(val, dec);
     }
+    index = endIdx + 1;
   }
   return obj;
 }
 function serialize(name, value, options) {
-  let opt = options || {};
-  let enc = opt.encode || encode;
+  const opt = options || {};
+  const enc = opt.encode || encode;
   if (typeof enc !== "function") {
     throw new TypeError("option encode is invalid");
   }
   if (!fieldContentRegExp.test(name)) {
     throw new TypeError("argument name is invalid");
   }
-  let encodedValue = enc(value);
+  const encodedValue = enc(value);
   if (encodedValue && !fieldContentRegExp.test(encodedValue)) {
     throw new TypeError("argument val is invalid");
   }
   let str = name + "=" + encodedValue;
-  if (opt.maxAge != null) {
-    let maxAge = opt.maxAge - 0;
-    if (isNaN(maxAge) || !isFinite(maxAge)) {
+  if (void 0 !== opt.maxAge && opt.maxAge !== null) {
+    const maxAge = opt.maxAge - 0;
+    if (Number.isNaN(maxAge) || !Number.isFinite(maxAge)) {
       throw new TypeError("option maxAge is invalid");
     }
     str += "; Max-Age=" + Math.floor(maxAge);
@@ -65,7 +67,7 @@ function serialize(name, value, options) {
     str += "; Path=" + opt.path;
   }
   if (opt.expires) {
-    if (typeof opt.expires.toUTCString !== "function") {
+    if (!isDate(opt.expires) || Number.isNaN(opt.expires.valueOf())) {
       throw new TypeError("option expires is invalid");
     }
     str += "; Expires=" + opt.expires.toUTCString();
@@ -76,34 +78,71 @@ function serialize(name, value, options) {
   if (opt.secure) {
     str += "; Secure";
   }
+  if (opt.priority) {
+    const priority = typeof opt.priority === "string" ? opt.priority.toLowerCase() : opt.priority;
+    switch (priority) {
+      case "low": {
+        str += "; Priority=Low";
+        break;
+      }
+      case "medium": {
+        str += "; Priority=Medium";
+        break;
+      }
+      case "high": {
+        str += "; Priority=High";
+        break;
+      }
+      default: {
+        throw new TypeError("option priority is invalid");
+      }
+    }
+  }
   if (opt.sameSite) {
-    let sameSite = typeof opt.sameSite === "string" ? opt.sameSite.toLowerCase() : opt.sameSite;
+    const sameSite = typeof opt.sameSite === "string" ? opt.sameSite.toLowerCase() : opt.sameSite;
     switch (sameSite) {
-      case true:
+      case true: {
         str += "; SameSite=Strict";
         break;
-      case "lax":
+      }
+      case "lax": {
         str += "; SameSite=Lax";
         break;
-      case "strict":
+      }
+      case "strict": {
         str += "; SameSite=Strict";
         break;
-      case "none":
+      }
+      case "none": {
         str += "; SameSite=None";
         break;
-      default:
+      }
+      default: {
         throw new TypeError("option sameSite is invalid");
+      }
     }
   }
+  if (opt.partitioned) {
+    str += "; Partitioned";
+  }
   return str;
 }
+function isDate(val) {
+  return Object.prototype.toString.call(val) === "[object Date]" || val instanceof Date;
+}
 function tryDecode(str, decode2) {
   try {
     return decode2(str);
-  } catch (e) {
+  } catch {
     return str;
   }
 }
+function decode(str) {
+  return str.includes("%") ? decodeURIComponent(str) : str;
+}
+function encode(val) {
+  return encodeURIComponent(val);
+}
 
 exports.parse = parse;
 exports.serialize = serialize;

