cookie-es 3.0.0 → 3.1.0

package/README.md

@@ -21,8 +21,6 @@ npx nypm install cookie-es
 
 ## Import
 
-**ESM** (Node.js, Bun, Deno)
-
 ```js
 import {
   parseCookie,
@@ -33,18 +31,6 @@ import {
 } from "cookie-es";
 ```
 
-**CDN** (Deno, Bun and Browsers)
-
-```js
-import {
-  parseCookie,
-  parseSetCookie,
-  serializeCookie,
-  stringifyCookie,
-  splitSetCookieString,
-} from "https://esm.sh/cookie-es";
-```
-
 ## API
 
 ### `parseCookie(str, options?)`
@@ -106,6 +92,8 @@ serializeCookie({
 // "foo=bar; Domain=example.com; Path=/; SameSite=Lax"
 ```
 
+Non-string values are coerced to strings (`null` and `undefined` become empty string).
+
 Supported attributes: `maxAge`, `expires`, `domain`, `path`, `httpOnly`, `secure`, `sameSite`, `priority`, `partitioned`. Use `encode` option for custom value encoding (default: `encodeURIComponent`).
 
 > [!NOTE]

package/dist/index.d.mts

@@ -1,4 +1,3 @@
-//#region src/cookie/types.d.ts
 /**
  * Parse options.
  */
@@ -45,6 +44,12 @@ interface CookieStringifyOptions {
    * @default encodeURIComponent
    */
   encode?: (str: string) => string;
+  /**
+   * Specifies a function that will be used to coerce non-string values to a string.
+   *
+   * @default JSON.stringify
+   */
+  stringify?: (value: unknown) => string;
 }
 /**
  * Set-Cookie object.
@@ -130,37 +135,46 @@ interface SetCookie {
  * Backward compatibility serialize options.
  */
 type CookieSerializeOptions = CookieStringifyOptions & Omit<SetCookie, "name" | "value">;
-//#endregion
-//#region src/cookie/parse.d.ts
 /**
- * Parse a `Cookie` header.
+ * Parse a `Cookie` header string into an object.
  *
- * Parse the given cookie header string into an object
- * The object has the various cookies as keys(names) => values
+ * The object has cookie names as keys and decoded values as values.
+ * First occurrence wins for duplicate names unless `allowMultiple` is set.
+ *
+ * @param str - The `Cookie` header string to parse.
+ * @param options - Parsing options (`decode`, `filter`, `allowMultiple`).
+ * @returns A prototype-less object of cookie name-value pairs.
  */
 declare function parse(str: string, options: CookieParseOptions & {
   allowMultiple: true;
 }): MultiCookies;
 declare function parse(str: string, options?: CookieParseOptions): Cookies;
-//#endregion
-//#region src/cookie/serialize.d.ts
 /**
- * Stringifies an object into an HTTP `Cookie` header.
+ * Stringify a cookies object into an HTTP `Cookie` header string.
+ *
+ * @param cookie - An object of cookie name-value pairs.
+ * @param options - Stringify options (`encode`).
+ * @returns A `Cookie` header string (e.g. `"foo=bar; baz=qux"`).
  */
 declare function stringifyCookie(cookie: Cookies, options?: CookieStringifyOptions): string;
 /**
- * Serialize data into a cookie header.
+ * Serialize a cookie into a `Set-Cookie` header string.
  *
- * Serialize a name value pair into a cookie string suitable for
- * http headers. An optional options object specifies cookie parameters.
+ * Accepts either a name-value pair with options or a `SetCookie` object.
+ * Non-string values are coerced to strings. Validates name, value, domain,
+ * and path against RFC 6265bis.
  *
- * serialize('foo', 'bar', { httpOnly: true })
- *   => "foo=bar; httpOnly"
+ * @example
+ * ```js
+ * serialize("foo", "bar", { httpOnly: true });
+ * // => "foo=bar; HttpOnly"
+ *
+ * serialize({ name: "foo", value: "bar", secure: true });
+ * // => "foo=bar; Secure"
+ * ```
  */
 declare function serialize(cookie: SetCookie, options?: CookieStringifyOptions): string;
-declare function serialize(name: string, val: string, options?: CookieSerializeOptions): string;
-//#endregion
-//#region src/set-cookie/types.d.ts
+declare function serialize(name: string, val: unknown, options?: CookieSerializeOptions): string;
 interface SetCookieParseOptions {
   /**
    * Custom decode function to use on cookie values.
@@ -225,20 +239,27 @@ interface SetCookie$1 {
   priority?: "low" | "medium" | "high" | undefined;
   [key: string]: unknown;
 }
-//#endregion
-//#region src/set-cookie/parse.d.ts
 /**
- * Parse a [Set-Cookie](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie) header string into an object.
+ * Parse a [`Set-Cookie`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie) header string into an object.
+ *
+ * Returns `undefined` for cookies with forbidden names (prototype pollution protection)
