set-cookie-parser - npm Package Compare versions

Comparing version 2.7.2 to 3.0.0

dist/.eslintrc.cjs

+"use strict";
+module.exports = {
+  // This isn't really meant for use in browsers, but some dependents such as nookie are.
+  // So, stick with ES5 (at least for the CJS version) to be nice. See #44
+  parserOptions: { ecmaVersion: 5 },
+  env: {
+    node: true,
+    browser: true,
+  },
+  extends: ["eslint:recommended", "plugin:prettier/recommended"],
+  rules: {
+    "prefer-const": "error",
+    strict: "error",
+    eqeqeq: "error",
+  },
+};

lib/set-cookie.js

@@ -1,3 +0,1 @@
-"use strict";
-
 var defaultParseOptions = {
@@ -7,2 +5,3 @@ decodeValues: true,
   silent: false,
+  split: "auto", // auto = split strings but not arrays
 };
@@ -95,3 +94,3 @@
 
-function parse(input, options) {
+function parseSetCookie(input, options) {
   options = options
@@ -134,9 +133,22 @@ ? Object.assign({}, defaultParseOptions, options)
   }
-  if (!Array.isArray(input)) {
+
+  var split = options.split;
+  var isArray = Array.isArray(input);
+
+  if (split === "auto") {
+    split = !isArray;
+  }
+
+  if (!isArray) {
     input = [input];
   }
 
+  input = input.filter(isNonEmptyString);
+
+  if (split) {
+    input = input.map(splitCookiesString).flat();
+  }
+
   if (!options.map) {
     return input
-      .filter(isNonEmptyString)
       .map(function (str) {
@@ -148,3 +160,3 @@ return parseString(str, options);
     var cookies = createNullObj();
-    return input.filter(isNonEmptyString).reduce(function (cookies, str) {
+    return input.reduce(function (cookies, str) {
       var cookie = parseString(str, options);
@@ -243,5 +255,16 @@ if (cookie && !isForbiddenKey(cookie.name)) {
 
-module.exports = parse;
-module.exports.parse = parse;
-module.exports.parseString = parseString;
-module.exports.splitCookiesString = splitCookiesString;
+// named export for CJS
+parseSetCookie.parseSetCookie = parseSetCookie;
+// for backwards compatibility
+parseSetCookie.parse = parseSetCookie;
+parseSetCookie.parseString = parseString;
+parseSetCookie.splitCookiesString = splitCookiesString;
+
+// EXPORTS
+// (this section is replaced by build-cjs.js)
+
+// named export for ESM
+export { parseSetCookie };
+// for backwards compatibility
+export default parseSetCookie;
+export { parseSetCookie as parse, parseString, splitCookiesString };

package.json

 {
   "name": "set-cookie-parser",
-  "version": "2.7.2",
+  "version": "3.0.0",
   "description": "Parses set-cookie headers into objects",
@@ -12,5 +12,15 @@ "homepage": "https://github.com/nfriedly/set-cookie-parser",
   "files": [
-    "lib"
+    "lib",
+    "dist"
   ],
-  "main": "./lib/set-cookie.js",
+  "main": "./dist/set-cookie.cjs",
+  "module": "./lib/set-cookie.js",
+  "type": "module",
+  "exports": {
+    ".": {
+      "module-sync": "./lib/set-cookie.js",
+      "import": "./lib/set-cookie.js",
+      "require": "./dist/set-cookie.cjs"
+    }
+  },
   "sideEffects": false,
@@ -30,3 +40,3 @@ "keywords": [
     "eslint-plugin-prettier": "^5.1.3",
-    "husky": "^9.0.11",
+    "husky": "^9.1.7",
     "mocha": "^10.3.0",
@@ -39,5 +49,7 @@ "prettier": "^3.2.5",
     "lint": "eslint . --ignore-pattern '!.eslintrc.js'",
-    "test": "npm run lint && mocha",
+    "test": "npm run build && npm run lint && mocha",
     "autofix": "npm run lint -- --fix",
-    "precommit": "npm test"
+    "format": "npm run lint -- --fix",
+    "build": "node ./build-cjs.js",
+    "prepare": "husky"
   },
@@ -44,0 +56,0 @@ "license": "MIT",

README.md

@@ -9,6 +9,2 @@ # set-cookie-parser
 
-ℹ️ **Note for current users:** I'm considering some changes for the next major version and would appreciate your feedback: https://github.com/nfriedly/set-cookie-parser/discussions/68
-
----
-
 Parses set-cookie headers into JavaScript objects
@@ -18,14 +14,4 @@
 
-Also accepts an optional options object. Defaults:
+Returns either an array of cookie objects or a map of name => cookie object with options set `{map: true}`. Each cookie object will have, at a minimum `name` and `value` properties, and may have additional properties depending on the set-cookie header:
 