package/dist/index.d.cts

@@ -0,0 +1,151 @@
+/**
+ * Basic HTTP cookie parser and serializer for HTTP servers.
+ */
+/**
+ * Additional serialization options
+ */
+interface CookieSerializeOptions {
+    /**
+     * Specifies the value for the {@link https://tools.ietf.org/html/rfc6265#section-5.2.3|Domain Set-Cookie attribute}. By default, no
+     * domain is set, and most clients will consider the cookie to apply to only
+     * the current domain.
+     */
+    domain?: string | undefined;
+    /**
+     * Specifies a function that will be used to encode a cookie's value. Since
+     * value of a cookie has a limited character set (and must be a simple
+     * string), this function can be used to encode a value into a string suited
+     * for a cookie's value.
+     *
+     * The default function is the global `encodeURIComponent`, which will
+     * encode a JavaScript string into UTF-8 byte sequences and then URL-encode
+     * any that fall outside of the cookie range.
+     */
+    encode?(value: string): string;
+    /**
+     * Specifies the `Date` object to be the value for the {@link https://tools.ietf.org/html/rfc6265#section-5.2.1|`Expires` `Set-Cookie` attribute}. By default,
+     * no expiration is set, and most clients will consider this a "non-persistent cookie" and will delete
+     * it on a condition like exiting a web browser application.
+     *
+     * *Note* the {@link https://tools.ietf.org/html/rfc6265#section-5.3|cookie storage model specification}
+     * states that if both `expires` and `maxAge` are set, then `maxAge` takes precedence, but it is
+     * possible not all clients by obey this, so if both are set, they should
+     * point to the same date and time.
+     */
+    expires?: Date | undefined;
+    /**
+     * Specifies the boolean value for the {@link https://tools.ietf.org/html/rfc6265#section-5.2.6|`HttpOnly` `Set-Cookie` attribute}.
+     * When truthy, the `HttpOnly` attribute is set, otherwise it is not. By
+     * default, the `HttpOnly` attribute is not set.
+     *
+     * *Note* be careful when setting this to true, as compliant clients will
+     * not allow client-side JavaScript to see the cookie in `document.cookie`.
+     */
+    httpOnly?: boolean | undefined;
+    /**
+     * Specifies the number (in seconds) to be the value for the `Max-Age`
+     * `Set-Cookie` attribute. The given number will be converted to an integer
+     * by rounding down. By default, no maximum age is set.
+     *
+     * *Note* the {@link https://tools.ietf.org/html/rfc6265#section-5.3|cookie storage model specification}
+     * states that if both `expires` and `maxAge` are set, then `maxAge` takes precedence, but it is
+     * possible not all clients by obey this, so if both are set, they should
+     * point to the same date and time.
+     */
+    maxAge?: number | undefined;
+    /**
+     * Specifies the value for the {@link https://tools.ietf.org/html/rfc6265#section-5.2.4|`Path` `Set-Cookie` attribute}.
+     * By default, the path is considered the "default path".
+     */
+    path?: string | undefined;
+    /**
+     * Specifies the `string` to be the value for the [`Priority` `Set-Cookie` attribute][rfc-west-cookie-priority-00-4.1].
+     *
+     * - `'low'` will set the `Priority` attribute to `Low`.
+     * - `'medium'` will set the `Priority` attribute to `Medium`, the default priority when not set.
+     * - `'high'` will set the `Priority` attribute to `High`.
+     *
+     * More information about the different priority levels can be found in
+     * [the specification][rfc-west-cookie-priority-00-4.1].
+     *
+     * **note** This is an attribute that has not yet been fully standardized, and may change in the future.
+     * This also means many clients may ignore this attribute until they understand it.
+     */
+    priority?: "low" | "medium" | "high" | undefined;
+    /**
+     * Specifies the boolean or string to be the value for the {@link https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.7|`SameSite` `Set-Cookie` attribute}.
+     *
+     * - `true` will set the `SameSite` attribute to `Strict` for strict same
+     * site enforcement.
+     * - `false` will not set the `SameSite` attribute.
+     * - `'lax'` will set the `SameSite` attribute to Lax for lax same site
+     * enforcement.
+     * - `'strict'` will set the `SameSite` attribute to Strict for strict same
+     * site enforcement.
+     *  - `'none'` will set the SameSite attribute to None for an explicit
+     *  cross-site cookie.
+     *
+     * More information about the different enforcement levels can be found in {@link https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.7|the specification}.
+     *
+     * *note* This is an attribute that has not yet been fully standardized, and may change in the future. This also means many clients may ignore this attribute until they understand it.
+     */
+    sameSite?: true | false | "lax" | "strict" | "none" | undefined;
+    /**
+     * Specifies the boolean value for the {@link https://tools.ietf.org/html/rfc6265#section-5.2.5|`Secure` `Set-Cookie` attribute}. When truthy, the
+     * `Secure` attribute is set, otherwise it is not. By default, the `Secure` attribute is not set.
+     *
+     * *Note* be careful when setting this to `true`, as compliant clients will
+     * not send the cookie back to the server in the future if the browser does
+     * not have an HTTPS connection.
+     */
+    secure?: boolean | undefined;
+    /**
+     * Specifies the `boolean` value for the [`Partitioned` `Set-Cookie`](rfc-cutler-httpbis-partitioned-cookies)
+     * attribute. When truthy, the `Partitioned` attribute is set, otherwise it is not. By default, the
+     * `Partitioned` attribute is not set.
+     *
+     * **note** This is an attribute that has not yet been fully standardized, and may change in the future.
+     * This also means many clients may ignore this attribute until they understand it.
+     *
+     * More information about can be found in [the proposal](https://github.com/privacycg/CHIPS)
+     */
+    partitioned?: boolean;
+}
+/**
+ * Additional parsing options
+ */
+interface CookieParseOptions {
+    /**
+     * Specifies a function that will be used to decode a cookie's value. Since
+     * the value of a cookie has a limited character set (and must be a simple
+     * string), this function can be used to decode a previously-encoded cookie
+     * value into a JavaScript string or other object.
+     *
+     * The default function is the global `decodeURIComponent`, which will decode
+     * any URL-encoded sequences into their byte representations.
+     *
+     * *Note* if an error is thrown from this function, the original, non-decoded
+     * cookie value will be returned as the cookie's value.
+     */
+    decode?(value: string): string;
+}
+
+/**
+ * Parse an HTTP Cookie header string and returning an object of all cookie
+ * name-value pairs.
+ *
+ * @param str the string representing a `Cookie` header value
+ * @param [options] object containing parsing options
+ */
+declare function parse(str: string, options?: CookieParseOptions): Record<string, string>;
+/**
+ * Serialize a cookie name-value pair into a `Set-Cookie` header string.
+ *
+ * @param name the name for the cookie
+ * @param value value to set the cookie to
+ * @param [options] object containing serialization options
+ * @throws {TypeError} when `maxAge` options is invalid
+ */
+declare function serialize(name: string, value: string, options?: CookieSerializeOptions): string;
+
+export { type CookieParseOptions, type CookieSerializeOptions, parse, serialize };

