cookie-es 1.1.0 → 1.2.1

package/LICENSE

@@ -1,24 +1,28 @@
-(The MIT License)
+MIT License
 
+Cookie-es copyright (c) Pooya Parsa <pooya@pi0.io>
+
+Cookie parsing based on https://github.com/jshttp/cookie
 Copyright (c) 2012-2014 Roman Shtylman <shtylman@gmail.com>
 Copyright (c) 2015 Douglas Christopher Wilson <doug@somethingdoug.com>
 
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-'Software'), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
+Set-Cookie parsing based on https://github.com/nfriedly/set-cookie-parser
+Copyright (c) 2015 Nathan Friedly <nathan@nfriedly.com> (http://nfriedly.com/)
 
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
 
-THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
-SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
 
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -1,5 +1,5 @@
 
-# cookie-es
+# 🍪 cookie-es
 
 <!-- automd:badges bundlejs -->
 
@@ -9,7 +9,7 @@
 
 <!-- /automd -->
 
-ESM build of [cookie](https://www.npmjs.com/package/cookie) with bundled types.
+🍪 [`Cookie`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cookie) and [`Set-Cookie`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie) parser and serializer based on [cookie](https://github.com/jshttp/cookiee) and [set-cookie-parser](https://github.com/nfriedly/set-cookie-parser) with dual ESM/CJS exports and bundled types. 🎁
 
 ## Usage
 
@@ -44,19 +44,34 @@ Import:
 **ESM** (Node.js, Bun)
 
 ```js
-import { parse, serialize } from "cookie-es";
+import {
+  parse,
+  serialize,
+  parseSetCookie,
+  splitSetCookieString,
+} from "cookie-es";
 ```
 
 **CommonJS** (Legacy Node.js)
 
 ```js
-const { parse, serialize } = require("cookie-es");
+const {
+  parse,
+  serialize,
+  parseSetCookie,
+  splitSetCookieString,
+} = require("cookie-es");
 ```
 
 **CDN** (Deno, Bun and Browsers)
 
 ```js
-import { parse, serialize } from "https://esm.sh/cookie-es";
+import {
+  parse,
+  serialize,
+  parseSetCookie,
+  splitSetCookieString,
+} from "https://esm.sh/cookie-es";
 ```
 
 <!-- /automd -->

package/dist/index.cjs

@@ -1,6 +1,5 @@
 'use strict';
 
