es-cookie
Advanced tools
Supply Chain Security
Vulnerability
Quality
Maintenance
License
The es-cookie npm package is a simple and lightweight JavaScript library for handling cookies in the browser. It provides an easy-to-use API for setting, getting, and deleting cookies.
Set a Cookie
This feature allows you to set a cookie with a specified name and value. The optional third parameter can be used to set additional cookie attributes such as expiration time, path, domain, and secure flag.
esCookie.set('name', 'value', { expires: 7 });Get a Cookie
This feature allows you to retrieve the value of a cookie by its name. If the cookie does not exist, it returns undefined.
const value = esCookie.get('name');Delete a Cookie
This feature allows you to delete a cookie by its name. You can also specify additional attributes to ensure the correct cookie is removed.
esCookie.remove('name');js-cookie is a popular JavaScript library for handling cookies. It offers a similar API to es-cookie but with more advanced features and better support for various environments. It is widely used and well-documented, making it a reliable choice for managing cookies.
cookie_js is another library for managing cookies in the browser. It provides a straightforward API for setting, getting, and deleting cookies. While it is less popular than js-cookie, it is still a viable alternative to es-cookie with similar functionalities.
tiny-cookie is a lightweight library for handling cookies. It offers a minimalistic API for basic cookie operations. It is smaller in size compared to js-cookie and es-cookie, making it a good choice for projects where bundle size is a concern.
A simple, lightweight module for handling cookies
npm install es-cookie
Import entire module:
import * as Cookies from 'es-cookie';
Cookies.set('name', 'value');
Cookies.get('name'); // => 'value'
Alternatively, just import the functions you need:
import {set as setCookie, get as getCookie} from 'es-cookie';
setCookie('name', 'value');
getCookie('name'); // => 'value'
Create a cookie that expires 7 days from now, valid across the entire site:
Cookies.set('name', 'value', { expires: 7 });
Creates a new cookie. The first parameter is for the name, and the second for the value. The third parameter is optional and allows you to modify attributes for the new cookie (see the Attributes section below).
// Create an expiring cookie, valid to the path of the current page:
Cookies.set('name', 'value', { expires: 7, path: '' });
Returns a single cookie with the specified name, or undefined if the cookie doesn't exist.
Cookies.get('name'); // => 'value'
Cookies.get('nothing'); // => undefined
Returns an object containing all visible cookies.
Cookies.getAll(); // => { name: 'value' }
Deletes a single cookie by name.
Cookies.remove('name');
IMPORTANT! When removing a cookie, you must pass the exact same path and domain attributes that were used to set the cookie, unless you're using the default attributes.
Cookies.set('name', 'value', { path: '' });
Cookies.remove('name'); // fail!
Cookies.remove('name', { path: '' }); // removed!
Note: Removing a nonexistent cookie does not raise an exception or return a value.
Parses a cookie string (e.g. document.cookie) and returns the names/values as an object.
Cookies.parse('c=v; name=value'); // => {c: 'v', name: 'value'}
Takes a name, value, and attributes object and returns an encoded string which can be used to create a new cookie.
Cookies.encode('c', 'v', {secure: true}); // => 'c=v; Secure'
Define when the cookie will be removed. Value can be a number which
will be interpreted as days from time of creation or a Date instance.
If omitted, the cookie becomes a session cookie.
To create a cookie that expires in less than a day, use a Date object.
Default: Cookie is removed when the user closes the browser.
Examples:
Cookies.set('name', 'value', { expires: 365 });
Cookies.get('name'); // => 'value'
Cookies.remove('name');
let twoHoursFromNow = new Date();
twoHoursFromNow.setHours(twoHoursFromNow.getHours() + 2);
Cookies.set('name', 'value', { expires: twoHoursFromNow });
A string indicating the path where the cookie is visible.
Default: /
Examples:
Cookies.set('name', 'value', { path: '' });
Cookies.get('name'); // => 'value'
Cookies.remove('name', { path: '' });
A string indicating a valid domain where the cookie should be visible. The cookie will also be visible to all subdomains.
Default: Cookie is visible only to the domain or subdomain of the page where the cookie was created.
Examples:
Assuming a cookie that is being created on site.com:
Cookies.set('name', 'value', { domain: 'subdomain.site.com' });
Cookies.get('name'); // => undefined (need to read at 'subdomain.site.com')
Either true or false, indicating if the cookie transmission requires a secure protocol (https).
Default: No secure protocol requirement.
Examples:
Cookies.set('name', 'value', { secure: true });
Cookies.get('name'); // => 'value'
Cookies.remove('name');
A string with a value of either strict, lax, or none. When enabled,
supporting browsers will only send the cookie if the request originates
from the same website the cookie is from. This provides some protection
against cross-site request forgery attacks (CSRF).
The strict mode withholds the cookie from any kind of cross-site usage (including inbound links from external sites). The lax mode withholds the cookie on cross-domain subrequests (e.g. images or frames), but sends it whenever a user navigates safely from an external site (e.g. by following a link).
Default: No same-site requirement is set - the browser default will be used.
Examples:
Cookies.set('name', 'value', { sameSite: 'strict' });
Cookies.set('other', 'value', { sameSite: 'lax' });
Either true or false, indicating that the cookie should be stored using partitioned storage.
See Cookies Having Independent Partitioned State (CHIPS) for more details.
Default: Cookie will not be partitioned.
Examples:
Cookies.set('name', 'value', { secure: true, partitioned: true });
Cookies.get('name'); // => 'value'
Cookies.remove('name');
This project is RFC 6265 compliant. Special characters that are not allowed in the cookie name or value are encoded with their UTF-8 Hex equivalent using percent-encoding.
The only character allowed in cookie names or values that is still encoded
is the percent (%) character. It is escaped in order to interpret
percent input as literal.
Theodore Brown
https://theodorejb.me
MIT
[1.5.0] - 2024-04-19
partitioned cookies.expires is set to a number larger than the maximum date.FAQs
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
/Research
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
Security News
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
Security News
/Research
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.