package/dist/index.d.mts

@@ -0,0 +1,151 @@
+/**
+ * Basic HTTP cookie parser and serializer for HTTP servers.
+ */
+/**
+ * Additional serialization options
+ */
+interface CookieSerializeOptions {
+    /**
+     * Specifies the value for the {@link https://tools.ietf.org/html/rfc6265#section-5.2.3|Domain Set-Cookie attribute}. By default, no
+     * domain is set, and most clients will consider the cookie to apply to only
+     * the current domain.
+     */
+    domain?: string | undefined;
+    /**
+     * Specifies a function that will be used to encode a cookie's value. Since
+     * value of a cookie has a limited character set (and must be a simple
+     * string), this function can be used to encode a value into a string suited
+     * for a cookie's value.
+     *
+     * The default function is the global `encodeURIComponent`, which will
+     * encode a JavaScript string into UTF-8 byte sequences and then URL-encode
+     * any that fall outside of the cookie range.
+     */
+    encode?(value: string): string;
+    /**
+     * Specifies the `Date` object to be the value for the {@link https://tools.ietf.org/html/rfc6265#section-5.2.1|`Expires` `Set-Cookie` attribute}. By default,
+     * no expiration is set, and most clients will consider this a "non-persistent cookie" and will delete
+     * it on a condition like exiting a web browser application.
+     *
+     * *Note* the {@link https://tools.ietf.org/html/rfc6265#section-5.3|cookie storage model specification}
+     * states that if both `expires` and `maxAge` are set, then `maxAge` takes precedence, but it is
+     * possible not all clients by obey this, so if both are set, they should
+     * point to the same date and time.
+     */
+    expires?: Date | undefined;
+    /**
+     * Specifies the boolean value for the {@link https://tools.ietf.org/html/rfc6265#section-5.2.6|`HttpOnly` `Set-Cookie` attribute}.
+     * When truthy, the `HttpOnly` attribute is set, otherwise it is not. By
+     * default, the `HttpOnly` attribute is not set.
+     *
+     * *Note* be careful when setting this to true, as compliant clients will
+     * not allow client-side JavaScript to see the cookie in `document.cookie`.
+     */
+    httpOnly?: boolean | undefined;
+    /**
+     * Specifies the number (in seconds) to be the value for the `Max-Age`
+     * `Set-Cookie` attribute. The given number will be converted to an integer
+     * by rounding down. By default, no maximum age is set.
+     *
+     * *Note* the {@link https://tools.ietf.org/html/rfc6265#section-5.3|cookie storage model specification}
+     * states that if both `expires` and `maxAge` are set, then `maxAge` takes precedence, but it is
+     * possible not all clients by obey this, so if both are set, they should
+     * point to the same date and time.
+     */
+    maxAge?: number | undefined;
+    /**
+     * Specifies the value for the {@link https://tools.ietf.org/html/rfc6265#section-5.2.4|`Path` `Set-Cookie` attribute}.
+     * By default, the path is considered the "default path".
+     */
+    path?: string | undefined;
+    /**
+     * Specifies the `string` to be the value for the [`Priority` `Set-Cookie` attribute][rfc-west-cookie-priority-00-4.1].
+     *
+     * - `'low'` will set the `Priority` attribute to `Low`.
+     * - `'medium'` will set the `Priority` attribute to `Medium`, the default priority when not set.
+     * - `'high'` will set the `Priority` attribute to `High`.
+     *
+     * More information about the different priority levels can be found in
+     * [the specification][rfc-west-cookie-priority-00-4.1].
+     *
+     * **note** This is an attribute that has not yet been fully standardized, and may change in the future.
+     * This also means many clients may ignore this attribute until they understand it.
+     */