-const fieldContentRegExp = /^[\u0009\u0020-\u007E\u0080-\u00FF]+$/;
 function parse(str, options) {
   if (typeof str !== "string") {
     throw new TypeError("argument str must be a string");
@@ -33,9 +32,21 @@ function parse(str, options) {
   }
   return obj;
 }
+function decode(str) {
+  return str.includes("%") ? decodeURIComponent(str) : str;
+}
+function tryDecode(str, decode2) {
+  try {
+    return decode2(str);
+  } catch {
+    return str;
+  }
+}
+
+const fieldContentRegExp = /^[\u0009\u0020-\u007E\u0080-\u00FF]+$/;
 function serialize(name, value, options) {
   const opt = options || {};
-  const enc = opt.encode || encode;
+  const enc = opt.encode || encodeURIComponent;
   if (typeof enc !== "function") {
     throw new TypeError("option encode is invalid");
   }
@@ -130,19 +141,123 @@ function serialize(name, value, options) {
 function isDate(val) {
   return Object.prototype.toString.call(val) === "[object Date]" || val instanceof Date;
 }
-function tryDecode(str, decode2) {
+
+function parseSetCookie(setCookieValue, options) {
+  const parts = (setCookieValue || "").split(";").filter((str) => typeof str === "string" && !!str.trim());
+  const nameValuePairStr = parts.shift() || "";
+  const parsed = _parseNameValuePair(nameValuePairStr);
+  const name = parsed.name;
+  let value = parsed.value;
   try {
-    return decode2(str);
+    value = options?.decode === false ? value : (options?.decode || decodeURIComponent)(value);
   } catch {
-    return str;
   }
+  const cookie = {
+    name,
+    value
+  };
+  for (const part of parts) {
+    const sides = part.split("=");
+    const partKey = (sides.shift() || "").trimStart().toLowerCase();
+    const partValue = sides.join("=");
+    switch (partKey) {
+      case "expires": {
+        cookie.expires = new Date(partValue);
+        break;
+      }
+      case "max-age": {
+        cookie.maxAge = Number.parseInt(partValue, 10);
+        break;
+      }
+      case "secure": {
+        cookie.secure = true;
+        break;
+      }
+      case "httponly": {
+        cookie.httpOnly = true;
+        break;
+      }
+      case "samesite": {
+        cookie.sameSite = partValue;
+        break;
+      }
+      default: {
+        cookie[partKey] = partValue;
+      }
+    }
+  }
+  return cookie;
 }
-function decode(str) {
-  return str.includes("%") ? decodeURIComponent(str) : str;
+function _parseNameValuePair(nameValuePairStr) {
+  let name = "";
+  let value = "";
+  const nameValueArr = nameValuePairStr.split("=");
+  if (nameValueArr.length > 1) {
+    name = nameValueArr.shift();
+    value = nameValueArr.join("=");
+  } else {
+    value = nameValuePairStr;
+  }
+  return { name, value };
 }
-function encode(val) {
-  return encodeURIComponent(val);
+
+function splitSetCookieString(cookiesString) {
+  if (Array.isArray(cookiesString)) {
+    return cookiesString.flatMap((c) => splitSetCookieString(c));
+  }
+  if (typeof cookiesString !== "string") {
+    return [];
+  }
+  const cookiesStrings = [];
+  let pos = 0;
+  let start;
+  let ch;
+  let lastComma;
+  let nextStart;
+  let cookiesSeparatorFound;
+  const skipWhitespace = () => {
+    while (pos < cookiesString.length && /\s/.test(cookiesString.charAt(pos))) {
+      pos += 1;
+    }
+    return pos < cookiesString.length;
+  };
+  const notSpecialChar = () => {
+    ch = cookiesString.charAt(pos);
+    return ch !== "=" && ch !== ";" && ch !== ",";
+  };
+  while (pos < cookiesString.length) {
+    start = pos;
+    cookiesSeparatorFound = false;
+    while (skipWhitespace()) {
+      ch = cookiesString.charAt(pos);
+      if (ch === ",") {
+        lastComma = pos;
+        pos += 1;
+        skipWhitespace();
+        nextStart = pos;
+        while (pos < cookiesString.length && notSpecialChar()) {
+          pos += 1;
+        }
+        if (pos < cookiesString.length && cookiesString.charAt(pos) === "=") {
+          cookiesSeparatorFound = true;
+          pos = nextStart;
+          cookiesStrings.push(cookiesString.slice(start, lastComma));
+          start = pos;
+        } else {
+          pos = lastComma + 1;
+        }
+      } else {
+        pos += 1;
+      }
+    }
+    if (!cookiesSeparatorFound || pos >= cookiesString.length) {
+      cookiesStrings.push(cookiesString.slice(start, cookiesString.length));
+    }
+  }
+  return cookiesStrings;
 }
 
 exports.parse = parse;
+exports.parseSetCookie = parseSetCookie;
 exports.serialize = serialize;
+exports.splitSetCookieString = splitSetCookieString;

