@tinyhttp/cookie-signature
Advanced tools
@tinyhttp/cookie-signature is a lightweight npm package used for signing and unsigning cookies. It provides a simple API to ensure the integrity of cookies by generating a signature and verifying it.
Sign a Cookie
This feature allows you to sign a cookie value with a secret key. The `sign` method generates a signed version of the cookie value, which can be used to ensure the integrity of the cookie.
const cookieSignature = require('@tinyhttp/cookie-signature');
const value = 'cookieValue';
const secret = 'mySecret';
const signedValue = cookieSignature.sign(value, secret);
console.log(signedValue);Unsign a Cookie
This feature allows you to unsign a signed cookie value using the same secret key. The `unsign` method verifies the signature and returns the original value if the signature is valid, otherwise it returns false.
const cookieSignature = require('@tinyhttp/cookie-signature');
const signedValue = 'cookieValue.signedPart';
const secret = 'mySecret';
const unsignedValue = cookieSignature.unsign(signedValue, secret);
if (unsignedValue) {
console.log('Valid signature:', unsignedValue);
} else {
console.log('Invalid signature');
}The `cookie-signature` package provides similar functionality for signing and unsigning cookie values. It is a lightweight package that ensures the integrity of cookies by generating and verifying signatures. It is widely used in the Express.js ecosystem.
The `cookie-parser` package is a middleware for parsing cookies in Express.js applications. It includes functionality for signing and unsigning cookies, similar to @tinyhttp/cookie-signature, but also provides additional features for parsing and managing cookies in HTTP requests.
The `cookies` package is a general-purpose cookie management library for Node.js. It provides methods for setting, getting, and deleting cookies, as well as signing and unsigning cookie values. It offers a more comprehensive set of features compared to @tinyhttp/cookie-signature.
HTTP cookie signing and unsigning. A rewrite of cookie-signature module.
pnpm i @tinyhttp/cookie-signature
import { sign, unsign } from '@tinyhttp/cookie-signature'
sign(val, secret)Signd the given val with secret.
unsign(val, secret)Unsign and decode the given val with secret, returning false if the signature is invalid.
FAQs
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
The Latio podcast explores how static and runtime reachability help teams prioritize exploitable vulnerabilities and streamline AppSec workflows.
Security News
The latest Opengrep releases add Apex scanning, precision rule tuning, and performance gains for open source static code analysis.
Security News
npm now supports Trusted Publishing with OIDC, enabling secure package publishing directly from CI/CD workflows without relying on long-lived tokens.