+    priority?: "low" | "medium" | "high" | undefined;
+    /**
+     * Specifies the boolean or string to be the value for the {@link https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.7|`SameSite` `Set-Cookie` attribute}.
+     *
+     * - `true` will set the `SameSite` attribute to `Strict` for strict same
+     * site enforcement.
+     * - `false` will not set the `SameSite` attribute.
+     * - `'lax'` will set the `SameSite` attribute to Lax for lax same site
+     * enforcement.
+     * - `'strict'` will set the `SameSite` attribute to Strict for strict same
+     * site enforcement.
+     *  - `'none'` will set the SameSite attribute to None for an explicit
+     *  cross-site cookie.
+     *
+     * More information about the different enforcement levels can be found in {@link https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.7|the specification}.
+     *
+     * *note* This is an attribute that has not yet been fully standardized, and may change in the future. This also means many clients may ignore this attribute until they understand it.
+     */
+    sameSite?: true | false | "lax" | "strict" | "none" | undefined;
+    /**
+     * Specifies the boolean value for the {@link https://tools.ietf.org/html/rfc6265#section-5.2.5|`Secure` `Set-Cookie` attribute}. When truthy, the
+     * `Secure` attribute is set, otherwise it is not. By default, the `Secure` attribute is not set.
+     *
+     * *Note* be careful when setting this to `true`, as compliant clients will
+     * not send the cookie back to the server in the future if the browser does
+     * not have an HTTPS connection.
+     */
+    secure?: boolean | undefined;
+    /**
+     * Specifies the `boolean` value for the [`Partitioned` `Set-Cookie`](rfc-cutler-httpbis-partitioned-cookies)
+     * attribute. When truthy, the `Partitioned` attribute is set, otherwise it is not. By default, the
+     * `Partitioned` attribute is not set.
+     *
+     * **note** This is an attribute that has not yet been fully standardized, and may change in the future.
+     * This also means many clients may ignore this attribute until they understand it.
+     *
+     * More information about can be found in [the proposal](https://github.com/privacycg/CHIPS)
+     */
+    partitioned?: boolean;
+}
+/**
+ * Additional parsing options
+ */
+interface CookieParseOptions {
+    /**
+     * Specifies a function that will be used to decode a cookie's value. Since
+     * the value of a cookie has a limited character set (and must be a simple
+     * string), this function can be used to decode a previously-encoded cookie
+     * value into a JavaScript string or other object.
+     *
+     * The default function is the global `decodeURIComponent`, which will decode
+     * any URL-encoded sequences into their byte representations.
+     *
+     * *Note* if an error is thrown from this function, the original, non-decoded
+     * cookie value will be returned as the cookie's value.
+     */
+    decode?(value: string): string;
+}
+
+/**
+ * Parse an HTTP Cookie header string and returning an object of all cookie
+ * name-value pairs.
+ *
+ * @param str the string representing a `Cookie` header value
+ * @param [options] object containing parsing options
+ */
+declare function parse(str: string, options?: CookieParseOptions): Record<string, string>;
+/**
+ * Serialize a cookie name-value pair into a `Set-Cookie` header string.
+ *
+ * @param name the name for the cookie
+ * @param value value to set the cookie to
+ * @param [options] object containing serialization options
+ * @throws {TypeError} when `maxAge` options is invalid
+ */
+declare function serialize(name: string, value: string, options?: CookieSerializeOptions): string;
+
+export { type CookieParseOptions, type CookieSerializeOptions, parse, serialize };