package/dist/index.d.cts

@@ -100,14 +100,14 @@ interface CookieSerializeOptions {
      */
     secure?: boolean | undefined;
     /**
-     * Specifies the `boolean` value for the [`Partitioned` `Set-Cookie`](rfc-cutler-httpbis-partitioned-cookies)
+     * Specifies the `boolean` value for the [`Partitioned` `Set-Cookie`](https://datatracker.ietf.org/doc/html/draft-cutler-httpbis-partitioned-cookies#section-2.1)
      * attribute. When truthy, the `Partitioned` attribute is set, otherwise it is not. By default, the
      * `Partitioned` attribute is not set.
      *
      * **note** This is an attribute that has not yet been fully standardized, and may change in the future.
      * This also means many clients may ignore this attribute until they understand it.
      *
-     * More information about can be found in [the proposal](https://github.com/privacycg/CHIPS)
+     * More information can be found in the [proposal](https://github.com/privacycg/CHIPS).
      */
     partitioned?: boolean;
 }
@@ -128,6 +128,10 @@ interface CookieParseOptions {
      * cookie value will be returned as the cookie's value.
      */
     decode?(value: string): string;
+    /**
+     * Custom function to filter parsing specific keys.
+     */
+    filter?(key: string): boolean;
 }
 
 /**
@@ -138,6 +142,7 @@ interface CookieParseOptions {
  * @param [options] object containing parsing options
  */
 declare function parse(str: string, options?: CookieParseOptions): Record<string, string>;
+
 /**
  * Serialize a cookie name-value pair into a `Set-Cookie` header string.
  *
@@ -148,4 +153,70 @@ declare function parse(str: string, options?: CookieParseOptions): Record<string
  */
 declare function serialize(name: string, value: string, options?: CookieSerializeOptions): string;
 
-export { type CookieParseOptions, type CookieSerializeOptions, parse, serialize };
+interface SetCookieParseOptions {
+    /**
+     * Custom decode function to use on cookie values.
+     *
+     * By default, `decodeURIComponent` is used.
+     *
+     * **Note:** If decoding fails, the original (undecoded) value will be used
+     */
+    decode?: false | ((value: string) => string);
+}
+interface SetCookie {
+    /**
+     * Cookie name
+     */
+    name: string;
+    /**
+     * Cookie value
+     */
+    value: string;
+    /**
+     * Cookie path
+     */
+    path?: string | undefined;
+    /**
+     * Absolute expiration date for the cookie
+     */
+    expires?: Date | undefined;
+    /**
+     * Relative max age of the cookie in seconds from when the client receives it (integer or undefined)
+     *
+     * Note: when using with express's res.cookie() method, multiply maxAge by 1000 to convert to milliseconds
+     */
+    maxAge?: number | undefined;
+    /**
+     * Domain for the cookie,
+     * May begin with "." to indicate the named domain or any subdomain of it
+     */
+    domain?: string | undefined;
+    /**
+     * Indicates that this cookie should only be sent over HTTPs
+     */
+    secure?: boolean | undefined;
+    /**
+     * Indicates that this cookie should not be accessible to client-side JavaScript
+     */
+    httpOnly?: boolean | undefined;
+    /**
+     * Indicates a cookie ought not to be sent along with cross-site requests
+     */
+    sameSite?: true | false | "lax" | "strict" | "none" | undefined;
+    [key: string]: unknown;
+}
+
+/**
+ * Parse a [Set-Cookie](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie) header string into an object.
+ */
+declare function parseSetCookie(setCookieValue: string, options?: SetCookieParseOptions): SetCookie;
+
+/**
+ * Set-Cookie header field-values are sometimes comma joined in one string. This splits them without choking on commas
+ * that are within a single set-cookie field-value, such as in the Expires portion.
+ *
+ * See https://tools.ietf.org/html/rfc2616#section-4.2
+ */
+declare function splitSetCookieString(cookiesString: string | string[]): string[];
+
+export { type CookieParseOptions, type CookieSerializeOptions, type SetCookie, type SetCookieParseOptions, parse, parseSetCookie, serialize, splitSetCookieString };

