Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
@gilbarbara/cookies
Advanced tools
Lightweight cookie client
Install it
npm install @gilbarbara/cookies
Import it:
import { getCookie, setCookie } from '@gilbarbara/cookies';
Create a cookie, valid across the entire site:
setCookie('name', 'value');
Create a cookie that expires 7 days from now, valid across the entire site:
setCookie('name', 'value', { expires: 7 });
Create an expiring cookie, valid to the path of the current page:
setCookie('name', 'value', { expires: 7, path: '' });
Read a cookie:
getCookie('name'); // => 'value'
getCookie('invalid'); // => undefined
Read all available cookies:
getCookies(); // => { name: 'value' }
Note: It is not possible to read a particular cookie by additionally passing specific cookie attributes. A cookie will only be available if it's visible from where the code is called, visibility being controlled by path
and domain
used when setting a cookie.
Delete a cookie:
removeCookie('name');
Delete a cookie valid to the path of the current page:
setCookie('name', 'value', { path: '' });
removeCookie('name'); // fail!
removeCookie('name', { path: '' }); // removed!
IMPORTANT! When deleting a cookie you must pass the exact same path and domain attributes that were used to set the cookie:
removeCookie('name', { path: '', domain: '.yourdomain.com' })
Note: Trying to remove a nonexistent cookie doesn't throw an exception or returns a value.
This project is RFC 6265 compliant. All special characters that are not allowed in the cookie-name or cookie-value are encoded with each one's UTF-8 Hex equivalent using percent-encoding.
The only character in cookie-name or cookie-value that is allowed and still encoded is the percent %
character, it is escaped in order to interpret percent input as literal.
Please note that the default encoding/decoding strategy is meant to be interoperable only between cookies that are read/written by this library. It's possible to override the default encoding/decoding strategy.
Note: According to RFC 6265, your cookies may get deleted if they are too big or there are too many cookies in the same domain, more details here.
Define when the cookie will be removed. It must be a number which will be interpreted as days from time of creation or a Date instance.
Default: 30 days
A string indicating the path where the cookie is supposed to be visible.
Default: /
A string indicating a valid domain where the cookie should be visible. The cookie will also be visible to all subdomains.
Default: Cookie is visible only to the domain or subdomain of the page where the cookie was created.
A boolean indicating if the cookie transmission requires a secure protocol (https).
Default: false
Allowing to control whether the browser is sending a cookie along with cross-site requests.
Default: not set.
All get methods that rely on a proper decoding to work, such as getCookies()
and getCookie()
, will run the given decoder for each cookie. The returned value will be used as the cookie value.
Example from reading one of the cookies that can only be decoded using the escape
function:
import { DEFAULT_CODEC, getCookie, getCookies } from 'typescript-cookie'
document.cookie = 'escaped=%u5317'
document.cookie = 'default=%E5%8C%97'
const read: Decoder<string> = (value, name) => {
if (name === 'escaped') {
return unescape(value)
}
// Fall back to default for all other cookies
return DEFAULT_CODEC.decodeValue(value, name)
}
getCookie('escaped', read) // => '北'
getCookie('default', read) // => '北'
getCookies(read) // => { escaped: '北', default: '北' }
Set a cookie with overriding the default encoding implementation:
import { setCookie } from 'typescript-cookie'
const write: Encoder<string> = (value) => value.toUpperCase()
setCookie('uppercased', 'foo', undefined, write) // => 'uppercased=FOO; path=/'
This is a fork from typescript-cookie package. Thanks! ❤️
MIT
FAQs
A lightweight API for handling cookies in the browser
We found that @gilbarbara/cookies demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.