secure-cookie
Advanced tools
Nodejs cookie library with signing and encryption support. For those familiar with
cookies
this library is almost the same plus encryption and additional configuration support.
This library is published in the NPM registry and can be installed using any compatible package manager.
npm install secure-cookie --save
# For Yarn, use the command below.
yarn add secure-cookie
const {Cookies, KeyStore} = require('secure-cookies')
const app = express()
app.use(Cookies.express({
signed: true,
keyStore: new KeyStore({
signing: {
// encoding: 'base64',
// algorithm: 'sha1',
keys: ["mysigningkey"]
}
})
}))
//In a route handler
app.get('/some-route', function (req, res, next) {
//This will create a cookie named MC with given value.
// Because of signing is enabled, a new cookie with MC.sig will also be created
// and would contain signature of the cookie.
req.cookies.set('MC', "someValue")
})
const {Cookies, KeyStore} = require('secure-cookies')
const app = express()
app.use(Cookies.express({
signed: true,
keyStore: new KeyStore({
encryption: {
// algorithm: 'aes-192-ccm',
// authTagLength: 16,
// encoding: 'hex',
keys: ["a24bytesecretmustchanged"]
}
})
}))
app.get('/set-cookie', function (req, res, next) {
//This will create a cookie named MC with and with its encrtypted value.
req.cookies.set('MC', "someValue")
})
app.get('/get-cookie', function (req, res, next) {
// get decrypted value without hassle
const myCookie = req.cookies.get('MC')
assert.equal(myCookie, "someValue")
})
Make sure selected algorithm is supported by your NodeJs version.
By default aes-192-ccm is selected. You can override that and related settings from KeyStore constructor options.
If the algorithm you would like to use is missing from the default ones you can add it by following:
const {KeyStore} = require('secure-cookies')
KeyStore.cipherInfo['aes-xxx-xxx'] = { ivLength: 16, keyLength: 16 }
You can see included algorithms from src/ciphers.ts
For all options and internals have a look at to API documentation.
Released under MIT License.
FAQs
Cookie library/middleware with signing and encryption support
The npm package secure-cookie receives a total of 1 weekly downloads. As such, secure-cookie popularity was classified as not popular.
We found that secure-cookie demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.