package/dist/index.d.mts

@@ -100,14 +100,14 @@ interface CookieSerializeOptions {
      */
     secure?: boolean | undefined;
     /**
-     * Specifies the `boolean` value for the [`Partitioned` `Set-Cookie`](rfc-cutler-httpbis-partitioned-cookies)
+     * Specifies the `boolean` value for the [`Partitioned` `Set-Cookie`](https://datatracker.ietf.org/doc/html/draft-cutler-httpbis-partitioned-cookies#section-2.1)
      * attribute. When truthy, the `Partitioned` attribute is set, otherwise it is not. By default, the
      * `Partitioned` attribute is not set.
      *
      * **note** This is an attribute that has not yet been fully standardized, and may change in the future.
      * This also means many clients may ignore this attribute until they understand it.
      *
-     * More information about can be found in [the proposal](https://github.com/privacycg/CHIPS)
+     * More information can be found in the [proposal](https://github.com/privacycg/CHIPS).
      */
     partitioned?: boolean;
 }
@@ -128,6 +128,10 @@ interface CookieParseOptions {
      * cookie value will be returned as the cookie's value.
      */
     decode?(value: string): string;
+    /**
+     * Custom function to filter parsing specific keys.
+     */
+    filter?(key: string): boolean;
 }
 
 /**
@@ -138,6 +142,7 @@ interface CookieParseOptions {
  * @param [options] object containing parsing options
  */
 declare function parse(str: string, options?: CookieParseOptions): Record<string, string>;
+
 /**
  * Serialize a cookie name-value pair into a `Set-Cookie` header string.
  *
@@ -148,4 +153,70 @@ declare function parse(str: string, options?: CookieParseOptions): Record<string
  */
 declare function serialize(name: string, value: string, options?: CookieSerializeOptions): string;
 
-export { type CookieParseOptions, type CookieSerializeOptions, parse, serialize };
+interface SetCookieParseOptions {
+    /**
+     * Custom decode function to use on cookie values.
+     *
+     * By default, `decodeURIComponent` is used.
+     *
+     * **Note:** If decoding fails, the original (undecoded) value will be used
+     */
+    decode?: false | ((value: string) => string);
+}
+interface SetCookie {
+    /**
+     * Cookie name
+     */
+    name: string;
+    /**
+     * Cookie value
+     */
+    value: string;
+    /**
+     * Cookie path
+     */
+    path?: string | undefined;
+    /**
+     * Absolute expiration date for the cookie
+     */
+    expires?: Date | undefined;
+    /**
+     * Relative max age of the cookie in seconds from when the client receives it (integer or undefined)
+     *
+     * Note: when using with express's res.cookie() method, multiply maxAge by 1000 to convert to milliseconds
+     */
+    maxAge?: number | undefined;
+    /**
+     * Domain for the cookie,
+     * May begin with "." to indicate the named domain or any subdomain of it
+     */
+    domain?: string | undefined;
+    /**
+     * Indicates that this cookie should only be sent over HTTPs
+     */
+    secure?: boolean | undefined;
+    /**
+     * Indicates that this cookie should not be accessible to client-side JavaScript
+     */
+    httpOnly?: boolean | undefined;
+    /**
+     * Indicates a cookie ought not to be sent along with cross-site requests
+     */
+    sameSite?: true | false | "lax" | "strict" | "none" | undefined;
+    [key: string]: unknown;
+}
+
+/**
+ * Parse a [Set-Cookie](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie) header string into an object.
+ */
+declare function parseSetCookie(setCookieValue: string, options?: SetCookieParseOptions): SetCookie;
+
+/**
+ * Set-Cookie header field-values are sometimes comma joined in one string. This splits them without choking on commas
+ * that are within a single set-cookie field-value, such as in the Expires portion.
+ *
+ * See https://tools.ietf.org/html/rfc2616#section-4.2
+ */
+declare function splitSetCookieString(cookiesString: string | string[]): string[];
+
+export { type CookieParseOptions, type CookieSerializeOptions, type SetCookie, type SetCookieParseOptions, parse, parseSetCookie, serialize, splitSetCookieString };

