cookie-es 3.0.1 → 3.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +2 -14
  2. package/dist/index.d.mts +47 -14
  3. package/dist/index.mjs +9 -6
  4. package/package.json +1 -1
package/README.md CHANGED
@@ -21,8 +21,6 @@ npx nypm install cookie-es
21
21
 
22
22
  ## Import
23
23
 
24
- **ESM** (Node.js, Bun, Deno)
25
-
26
24
  ```js
27
25
  import {
28
26
  parseCookie,
@@ -33,18 +31,6 @@ import {
33
31
  } from "cookie-es";
34
32
  ```
35
33
 
36
- **CDN** (Deno, Bun and Browsers)
37
-
38
- ```js
39
- import {
40
- parseCookie,
41
- parseSetCookie,
42
- serializeCookie,
43
- stringifyCookie,
44
- splitSetCookieString,
45
- } from "https://esm.sh/cookie-es";
46
- ```
47
-
48
34
  ## API
49
35
 
50
36
  ### `parseCookie(str, options?)`
@@ -106,6 +92,8 @@ serializeCookie({
106
92
  // "foo=bar; Domain=example.com; Path=/; SameSite=Lax"
107
93
  ```
108
94
 
95
+ Non-string values are coerced to strings (`null` and `undefined` become empty string).
96
+
109
97
  Supported attributes: `maxAge`, `expires`, `domain`, `path`, `httpOnly`, `secure`, `sameSite`, `priority`, `partitioned`. Use `encode` option for custom value encoding (default: `encodeURIComponent`).
110
98
 
111
99
  > [!NOTE]
package/dist/index.d.mts CHANGED
@@ -44,6 +44,12 @@ interface CookieStringifyOptions {
44
44
  * @default encodeURIComponent
45
45
  */
46
46
  encode?: (str: string) => string;
47
+ /**
48
+ * Specifies a function that will be used to coerce non-string values to a string.
49
+ *
50
+ * @default JSON.stringify
51
+ */
52
+ stringify?: (value: unknown) => string;
47
53
  }
48
54
  /**
49
55
  * Set-Cookie object.
@@ -130,30 +136,45 @@ interface SetCookie {
130
136
  */
131
137
  type CookieSerializeOptions = CookieStringifyOptions & Omit<SetCookie, "name" | "value">;
132
138
  /**
133
- * Parse a `Cookie` header.
139
+ * Parse a `Cookie` header string into an object.
134
140
  *
135
- * Parse the given cookie header string into an object
136
- * The object has the various cookies as keys(names) => values
141
+ * The object has cookie names as keys and decoded values as values.
142
+ * First occurrence wins for duplicate names unless `allowMultiple` is set.
143
+ *
144
+ * @param str - The `Cookie` header string to parse.
145
+ * @param options - Parsing options (`decode`, `filter`, `allowMultiple`).
146
+ * @returns A prototype-less object of cookie name-value pairs.
137
147
  */
138
148
  declare function parse(str: string, options: CookieParseOptions & {
139
149
  allowMultiple: true;
140
150
  }): MultiCookies;
141
151
  declare function parse(str: string, options?: CookieParseOptions): Cookies;
142
152
  /**
143
- * Stringifies an object into an HTTP `Cookie` header.
153
+ * Stringify a cookies object into an HTTP `Cookie` header string.
154
+ *
155
+ * @param cookie - An object of cookie name-value pairs.
156
+ * @param options - Stringify options (`encode`).
157
+ * @returns A `Cookie` header string (e.g. `"foo=bar; baz=qux"`).
144
158
  */
145
159
  declare function stringifyCookie(cookie: Cookies, options?: CookieStringifyOptions): string;
146
160
  /**
147
- * Serialize data into a cookie header.
161
+ * Serialize a cookie into a `Set-Cookie` header string.
148
162
  *
149
- * Serialize a name value pair into a cookie string suitable for
150
- * http headers. An optional options object specifies cookie parameters.
163
+ * Accepts either a name-value pair with options or a `SetCookie` object.
164
+ * Non-string values are coerced to strings. Validates name, value, domain,
165
+ * and path against RFC 6265bis.
151
166
  *
152
- * serialize('foo', 'bar', { httpOnly: true })
153
- * => "foo=bar; httpOnly"
167
+ * @example
168
+ * ```js
169
+ * serialize("foo", "bar", { httpOnly: true });
170
+ * // => "foo=bar; HttpOnly"
171
+ *
172