package/dist/index.d.ts

@@ -58,6 +58,20 @@ interface CookieSerializeOptions {
      * By default, the path is considered the "default path".
      */
     path?: string | undefined;
+    /**
+     * Specifies the `string` to be the value for the [`Priority` `Set-Cookie` attribute][rfc-west-cookie-priority-00-4.1].
+     *
+     * - `'low'` will set the `Priority` attribute to `Low`.
+     * - `'medium'` will set the `Priority` attribute to `Medium`, the default priority when not set.
+     * - `'high'` will set the `Priority` attribute to `High`.
+     *
+     * More information about the different priority levels can be found in
+     * [the specification][rfc-west-cookie-priority-00-4.1].
+     *
+     * **note** This is an attribute that has not yet been fully standardized, and may change in the future.
+     * This also means many clients may ignore this attribute until they understand it.
+     */
+    priority?: "low" | "medium" | "high" | undefined;
     /**
      * Specifies the boolean or string to be the value for the {@link https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.7|`SameSite` `Set-Cookie` attribute}.
      *
@@ -75,7 +89,7 @@ interface CookieSerializeOptions {
      *
      * *note* This is an attribute that has not yet been fully standardized, and may change in the future. This also means many clients may ignore this attribute until they understand it.
      */
-    sameSite?: true | false | 'lax' | 'strict' | 'none' | undefined;
+    sameSite?: true | false | "lax" | "strict" | "none" | undefined;
     /**
      * Specifies the boolean value for the {@link https://tools.ietf.org/html/rfc6265#section-5.2.5|`Secure` `Set-Cookie` attribute}. When truthy, the
      * `Secure` attribute is set, otherwise it is not. By default, the `Secure` attribute is not set.
@@ -85,10 +99,21 @@ interface CookieSerializeOptions {
      * not have an HTTPS connection.
      */
     secure?: boolean | undefined;
+    /**
+     * Specifies the `boolean` value for the [`Partitioned` `Set-Cookie`](rfc-cutler-httpbis-partitioned-cookies)
+     * attribute. When truthy, the `Partitioned` attribute is set, otherwise it is not. By default, the
+     * `Partitioned` attribute is not set.
+     *
+     * **note** This is an attribute that has not yet been fully standardized, and may change in the future.
+     * This also means many clients may ignore this attribute until they understand it.
+     *
+     * More information about can be found in [the proposal](https://github.com/privacycg/CHIPS)
+     */
+    partitioned?: boolean;
 }
 /**
-* Additional parsing options
-*/
+ * Additional parsing options
+ */
 interface CookieParseOptions {
     /**
      * Specifies a function that will be used to decode a cookie's value. Since
@@ -106,21 +131,21 @@ interface CookieParseOptions {
 }
 