package/dist/index.d.ts

@@ -100,14 +100,14 @@ interface CookieSerializeOptions {
      */
     secure?: boolean | undefined;
     /**
-     * Specifies the `boolean` value for the [`Partitioned` `Set-Cookie`](rfc-cutler-httpbis-partitioned-cookies)
+     * Specifies the `boolean` value for the [`Partitioned` `Set-Cookie`](https://datatracker.ietf.org/doc/html/draft-cutler-httpbis-partitioned-cookies#section-2.1)
      * attribute. When truthy, the `Partitioned` attribute is set, otherwise it is not. By default, the
      * `Partitioned` attribute is not set.
      *
      * **note** This is an attribute that has not yet been fully standardized, and may change in the future.
      * This also means many clients may ignore this attribute until they understand it.
      *
-     * More information about can be found in [the proposal](https://github.com/privacycg/CHIPS)
+     * More information can be found in the [proposal](https://github.com/privacycg/CHIPS).
      */
     partitioned?: boolean;
 }
@@ -128,6 +128,10 @@ interface CookieParseOptions {
      * cookie value will be returned as the cookie's value.
      */
     decode?(value: string): string;
+    /**
+     * Custom function to filter parsing specific keys.
+     */
+    filter?(key: string): boolean;
 }
 
 /**
@@ -138,6 +142,7 @@ interface CookieParseOptions {
  * @param [options] object containing parsing options
  */
 declare function parse(str: string, options?: CookieParseOptions): Record<string, string>;
+
 /**
  * Serialize a cookie name-value pair into a `Set-Cookie` header string.
  *
@@ -148,4 +153,70 @@ declare function parse(str: string, options?: CookieParseOptions): Record<string
  */
 declare function serialize(name: string, value: string, options?: CookieSerializeOptions): string;
 
-export { type CookieParseOptions, type CookieSerializeOptions, parse, serialize };
+interface SetCookieParseOptions {
+    /**
+     * Custom decode function to use on cookie values.
+     *
+     * By default, `decodeURIComponent` is used.
+     *
+     * **Note:** If decoding fails, the original (undecoded) value will be used
+     */
+    decode?: false | ((value: string) => string);
+}
+interface SetCookie {
+    /**
+     * Cookie name
+     */
+    name: string;
+    /**
+     * Cookie value
+     */
+    value: string;
+    /**
+     * Cookie path
+     */
+    path?: string | undefined;
+    /**
+     * Absolute expiration date for the cookie
+     */
+    expires?: Date | undefined;
+    /**
+     * Relative max age of the cookie in seconds from when the client receives it (integer or undefined)
+     *
+     * Note: when using with express's res.cookie() method, multiply maxAge by 1000 to convert to milliseconds
+     */
+    maxAge?: number | undefined;
+    /**
+     * Domain for the cookie,
+     * May begin with "." to indicate the named domain or any subdomain of it
+     */
+    domain?: string | undefined;
+    /**
+     * Indicates that this cookie should only be sent over HTTPs
+     */
+    secure?: boolean | undefined;
+    /**
+     * Indicates that this cookie should not be accessible to client-side JavaScript
+     */
+    httpOnly?: boolean | undefined;
+    /**
+     * Indicates a cookie ought not to be sent along with cross-site requests
+     */
+    sameSite?: true | false | "lax" | "strict" | "none" | undefined;
+    [key: string]: unknown;
+}
+
+/**
+ * Parse a [Set-Cookie](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie) header string into an object.
+ */
+declare function parseSetCookie(setCookieValue: string, options?: SetCookieParseOptions): SetCookie;
+
+/**
+ * Set-Cookie header field-values are sometimes comma joined in one string. This splits them without choking on commas
+ * that are within a single set-cookie field-value, such as in the Expires portion.
+ *
+ * See https://tools.ietf.org/html/rfc2616#section-4.2
+ */
+declare function splitSetCookieString(cookiesString: string | string[]): string[];
+
+export { type CookieParseOptions, type CookieSerializeOptions, type SetCookie, type SetCookieParseOptions, parse, parseSetCookie, serialize, splitSetCookieString };