+ * or when both name and value are empty (RFC 6265bis sec 5.7).
+ *
+ * @param str - The `Set-Cookie` header string to parse.
+ * @param options - Parsing options (`decode`).
+ * @returns A `SetCookie` object with all parsed attributes, or `undefined`.
  */
 declare function parseSetCookie(str: string, options?: SetCookieParseOptions): SetCookie$1 | undefined;
-//#endregion
-//#region src/set-cookie/split.d.ts
 /**
- * Set-Cookie header field-values are sometimes comma joined in one string. This splits them without choking on commas
- * that are within a single set-cookie field-value, such as in the Expires portion.
+ * Split comma-joined `Set-Cookie` header strings into individual cookie strings.
+ *
+ * Correctly handles commas within cookie attributes like `Expires` dates
+ * by checking for `=` after a comma to determine if it's a cookie separator.
+ *
+ * @param cookiesString - A comma-joined `Set-Cookie` string or array of strings.
+ * @returns An array of individual `Set-Cookie` strings.
  *
- * See https://tools.ietf.org/html/rfc2616#section-4.2
+ * @see https://tools.ietf.org/html/rfc2616#section-4.2
  */
 declare function splitSetCookieString(cookiesString: string | string[]): string[];
-//#endregion
 export { type CookieParseOptions, type CookieSerializeOptions, type CookieStringifyOptions, type Cookies, type MultiCookies, type SetCookie, type SetCookieParseOptions, parse, parse as parseCookie, parseSetCookie, serialize, serialize as serializeCookie, splitSetCookieString, stringifyCookie };

package/dist/index.mjs

@@ -1,25 +1,12 @@
-//#region src/_utils.ts
-/**
-* RFC 6265bis cookie-age-limit: 400 days in seconds.
-*/
 const COOKIE_MAX_AGE_LIMIT = 400 * 24 * 60 * 60;
-/**
-* Find the `;` character between `min` and `len` in str.
-*/
 function endIndex(str, min, len) {
 	const index = str.indexOf(";", min);
 	return index === -1 ? len : index;
 }
-/**
-* Find the `=` character between `min` and `max` in str.
-*/
 function eqIndex(str, min, max) {
 	const index = str.indexOf("=", min);
 	return index < max ? index : -1;
 }
-/**
-* Slice out a value between start to max.
-*/
 function valueSlice(str, min, max) {
 	if (min === max) return "";
 	let start = min;
@@ -35,8 +22,6 @@ function valueSlice(str, min, max) {
 	}
 	return str.slice(start, end);
 }
-//#endregion
-//#region src/cookie/parse.ts
 const NullObject = /* @__PURE__ */ (() => {
 	const C = function() {};
 	C.prototype = Object.create(null);
@@ -73,9 +58,6 @@ function parse(str, options) {
 	} while (index < len);
 	return obj;
 }
-/**
-* URL-decode string value. Optimized to skip native call when no %.
-*/
 function decode(str) {
 	if (!str.includes("%")) return str;
 	try {
@@ -84,72 +66,11 @@ function decode(str) {
 		return str;
 	}
 }
-//#endregion
-//#region src/cookie/serialize.ts
-/**
-* RegExp to match cookie-name in RFC 6265bis sec 4.1.1
-* This refers out to the obsoleted definition of token in RFC 2616 sec 2.2
-* which has been replaced by the token definition in RFC 7230 appendix B.
-*
-* cookie-name       = token
-* token             = 1*tchar
-* tchar             = "!" / "#" / "$" / "%" / "&" / "'" /
-*                     "*" / "+" / "-" / "." / "^" / "_" /
-*                     "`" / "|" / "~" / DIGIT / ALPHA
-*
-* Note: Allowing more characters - https://github.com/jshttp/cookie/issues/191
-* Allow same range as cookie value, except `=`, which delimits end of name.
-*/
 const cookieNameRegExp = /^[\u0021-\u003A\u003C\u003E-\u007E]+$/;
-/**
-* RegExp to match cookie-value in RFC 6265bis sec 4.1.1
-*
-* cookie-value      = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE )
-* cookie-octet      = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
-*                     ; US-ASCII characters excluding CTLs,
-*                     ; whitespace DQUOTE, comma, semicolon,
-*                     ; and backslash
-*
-* Allowing more characters: https://github.com/jshttp/cookie/issues/191
-* Comma, backslash, and DQUOTE are not part of the parsing algorithm.
-*/
 const cookieValueRegExp = /^[\u0021-\u003A\u003C-\u007E]*$/;
-/**
-* RegExp to match domain-value in RFC 6265bis sec 4.1.1
-*
-* domain-value      = <subdomain>
-*                     ; defined in [RFC1034], Section 3.5, as
-*                     ; enhanced by [RFC1123], Section 2.1
-* <subdomain>       = <label> | <subdomain> "." <label>
-* <label>           = <let-dig> [ [ <ldh-str> ] <let-dig> ]
