Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
cookie-secure
Advanced tools
This node module for setting cookies securarly
This module sets and get cookie
choose expires or max-age
httponly set true to prevent access from client javascript access
Same-site sting by defualt is strict
other option is lax
secure cookie is only allowed with https
var cookieString =setCookieString(req, res, name, value, expires ,maxAge, httponly=true,https=false, SameSite="Strict");
setCookie(req, res, cookieString, data="", resEnd=true);
var cuCokkie = getCookie(req, res, curCookie);
Below code you will see how set https server as how to use secure cookie.
To get self signed SSL use on loacal host testing pupose use below command
/*
open git bash and type below commond to generate self signed ssl key and certifiacte
openssl genrsa 1024 > key.pem
openssl req -x509 -new -key key.pem > cert.pem
*/
var cookie = require("cookie-secure");
var https = require("https");
var fs = require("fs"); const options={ key : fs.readFileSync(__dirname + "/key.pem"), cert : fs.readFileSync(__dirname + "/cert.pem") }
https.createServer(options, (req, res) => { var curCookie = "testHTTPS"; if(req.url = "/"){ var co =cookie.setCookieString(req, res, curCookie ,"rve", "",606024,false,true); cookie.setCookie(req, res, co, "done",true); }else if(req.url == "/get_cookie"){ cookie.getCookie(req, res, curCookie); }
}).listen(8000);
var http = require("http"); http.createServer(function(req, res){ var curCookie = "testHTTP"; if(req.url = "/"){ var co = cookie.setCookieString(req, res, curCookie,"uemsh", Date(),606024,false, false); cookie.setCookie(req, res, co, "done",true);
}else if(req.url == "/get_cookie"){
cookie.getCookie(req, res, curCookie);
}
}).listen(9000)
FAQs
This module for setting and getting secure cookies from
The npm package cookie-secure receives a total of 8 weekly downloads. As such, cookie-secure popularity was classified as not popular.
We found that cookie-secure demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.