package/dist/index.mjs

@@ -1,4 +1,3 @@
-const fieldContentRegExp = /^[\u0009\u0020-\u007E\u0080-\u00FF]+$/;
 function parse(str, options) {
   if (typeof str !== "string") {
     throw new TypeError("argument str must be a string");
@@ -31,9 +30,21 @@ function parse(str, options) {
   }
   return obj;
 }
+function decode(str) {
+  return str.includes("%") ? decodeURIComponent(str) : str;
+}
+function tryDecode(str, decode2) {
+  try {
+    return decode2(str);
+  } catch {
+    return str;
+  }
+}
+
+const fieldContentRegExp = /^[\u0009\u0020-\u007E\u0080-\u00FF]+$/;
 function serialize(name, value, options) {
   const opt = options || {};
-  const enc = opt.encode || encode;
+  const enc = opt.encode || encodeURIComponent;
   if (typeof enc !== "function") {
     throw new TypeError("option encode is invalid");
   }
@@ -128,18 +139,120 @@ function serialize(name, value, options) {
 function isDate(val) {
   return Object.prototype.toString.call(val) === "[object Date]" || val instanceof Date;
 }
-function tryDecode(str, decode2) {
+
+function parseSetCookie(setCookieValue, options) {
+  const parts = (setCookieValue || "").split(";").filter((str) => typeof str === "string" && !!str.trim());
+  const nameValuePairStr = parts.shift() || "";
+  const parsed = _parseNameValuePair(nameValuePairStr);
+  const name = parsed.name;
+  let value = parsed.value;
   try {
-    return decode2(str);
+    value = options?.decode === false ? value : (options?.decode || decodeURIComponent)(value);
   } catch {
-    return str;
   }
+  const cookie = {
+    name,
+    value
+  };
+  for (const part of parts) {
+    const sides = part.split("=");
+    const partKey = (sides.shift() || "").trimStart().toLowerCase();
+    const partValue = sides.join("=");
+    switch (partKey) {
+      case "expires": {
+        cookie.expires = new Date(partValue);
+        break;
+      }
+      case "max-age": {
+        cookie.maxAge = Number.parseInt(partValue, 10);
+        break;
+      }
+      case "secure": {
+        cookie.secure = true;
+        break;
+      }
+      case "httponly": {
+        cookie.httpOnly = true;
+        break;
+      }
+      case "samesite": {
+        cookie.sameSite = partValue;
+        break;
+      }
+      default: {
+        cookie[partKey] = partValue;
+      }
+    }
+  }
+  return cookie;
 }
-function decode(str) {
-  return str.includes("%") ? decodeURIComponent(str) : str;
+function _parseNameValuePair(nameValuePairStr) {
+  let name = "";
+  let value = "";
+  const nameValueArr = nameValuePairStr.split("=");
+  if (nameValueArr.length > 1) {
+    name = nameValueArr.shift();
+    value = nameValueArr.join("=");
+  } else {
+    value = nameValuePairStr;
+  }
+  return { name, value };
 }
-function encode(val) {
-  return encodeURIComponent(val);
+
+function splitSetCookieString(cookiesString) {
+  if (Array.isArray(cookiesString)) {
+    return cookiesString.flatMap((c) => splitSetCookieString(c));
+  }
+  if (typeof cookiesString !== "string") {
+    return [];
+  }
+  const cookiesStrings = [];
+  let pos = 0;
+  let start;
+  let ch;
+  let lastComma;
+  let nextStart;
+  let cookiesSeparatorFound;
+  const skipWhitespace = () => {
+    while (pos < cookiesString.length && /\s/.test(cookiesString.charAt(pos))) {
+      pos += 1;
+    }
+    return pos < cookiesString.length;
+  };
+  const notSpecialChar = () => {
+    ch = cookiesString.charAt(pos);
+    return ch !== "=" && ch !== ";" && ch !== ",";
+  };
+  while (pos < cookiesString.length) {
+    start = pos;
+    cookiesSeparatorFound = false;
+    while (skipWhitespace()) {
+      ch = cookiesString.charAt(pos);
+      if (ch === ",") {
+        lastComma = pos;
+        pos += 1;
+        skipWhitespace();
+        nextStart = pos;
+        while (pos < cookiesString.length && notSpecialChar()) {
+          pos += 1;
+        }
+        if (pos < cookiesString.length && cookiesString.charAt(pos) === "=") {
+          cookiesSeparatorFound = true;
+          pos = nextStart;
+          cookiesStrings.push(cookiesString.slice(start, lastComma));
+          start = pos;
+        } else {
+          pos = lastComma + 1;
+        }
+      } else {
+        pos += 1;
+      }
+    }
+    if (!cookiesSeparatorFound || pos >= cookiesString.length) {
+      cookiesStrings.push(cookiesString.slice(start, cookiesString.length));
+    }
+  }
+  return cookiesStrings;
 }
 