-*                     Labels must be 63 characters or less.
-*                     'let-dig' not 'letter' in the first char, per RFC1123
-* <ldh-str>         = <let-dig-hyp> | <let-dig-hyp> <ldh-str>
-* <let-dig-hyp>     = <let-dig> | "-"
-* <let-dig>         = <letter> | <digit>
-* <letter>          = any one of the 52 alphabetic characters A through Z in
-*                     upper case and a through z in lower case
-* <digit>           = any one of the ten digits 0 through 9
-*
-* Keep support for leading dot: https://github.com/jshttp/cookie/issues/173
-*
-* > (Note that a leading %x2E ("."), if present, is ignored even though that
-* character is not permitted, but a trailing %x2E ("."), if present, will
-* cause the user agent to ignore the attribute.)
-*/
 const domainValueRegExp = /^([.]?[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?)([.][a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?)*$/i;
-/**
-* RegExp to match path-value in RFC 6265bis sec 4.1.1
-*
-* path-value        = <any CHAR except CTLs or ";">
-* CHAR              = %x01-7F
-*                     ; defined in RFC 5234 appendix B.1
-*/
 const pathValueRegExp = /^[\u0020-\u003A\u003C-\u007E]*$/;
 const __toString = Object.prototype.toString;
-/**
-* Stringifies an object into an HTTP `Cookie` header.
-*/
 function stringifyCookie(cookie, options) {
 	const enc = options?.encode || encodeURIComponent;
 	const keys = Object.keys(cookie);
@@ -165,13 +86,16 @@ function stringifyCookie(cookie, options) {
 	}
 	return str;
 }
-function serialize(_name, _val, _opts) {
-	const cookie = typeof _name === "object" ? _name : {
-		..._opts,
-		name: _name,
-		value: String(_val)
+function serialize(_a0, _a1, _a2) {
+	const isObj = typeof _a0 === "object" && _a0 !== null;
+	const options = isObj ? _a1 : _a2;
+	const stringify = options?.stringify || JSON.stringify;
+	const cookie = isObj ? _a0 : {
+		..._a2,
+		name: _a0,
+		value: _a1 == void 0 ? "" : typeof _a1 === "string" ? _a1 : stringify(_a1)
 	};
-	const enc = (typeof _val === "object" ? _val : _opts)?.encode || encodeURIComponent;
+	const enc = options?.encode || encodeURIComponent;
 	if (!cookieNameRegExp.test(cookie.name)) throw new TypeError(`argument name is invalid: ${cookie.name}`);
 	const value = cookie.value ? enc(cookie.value) : "";
 	if (!cookieValueRegExp.test(value)) throw new TypeError(`argument val is invalid: ${cookie.value}`);
@@ -234,22 +158,11 @@ function serialize(_name, _val, _opts) {
 	}
 	return str;
 }
-/**
-* Determine if value is a Date.
-*/
 function isDate(val) {
 	return __toString.call(val) === "[object Date]";
 }
-//#endregion
-//#region src/set-cookie/parse.ts
-/**
-* RegExp to match max-age-value in RFC 6265 sec 5.6.2
-*/
 const maxAgeRegExp = /^-?\d+$/;
 const _nullProto = Object.getPrototypeOf({});
-/**
-* Parse a [Set-Cookie](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie) header string into an object.
-*/
 function parseSetCookie(str, options) {
 	const len = str.length;
 	let _endIdx = len;
@@ -354,14 +267,6 @@ function _decode(value, decode) {
 		return value;
 	}
 }
-//#endregion
-//#region src/set-cookie/split.ts
-/**
-* Set-Cookie header field-values are sometimes comma joined in one string. This splits them without choking on commas
-* that are within a single set-cookie field-value, such as in the Expires portion.
-*
-* See https://tools.ietf.org/html/rfc2616#section-4.2
-*/
 function splitSetCookieString(cookiesString) {
 	if (Array.isArray(cookiesString)) return cookiesString.flatMap((c) => splitSetCookieString(c));
 	if (typeof cookiesString !== "string") return [];
@@ -403,5 +308,4 @@ function splitSetCookieString(cookiesString) {
 	}
 	return cookiesStrings;
 }
-//#endregion
 export { parse, parse as parseCookie, parseSetCookie, serialize, serialize as serializeCookie, splitSetCookieString, stringifyCookie };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cookie-es",
-  "version": "3.0.0",
+  "version": "3.1.0",
   "license": "MIT",
   "repository": "unjs/cookie-es",
   "files": [
@@ -27,10 +27,12 @@
     "changelogen": "^0.6.2",
     "cookie": "^1.1.1",
     "eslint-config-unjs": "^0.6.2",
+    "magic-string": "^0.30.21",
     "mitata": "^1.0.34",
     "obuild": "^0.4.32",
     "oxfmt": "^0.41.0",
     "oxlint": "^1.56.0",
+    "rolldown": "1.0.0-rc.11",
     "typescript": "^6.0.2",
     "vitest": "^4.1.1"
   },