+ * serialize({ name: "foo", value: "bar", secure: true });
173
+ * // => "foo=bar; Secure"
174
+ * ```
154
175
  */
155
176
  declare function serialize(cookie: SetCookie, options?: CookieStringifyOptions): string;
156
- declare function serialize(name: string, val: string, options?: CookieSerializeOptions): string;
177
+ declare function serialize(name: string, val: unknown, options?: CookieSerializeOptions): string;
157
178
  interface SetCookieParseOptions {
158
179
  /**
159
180
  * Custom decode function to use on cookie values.
@@ -219,14 +240,26 @@ interface SetCookie$1 {
219
240
  [key: string]: unknown;
220
241
  }
221
242
  /**
222
- * Parse a [Set-Cookie](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie) header string into an object.
243
+ * Parse a [`Set-Cookie`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie) header string into an object.
244
+ *
245
+ * Returns `undefined` for cookies with forbidden names (prototype pollution protection)
246
+ * or when both name and value are empty (RFC 6265bis sec 5.7).
247
+ *
248
+ * @param str - The `Set-Cookie` header string to parse.
249
+ * @param options - Parsing options (`decode`).
250
+ * @returns A `SetCookie` object with all parsed attributes, or `undefined`.
223
251
  */
224
252
  declare function parseSetCookie(str: string, options?: SetCookieParseOptions): SetCookie$1 | undefined;
225
253
  /**
226
- * Set-Cookie header field-values are sometimes comma joined in one string. This splits them without choking on commas
227
- * that are within a single set-cookie field-value, such as in the Expires portion.
254
+ * Split comma-joined `Set-Cookie` header strings into individual cookie strings.
255
+ *
256
+ * Correctly handles commas within cookie attributes like `Expires` dates
257
+ * by checking for `=` after a comma to determine if it's a cookie separator.
258
+ *
259
+ * @param cookiesString - A comma-joined `Set-Cookie` string or array of strings.
260
+ * @returns An array of individual `Set-Cookie` strings.
228
261
  *
229
- * See https://tools.ietf.org/html/rfc2616#section-4.2
262
+ * @see https://tools.ietf.org/html/rfc2616#section-4.2
230
263
  */
231
264
  declare function splitSetCookieString(cookiesString: string | string[]): string[];
232
265
  export { type CookieParseOptions, type CookieSerializeOptions, type CookieStringifyOptions, type Cookies, type MultiCookies, type SetCookie, type SetCookieParseOptions, parse, parse as parseCookie, parseSetCookie, serialize, serialize as serializeCookie, splitSetCookieString, stringifyCookie };
package/dist/index.mjs CHANGED
@@ -86,13 +86,16 @@ function stringifyCookie(cookie, options) {
86
86
  }
87
87
  return str;
88
88
  }
89
- function serialize(_name, _val, _opts) {
90
- const cookie = typeof _name === "object" ? _name : {
91
- ..._opts,
92
- name: _name,
93
- value: String(_val)
89
+ function serialize(_a0, _a1, _a2) {
90
+ const isObj = typeof _a0 === "object" && _a0 !== null;
91
+ const options = isObj ? _a1 : _a2;
92
+ const stringify = options?.stringify || JSON.stringify;
93
+ const cookie = isObj ? _a0 : {
94
+ ..._a2,
95
+ name: _a0,
96
+ value: _a1 == void 0 ? "" : typeof _a1 === "string" ? _a1 : stringify(_a1)
94
97
  };
95
- const enc = (typeof _val === "object" ? _val : _opts)?.encode || encodeURIComponent;
98
+ const enc = options?.encode || encodeURIComponent;
96
99
  if (!cookieNameRegExp.test(cookie.name)) throw new TypeError(`argument name is invalid: ${cookie.name}`);
97
100
  const value = cookie.value ? enc(cookie.value) : "";
98
101
  if (!cookieValueRegExp.test(value)) throw new TypeError(`argument val is invalid: ${cookie.value}`);
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "cookie-es",
3
- "version": "3.0.1",
3
+ "version": "3.1.0",
4
4
  "license": "MIT",
5
5
  "repository": "unjs/cookie-es",
6
6
  "files": [