 /**
-* Parse an HTTP Cookie header string and returning an object of all cookie
-* name-value pairs.
-*
-* @param str the string representing a `Cookie` header value
-* @param [options] object containing parsing options
-*/
-declare function parse(str: string, options?: CookieParseOptions): {};
+ * Parse an HTTP Cookie header string and returning an object of all cookie
+ * name-value pairs.
+ *
+ * @param str the string representing a `Cookie` header value
+ * @param [options] object containing parsing options
+ */
+declare function parse(str: string, options?: CookieParseOptions): Record<string, string>;
 /**
-* Serialize a cookie name-value pair into a `Set-Cookie` header string.
-*
-* @param name the name for the cookie
-* @param value value to set the cookie to
-* @param [options] object containing serialization options
-* @throws {TypeError} when `maxAge` options is invalid
-*/
+ * Serialize a cookie name-value pair into a `Set-Cookie` header string.
+ *
+ * @param name the name for the cookie
+ * @param value value to set the cookie to
+ * @param [options] object containing serialization options
+ * @throws {TypeError} when `maxAge` options is invalid
+ */
 declare function serialize(name: string, value: string, options?: CookieSerializeOptions): string;
 
-export { CookieParseOptions, CookieSerializeOptions, parse, serialize };
+export { type CookieParseOptions, type CookieSerializeOptions, parse, serialize };

package/dist/index.mjs

@@ -1,49 +1,53 @@
-const decode = decodeURIComponent;
-const encode = encodeURIComponent;
-const pairSplitRegExp = /; */;
-const fieldContentRegExp = /^[\u0009\u0020-\u007e\u0080-\u00ff]+$/;
+const fieldContentRegExp = /^[\u0009\u0020-\u007E\u0080-\u00FF]+$/;
 function parse(str, options) {
   if (typeof str !== "string") {
     throw new TypeError("argument str must be a string");
   }
-  let obj = {};
-  let opt = options || {};
-  let pairs = str.split(pairSplitRegExp);
-  let dec = opt.decode || decode;
-  for (let i = 0; i < pairs.length; i++) {
-    let pair = pairs[i];
-    let eq_idx = pair.indexOf("=");
-    if (eq_idx < 0) {
-      continue;
+  const obj = {};
+  const opt = options || {};
+  const dec = opt.decode || decode;
+  let index = 0;
+  while (index < str.length) {
+    const eqIdx = str.indexOf("=", index);
+    if (eqIdx === -1) {
+      break;
     }
-    let key = pair.substr(0, eq_idx).trim();
-    let val = pair.substr(++eq_idx, pair.length).trim();
-    if (val[0] == '"') {
-      val = val.slice(1, -1);
+    let endIdx = str.indexOf(";", index);
+    if (endIdx === -1) {
+      endIdx = str.length;
+    } else if (endIdx < eqIdx) {
+      index = str.lastIndexOf(";", eqIdx - 1) + 1;
+      continue;
     }
-    if (obj[key] == void 0) {
+    const key = str.slice(index, eqIdx).trim();
+    if (void 0 === obj[key]) {
+      let val = str.slice(eqIdx + 1, endIdx).trim();
+      if (val.codePointAt(0) === 34) {
+        val = val.slice(1, -1);
+      }
       obj[key] = tryDecode(val, dec);
     }
+    index = endIdx + 1;
   }
   return obj;
 }
 function serialize(name, value, options) {
-  let opt = options || {};
-  let enc = opt.encode || encode;
+  const opt = options || {};
+  const enc = opt.encode || encode;
   if (typeof enc !== "function") {
     throw new TypeError("option encode is invalid");
   }
   if (!fieldContentRegExp.test(name)) {
     throw new TypeError("argument name is invalid");
   }
-  let encodedValue = enc(value);
+  const encodedValue = enc(value);
   if (encodedValue && !fieldContentRegExp.test(encodedValue)) {
     throw new TypeError("argument val is invalid");
   }
   let str = name + "=" + encodedValue;
-  if (opt.maxAge != null) {
-    let maxAge = opt.maxAge - 0;
-    if (isNaN(maxAge) || !isFinite(maxAge)) {
+  if (void 0 !== opt.maxAge && opt.maxAge !== null) {
+    const maxAge = opt.maxAge - 0;
+    if (Number.isNaN(maxAge) || !Number.isFinite(maxAge)) {
       throw new TypeError("option maxAge is invalid");
     }
     str += "; Max-Age=" + Math.floor(maxAge);
@@ -61,7 +65,7 @@ function serialize(name, value, options) {
     str += "; Path=" + opt.path;
   }
   if (opt.expires) {
-    if (typeof opt.expires.toUTCString !== "function") {
+    if (!isDate(opt.expires) || Number.isNaN(opt.expires.valueOf())) {
       throw new TypeError("option expires is invalid");
     }
     str += "; Expires=" + opt.expires.toUTCString();
@@ -72,33 +76,70 @@ function serialize(name, value, options) {
   if (opt.secure) {
     str += "; Secure";
   }
+  if (opt.priority) {
+    const priority = typeof opt.priority === "string" ? opt.priority.toLowerCase() : opt.priority;
+    switch (priority) {
+      case "low": {
+        str += "; Priority=Low";
+        break;
+      }
+      case "medium": {
+        str += "; Priority=Medium";
+        break;
+      }
+      case "high": {
+        str += "; Priority=High";
+        break;
+      }
+      default: {
+        throw new TypeError("option priority is invalid");
+      }
+    }
+  }
   if (opt.sameSite) {
-    let sameSite = typeof opt.sameSite === "string" ? opt.sameSite.toLowerCase() : opt.sameSite;
+    const sameSite = typeof opt.sameSite === "string" ? opt.sameSite.toLowerCase() : opt.sameSite;
     switch (sameSite) {
-      case true:
+      case true: {
         str += "; SameSite=Strict";
         break;
-      case "lax":
+      }
+      case "lax": {
         str += "; SameSite=Lax";
         break;
-      case "strict":
+      }
+      case "strict": {
         str += "; SameSite=Strict";
         break;
-      case "none":
+      }
+      case "none": {
         str += "; SameSite=None";
         break;
-      default:
+      }
+      default: {
         throw new TypeError("option sameSite is invalid");
+      }
     }
   }
+  if (opt.partitioned) {
+    str += "; Partitioned";
+  }
   return str;
 }
+function isDate(val) {
+  return Object.prototype.toString.call(val) === "[object Date]" || val instanceof Date;
+}
 function tryDecode(str, decode2) {
   try {
     return decode2(str);
-  } catch (e) {
+  } catch {
     return str;
   }
 }
+function decode(str) {
+  return str.includes("%") ? decodeURIComponent(str) : str;
+}
+function encode(val) {
+  return encodeURIComponent(val);
+}
 