-```js
-{
-    decodeValues: true,  // Calls decodeURIComponent on each value - default: true
-    map: false,          // Return an object instead of an array - default: false
-    silent: false,       // Suppress the warning that is logged when called on a request instead of a response - default: false
-}
-```
-
-Returns either an array of cookie objects or a map of name => cookie object with `{map: true}`. Each cookie object will have, at a minimum `name` and `value` properties, and may have additional properties depending on the set-cookie header:
-
 * `name` - cookie name (string)
@@ -41,3 +27,3 @@ * `value` - cookie value (string)
 * `sameSite` - indicates if cookie should be included in cross-site requests ([more info](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#samesitesamesite-value)) (string or undefined)
-  * Note: valid values are `"Strict"`, `"Lax"`, and `"None"`, but set-cookie-parser coppies the value verbatim and does *not* perform any validation.
+  * Note: valid values are `"Strict"`, `"Lax"`, and `"None"`, but set-cookie-parser copies the value verbatim and does *not* perform any validation.
 * `partitioned` - indicates cookie should be scoped to the combination of 3rd party domain + top page domain ([more info](https://developer.mozilla.org/en-US/docs/Web/Privacy/Privacy_sandbox/Partitioned_cookies)) (true or undefined)
@@ -59,7 +45,8 @@
 ```js
-var http = require('http');
-var setCookie = require('set-cookie-parser');
+import * as http from 'node:http';
+import { parseSetCookie } from 'set-cookie-parser';
+// or const { parseSetCookie } = require('set-cookie-parser');
 
 http.get('http://example.com', function(res) {
-  var cookies = setCookie.parse(res, {
+  const cookies = parseSetCookie(res, {
     decodeValues: true  // default: true
@@ -97,7 +84,8 @@ });
 ```js
-var http = require('http');
-var setCookie = require('set-cookie-parser');
+import * as http from 'node:http';
+import { parseSetCookie } from 'set-cookie-parser';
+// or const { parseSetCookie } = require('set-cookie-parser');
 
 http.get('http://example.com', function(res) {
-  var cookies = setCookie.parse(res, {
+  const cookies = parseSetCookie(res, {
     decodeValues: true,  // default: true
@@ -107,3 +95,3 @@ map: true            // default: false
 
-  var desiredCookie = cookies['session'];
+  const desiredCookie = cookies['session'];
   console.log(desiredCookie);
@@ -138,8 +126,9 @@ });
 ```js
-const libCookie = require('cookie');
-const setCookie = require('set-cookie-parser');
+import * as libCookie from 'cookie';
+import { parseSetCookie } from 'set-cookie-parser';
+// or const { parseSetCookie } = require('set-cookie-parser');
 
 function modifySetCookie(res){
   // parse the set-cookie headers with this library
-  let cookies = setCookie.parse(res);
+  const cookies = parseSetCookie(res);
   
@@ -158,27 +147,5 @@ // modify the cookies here
 
-## Usage in React Native (and with some other fetch implementations)
-
-React Native follows the Fetch spec more closely and combines all of the Set-Cookie header values into a single string.
-The `splitCookiesString` method reverses this.
-
-```js
-var setCookie = require('set-cookie-parser');
-
-var response = fetch(/*...*/);
-
-// This is mainly for React Native; Node.js does not combine set-cookie headers.
-var combinedCookieHeader = response.headers.get('Set-Cookie');
-var splitCookieHeaders = setCookie.splitCookiesString(combinedCookieHeader)
-var cookies = setCookie.parse(splitCookieHeaders);
-
-console.log(cookies); // should be an array of cookies
-```
-
-This behavior may become a default part of parse in the next major release, but requires the extra step for now.
-
-Note that the `fetch()` spec now includes a `getSetCookie()` method that provides un-combined `Set-Cookie` headers. This library will automatically use that method if it is present.
-
 ## API
 
-### parse(input, [options])
+### parseSetCookie(input, [options])
 
@@ -188,13 +155,13 @@ Parses cookies from a string, array of strings, or a http response object.
 
-### parseString(individualSetCookieHeader, [options])
+Also accepts an optional options object. Defaults:
 
-Parses a single set-cookie header value string. Options default is `{decodeValues: true}`. Used under-the-hood by `parse()`. 
-Returns an object.
+```js
+{
+    decodeValues: true, // Calls decodeURIComponent on each value - default: true
+    map: false,         // Return an object instead of an array - default: false
+    silent: false,      // Suppress the warning that is logged when called on a request instead of a response - default: false
+    split: 'auto',      // Separate combined cookie headers. Valid options are true/false/'auto'. 'auto' splits strings but not arrays.
+}
+```
 
-### splitCookiesString(combinedSetCookieHeader)
-
-It's uncommon, but the HTTP spec does allow for multiple of the same header to have their values combined (comma-separated) into a single header. 
-This method splits apart a combined header without choking on commas that appear within a cookie's value (or expiration date).
-Returns an array of strings that may be passed to `parse()`.
-
 ## References
@@ -201,0 +168,0 @@

New alerts

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Fixed alerts

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Improved metrics

Number of package files

5

25%

Lines of code

241

15.87%

Is type module

Yes

NaN

Worsened metrics

Total package byte prevSize

16399

-0.33%

Number of lines in readme file

170

-16.26%

No dependency changes