npm - cookie-es - Versions diffs - 3.0.1 → 3.1.1 - Mend

cookie-es 3.0.1 → 3.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -21,8 +21,6 @@ npx nypm install cookie-es
 ## Import
-**ESM** (Node.js, Bun, Deno)
 ```js
 import {
   parseCookie,
@@ -33,18 +31,6 @@ import {
 } from "cookie-es";
 ```
-**CDN** (Deno, Bun and Browsers)
-```js
-import {
-  parseCookie,
-  parseSetCookie,
-  serializeCookie,
-  stringifyCookie,
-  splitSetCookieString,
-} from "https://esm.sh/cookie-es";
-```
 ## API
 ### `parseCookie(str, options?)`
@@ -106,6 +92,8 @@ serializeCookie({
 // "foo=bar; Domain=example.com; Path=/; SameSite=Lax"
 ```
+Non-string values are coerced to strings (`null` and `undefined` become empty string).
 Supported attributes: `maxAge`, `expires`, `domain`, `path`, `httpOnly`, `secure`, `sameSite`, `priority`, `partitioned`. Use `encode` option for custom value encoding (default: `encodeURIComponent`).
 > [!NOTE]

package/dist/index.d.mts CHANGED Viewed

@@ -44,6 +44,12 @@ interface CookieStringifyOptions {
    * @default encodeURIComponent
    */
   encode?: (str: string) => string;
+  /**
+   * Specifies a function that will be used to coerce non-string values to a string.
+   *
+   * @default JSON.stringify
+   */
+  stringify?: (value: unknown) => string;
 }
 /**
  * Set-Cookie object.
@@ -130,30 +136,45 @@ interface SetCookie {
  */
 type CookieSerializeOptions = CookieStringifyOptions & Omit<SetCookie, "name" | "value">;
 /**
- * Parse a `Cookie` header.
+ * Parse a `Cookie` header string into an object.
  *
- * Parse the given cookie header string into an object
- * The object has the various cookies as keys(names) => values
+ * The object has cookie names as keys and decoded values as values.
+ * First occurrence wins for duplicate names unless `allowMultiple` is set.
+ *
+ * @param str - The `Cookie` header string to parse.
+ * @param options - Parsing options (`decode`, `filter`, `allowMultiple`).
+ * @returns A prototype-less object of cookie name-value pairs.
  */
 declare function parse(str: string, options: CookieParseOptions & {
   allowMultiple: true;
 }): MultiCookies;
 declare function parse(str: string, options?: CookieParseOptions): Cookies;
 /**
- * Stringifies an object into an HTTP `Cookie` header.
+ * Stringify a cookies object into an HTTP `Cookie` header string.
+ *
+ * @param cookie - An object of cookie name-value pairs.
+ * @param options - Stringify options (`encode`).
+ * @returns A `Cookie` header string (e.g. `"foo=bar; baz=qux"`).
  */
 declare function stringifyCookie(cookie: Cookies, options?: CookieStringifyOptions): string;
 /**
- * Serialize data into a cookie header.
+ * Serialize a cookie into a `Set-Cookie` header string.
  *
- * Serialize a name value pair into a cookie string suitable for
- * http headers. An optional options object specifies cookie parameters.
+ * Accepts either a name-value pair with options or a `SetCookie` object.
+ * Non-string values are coerced to strings. Validates name, value, domain,
+ * and path against RFC 6265bis.
  *
- * serialize('foo', 'bar', { httpOnly: true })
- *   => "foo=bar; httpOnly"
+ * @example
+ * ```js
+ * serialize("foo", "bar", { httpOnly: true });
+ * // => "foo=bar; HttpOnly"
+ *
+ * serialize({ name: "foo", value: "bar", secure: true });
+ * // => "foo=bar; Secure"
+ * ```
  */
 declare function serialize(cookie: SetCookie, options?: CookieStringifyOptions): string;
-declare function serialize(name: string, val: string, options?: CookieSerializeOptions): string;
+declare function serialize(name: string, val: unknown, options?: CookieSerializeOptions): string;
 interface SetCookieParseOptions {
   /**
    * Custom decode function to use on cookie values.