 export { parse, serialize };

package/package.json

@@ -1,13 +1,16 @@
 {
   "name": "cookie-es",
-  "version": "0.5.0",
+  "version": "1.1.0",
   "repository": "unjs/cookie-es",
   "license": "MIT",
   "sideEffects": false,
   "type": "module",
   "exports": {
-    "require": "./dist/index.cjs",
-    "import": "./dist/index.mjs"
+    ".": {
+      "types": "./dist/index.d.ts",
+      "require": "./dist/index.cjs",
+      "import": "./dist/index.mjs"
+    }
   },
   "main": "./dist/index.cjs",
   "module": "./dist/index.mjs",
@@ -17,11 +20,22 @@
   ],
   "scripts": {
     "build": "unbuild",
-    "release": "yarn build && standard-version && git push --follow-tags && npm publish",
-    "test": "node test/index.mjs"
+    "dev": "vitest",
+    "lint": "eslint --cache --ext .ts,.js,.mjs,.cjs . && prettier -c src test",
+    "lint:fix": "automd && eslint --cache --ext .ts,.js,.mjs,.cjs . --fix && prettier -c src test -w",
+    "release": "pnpm test && pnpm build && changelogen --release --push && npm publish",
+    "test": "pnpm lint && vitest run --coverage"
   },
   "devDependencies": {
-    "standard-version": "latest",
-    "unbuild": "latest"
-  }
-}
+    "@vitest/coverage-v8": "^1.4.0",
+    "automd": "^0.3.7",
+    "changelogen": "^0.5.5",
+    "eslint": "^8.57.0",
+    "eslint-config-unjs": "^0.2.1",
+    "prettier": "^3.2.5",
+    "typescript": "^5.4.3",
+    "unbuild": "^2.0.0",
+    "vitest": "^1.4.0"
+  },
+  "packageManager": "pnpm@8.15.5"
+}