-export { parse, serialize };
+export { parse, parseSetCookie, serialize, splitSetCookieString };

package/package.json

@@ -1,41 +1,46 @@
 {
   "name": "cookie-es",
-  "version": "1.1.0",
+  "version": "1.2.1",
   "repository": "unjs/cookie-es",
   "license": "MIT",
   "sideEffects": false,
   "type": "module",
   "exports": {
     ".": {
-      "types": "./dist/index.d.ts",
-      "require": "./dist/index.cjs",
-      "import": "./dist/index.mjs"
+      "import": {
+        "types": "./dist/index.d.mts",
+        "default": "./dist/index.mjs"
+      },
+      "require": {
+        "types": "./dist/index.d.cts",
+        "default": "./dist/index.cjs"
+      }
     }
   },
   "main": "./dist/index.cjs",
   "module": "./dist/index.mjs",
-  "types": "./dist/index.d.ts",
+  "types": "./dist/index.d.cts",
   "files": [
     "dist"
   ],
   "scripts": {
     "build": "unbuild",
-    "dev": "vitest",
-    "lint": "eslint --cache --ext .ts,.js,.mjs,.cjs . && prettier -c src test",
-    "lint:fix": "automd && eslint --cache --ext .ts,.js,.mjs,.cjs . --fix && prettier -c src test -w",
+    "dev": "vitest --coverage",
+    "lint": "eslint --cache . && prettier -c src test",
+    "lint:fix": "automd && eslint --cache . --fix && prettier -c src test -w",
     "release": "pnpm test && pnpm build && changelogen --release --push && npm publish",
     "test": "pnpm lint && vitest run --coverage"
   },
   "devDependencies": {
-    "@vitest/coverage-v8": "^1.4.0",
-    "automd": "^0.3.7",
+    "@vitest/coverage-v8": "^2.0.3",
+    "automd": "^0.3.8",
     "changelogen": "^0.5.5",
-    "eslint": "^8.57.0",
-    "eslint-config-unjs": "^0.2.1",
-    "prettier": "^3.2.5",
-    "typescript": "^5.4.3",
+    "eslint": "^9.7.0",
+    "eslint-config-unjs": "^0.3.2",
+    "prettier": "^3.3.3",
+    "typescript": "^5.5.3",
     "unbuild": "^2.0.0",
-    "vitest": "^1.4.0"
+    "vitest": "^2.0.3"
   },
-  "packageManager": "pnpm@8.15.5"
-}
+  "packageManager": "pnpm@9.5.0"
+}