tough-cookie - npm Package Compare versions

Comparing version 2.0.0 to 2.1.0

lib/cookie.js

@@ -52,4 +52,6 @@ /*!
 var COOKIE_OCTET  = /[\x21\x23-\x2B\x2D-\x3A\x3C-\x5B\x5D-\x7E]/;
-var COOKIE_OCTETS = new RegExp('^'+COOKIE_OCTET.source+'$');
+var COOKIE_OCTETS = new RegExp('^'+COOKIE_OCTET.source+'+$');
 
+var CONTROL_CHARS = /[\x00-\x1F]/;
+
 // Double quotes are part of the value (see: S4.1.1).
@@ -60,4 +62,8 @@ // '\r', '\n' and '\0' should be treated as a terminator in the "relaxed" mode
 // (see: https://github.com/ChromiumWebApps/chromium/blob/b3d3b4da8bb94c1b2e061600df106d590fda3620/net/cookies/parsed_cookie.cc#L64)
-var COOKIE_PAIR = /^([^=;]+)\s*=\s*(("?)[^\n\r\0]*\3)/;
+var COOKIE_PAIR = /^(([^=;]+))\s*=\s*(("?)[^\n\r\0]*\3)/
 
+// Used to parse non-RFC-compliant cookies like '=abc' when given the `loose`
+// option in Cookie.parse:
+var LOOSE_COOKIE_PAIR = /^((?:=)?([^=;]*)\s*=\s*)?(("?)[^\n\r\0]*\3)/;
+
 // RFC6265 S4.1.1 defines path value as 'any CHAR except CTLs or ";"'
@@ -320,3 +326,6 @@ // Note ';' is \x3B
 
-function parse(str) {
+function parse(str, options) {
+  if (!options || typeof options !== 'object') {
+    options = {};
+  }
   str = str.trim();
@@ -332,3 +341,4 @@
   var firstSemi = str.indexOf(';'); // S5.2 step 1
-  var result = COOKIE_PAIR.exec(firstSemi === -1 ? str : str.substr(0,firstSemi));
+  var pairRe = options.loose ? LOOSE_COOKIE_PAIR : COOKIE_PAIR;
+  var result = pairRe.exec(firstSemi === -1 ? str : str.substr(0,firstSemi));
 
@@ -342,4 +352,11 @@ // Rx satisfies the "the name string is empty" and "lacks a %x3D ("=")"
   var c = new Cookie();
-  c.key = result[1].trim();
-  c.value = result[2].trim();
+  if (result[1]) {
+    c.key = result[2].trim();
+  } else {
+    c.key = '';
+  }
+  c.value = result[3].trim();
+  if (CONTROL_CHARS.test(c.key) || CONTROL_CHARS.test(c.value)) {
+    return;
+  }
 
@@ -594,11 +611,11 @@ if (firstSemi === -1) {
 
-function Cookie(opts) {
-  opts = opts || {};
+function Cookie(options) {
+  options = options || {};
 
-  Object.keys(opts).forEach(function(prop) {
+  Object.keys(options).forEach(function(prop) {
     if (Cookie.prototype.hasOwnProperty(prop) &&
-        Cookie.prototype[prop] !== opts[prop] &&
+        Cookie.prototype[prop] !== options[prop] &&
         prop.substr(0,1) !== '_')
     {
-      this[prop] = opts[prop];
+      this[prop] = options[prop];
     }
@@ -754,2 +771,5 @@ }, this);
   }
+  if (this.key === '') {
+    return val;
+  }
   return this.key+'='+val;
@@ -895,3 +915,3 @@ };
   if (!(cookie instanceof Cookie)) {
-    cookie = Cookie.parse(cookie);
+    cookie = Cookie.parse(cookie, { loose: options.loose });
   }
@@ -898,0 +918,0 @@ if (!cookie) {