@@ -219,14 +240,26 @@ interface SetCookie$1 {
   [key: string]: unknown;
 }
 /**
- * Parse a [Set-Cookie](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie) header string into an object.
+ * Parse a [`Set-Cookie`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie) header string into an object.
+ *
+ * Returns `undefined` for cookies with forbidden names (prototype pollution protection)
+ * or when both name and value are empty (RFC 6265bis sec 5.7).
+ *
+ * @param str - The `Set-Cookie` header string to parse.
+ * @param options - Parsing options (`decode`).
+ * @returns A `SetCookie` object with all parsed attributes, or `undefined`.
  */
 declare function parseSetCookie(str: string, options?: SetCookieParseOptions): SetCookie$1 | undefined;
 /**
- * Set-Cookie header field-values are sometimes comma joined in one string. This splits them without choking on commas
- * that are within a single set-cookie field-value, such as in the Expires portion.
+ * Split comma-joined `Set-Cookie` header strings into individual cookie strings.
+ *
+ * Correctly handles commas within cookie attributes like `Expires` dates
+ * by checking for `=` after a comma to determine if it's a cookie separator.
+ *
+ * @param cookiesString - A comma-joined `Set-Cookie` string or array of strings.
+ * @returns An array of individual `Set-Cookie` strings.
  *
- * See https://tools.ietf.org/html/rfc2616#section-4.2
+ * @see https://tools.ietf.org/html/rfc2616#section-4.2
  */
 declare function splitSetCookieString(cookiesString: string | string[]): string[];
 export { type CookieParseOptions, type CookieSerializeOptions, type CookieStringifyOptions, type Cookies, type MultiCookies, type SetCookie, type SetCookieParseOptions, parse, parse as parseCookie, parseSetCookie, serialize, serialize as serializeCookie, splitSetCookieString, stringifyCookie };

package/dist/index.mjs CHANGED Viewed

@@ -1,4 +1,4 @@
-const COOKIE_MAX_AGE_LIMIT = 400 * 24 * 60 * 60;
+const COOKIE_MAX_AGE_LIMIT = 3456e4;
 function endIndex(str, min, len) {
 	const index = str.indexOf(";", min);
 	return index === -1 ? len : index;
@@ -86,13 +86,16 @@ function stringifyCookie(cookie, options) {
 	}
 	return str;
 }
-function serialize(_name, _val, _opts) {
-	const cookie = typeof _name === "object" ? _name : {
-		..._opts,
-		name: _name,
-		value: String(_val)
+function serialize(_a0, _a1, _a2) {
+	const isObj = typeof _a0 === "object" && _a0 !== null;
+	const options = isObj ? _a1 : _a2;
+	const stringify = options?.stringify || JSON.stringify;
+	const cookie = isObj ? _a0 : {
+		..._a2,
+		name: _a0,
+		value: _a1 == void 0 ? "" : typeof _a1 === "string" ? _a1 : stringify(_a1)
 	};
-	const enc = (typeof _val === "object" ? _val : _opts)?.encode || encodeURIComponent;
+	const enc = options?.encode || encodeURIComponent;
 	if (!cookieNameRegExp.test(cookie.name)) throw new TypeError(`argument name is invalid: ${cookie.name}`);
 	const value = cookie.value ? enc(cookie.value) : "";
 	if (!cookieValueRegExp.test(value)) throw new TypeError(`argument val is invalid: ${cookie.value}`);
@@ -159,7 +162,7 @@ function isDate(val) {
 	return __toString.call(val) === "[object Date]";
 }
 const maxAgeRegExp = /^-?\d+$/;
-const _nullProto = Object.getPrototypeOf({});
+const _nullProto = /* @__PURE__ */ Object.getPrototypeOf({});
 function parseSetCookie(str, options) {
 	const len = str.length;
 	let _endIdx = len;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "cookie-es",
-  "version": "3.0.1",
+  "version": "3.1.1",
   "license": "MIT",
   "repository": "unjs/cookie-es",
   "files": [