package.json

 {
-  "author": "Jeremy Stashewsky <jstashewsky@salesforce.com>",
+  "author": {
+    "name": "Jeremy Stashewsky",
+    "email": "jstashewsky@salesforce.com",
+    "website": "https://github.com/stash"
+  },
+  "contributors": [
+    {
+      "name": "Alexander Savin",
+      "website": "https://github.com/apsavin"
+    },
+    {
+      "name": "Ian Livingstone",
+      "website": "https://github.com/ianlivingstone"
+    },
+    {
+      "name": "Ivan Nikulin",
+      "website": "https://github.com/inikulin"
+    },
+    {
+      "name": "Lalit Kapoor",
+      "website": "https://github.com/lalitkapoor"
+    },
+    {
+      "name": "Sam Thompson",
+      "website": "https://github.com/sambthompson"
+    },
+    {
+      "name": "Sebastian Mayr",
+      "website": "https://github.com/Sebmaster"
+    }
+  ],
   "license": "BSD-3-Clause",
@@ -16,3 +46,3 @@ "name": "tough-cookie",
   ],
-  "version": "2.0.0",
+  "version": "2.1.0",
   "homepage": "https://github.com/SalesforceEng/tough-cookie",
@@ -27,3 +57,7 @@ "repository": {
   "main": "./lib/cookie",
+  "files": [
+    "lib"
+  ],
   "scripts": {
+    "suffixup": "curl -o public_suffix_list.dat https://publicsuffix.org/list/public_suffix_list.dat && ./generate-pubsuffix.js",
     "test": "vows test/*_test.js"
@@ -35,5 +69,5 @@ },
   "devDependencies": {
-    "vows": "0.7.0",
-    "async": ">=0.1.12"
+    "async": "^1.4.2",
+    "vows": "^0.8.1"
   }
 }

README.md

@@ -71,5 +71,5 @@ [RFC6265](https://tools.ietf.org/html/rfc6265) Cookies and CookieJar for Node.js
 
-### `parse(header)`
+### `parse(cookieString[, options])`
 
-alias for `Cookie.parse(header)`
+alias for `Cookie.parse(cookieString[, options])`
 
@@ -116,6 +116,12 @@ ### `fromJSON(string)`
 
-### `Cookie.parse(header)`
+### `Cookie.parse(cookieString[, options])`
 
 Parses a single Cookie or Set-Cookie HTTP header into a `Cookie` object.  Returns `undefined` if the string can't be parsed.
 
+The options parameter is not required and currently has only one property:
+
+  * _loose_ - boolean - if `true` enable parsing of key-less cookies like `=abc` and `=`, which are not RFC-compliant.
+
+If options is not an object, it is ignored, which means you can use `Array#map` with it.
+
 Here's how to process the Set-Cookie header(s) on a node HTTP/HTTPS response:
@@ -125,3 +131,3 @@
 if (res.headers['set-cookie'] instanceof Array)
-  cookies = res.headers['set-cookie'].map(function (c) { return (Cookie.parse(c)); });
+  cookies = res.headers['set-cookie'].map(Cookie.parse);
 else
@@ -456,3 +462,3 @@ cookies = [Cookie.parse(res.headers['set-cookie'])];
 
-(tl;dr: BSD-3-Clause with some MPL/1.1)
+(tl;dr: BSD-3-Clause with some MPL/2.0)
 
@@ -490,2 +496,2 @@ ```text
 
-Portions may be licensed under different licenses (in particular public-suffix.txt is MPL/1.1); please read the LICENSE file for full details.
+Portions may be licensed under different licenses (in particular `public_suffix_list.dat` is MPL/2.0); please read that file and the LICENSE file for full details.

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Copyleft License

License

(Experimental) Copyleft license information was found.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Mixed license

License

(Experimental) Package contains multiple licenses.

Found 1 instance in 1 package

Non-permissive License

License

(Experimental) A license not known to be considered permissive was found.

Found 1 instance in 1 package

Improved metrics

Number of low license alerts

0

decreased by-100%

License quality

100

increased by42.86%

Number of lines in readme file

493

increased by1.23%

Number of low supply chain risk alerts

0

decreased by-100%

Worsened metrics

Total package byte prevSize

228431

decreased by-58.02%

Number of package files

9

decreased by-70%

Lines of code

2120

decreased by-69.95%

Number of medium supply chain risk alerts

2

increased by100%

No dependency changes