Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

tough-cookie

Package Overview
Dependencies
Maintainers
2
Versions
49
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

tough-cookie - npm Package Compare versions

Comparing version 5.0.0-rc.3 to 5.0.0-rc.4

20

dist/cookie/canonicalDomain.js
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.canonicalDomain = canonicalDomain;
const punycode_js_1 = require("punycode/punycode.js");
const constants_1 = require("./constants");

@@ -41,12 +40,19 @@ /**

}
let _str = domainName.trim().replace(/^\./, ''); // S4.1.2.3 & S5.2.3: ignore leading .
if (constants_1.IP_V6_REGEX_OBJECT.test(_str)) {
_str = _str.replace('[', '').replace(']', '');
let str = domainName.trim().replace(/^\./, ''); // S4.1.2.3 & S5.2.3: ignore leading .
if (constants_1.IP_V6_REGEX_OBJECT.test(str)) {
if (!str.startsWith('[')) {
str = '[' + str;
}
if (!str.endsWith(']')) {
str = str + ']';
}
return new URL(`http://${str}`).hostname.slice(1, -1); // remove [ and ]
}
// convert to IDN if any non-ASCII characters
// eslint-disable-next-line no-control-regex
if (/[^\u0001-\u007f]/.test(_str)) {
_str = (0, punycode_js_1.toASCII)(_str);
if (/[^\u0001-\u007f]/.test(str)) {
return new URL(`http://${str}`).hostname;
}
return _str.toLowerCase();
// ASCII-only domain - not canonicalized with new URL() because it may be a malformed URL
return str.toLowerCase();
}

@@ -25,8 +25,4 @@ "use strict";

};
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.CookieJar = void 0;
const url_parse_1 = __importDefault(require("url-parse"));
const getPublicSuffix_1 = require("../getPublicSuffix");

@@ -61,11 +57,22 @@ const validators = __importStar(require("../validators"));

function getCookieContext(url) {
if (url instanceof URL) {
return url;
if (url &&
typeof url === 'object' &&
'hostname' in url &&
typeof url.hostname === 'string' &&
'pathname' in url &&
typeof url.pathname === 'string' &&
'protocol' in url &&
typeof url.protocol === 'string') {
return {
hostname: url.hostname,
pathname: url.pathname,
protocol: url.protocol,
};
}
else if (typeof url === 'string') {
try {
return (0, url_parse_1.default)(decodeURI(url));
return new URL(decodeURI(url));
}
catch {
return (0, url_parse_1.default)(url);
return new URL(url);
}

@@ -210,3 +217,2 @@ }

const loose = options?.loose || this.enableLooseMode;
let err;
let sameSiteContext = null;

@@ -223,3 +229,3 @@ if (options?.sameSiteContext) {

if (!parsedCookie) {
err = new Error('Cookie failed to parse');
const err = new Error('Cookie failed to parse');
return options?.ignoreError

@@ -234,3 +240,3 @@ ? promiseCallback.resolve(undefined)

// it *might* be a Cookie object from another loaded version of tough-cookie.
err = new Error('First argument to setCookie must be a Cookie object or string');
const err = new Error('First argument to setCookie must be a Cookie object or string');
return options?.ignoreError

@@ -256,3 +262,3 @@ ? promiseCallback.resolve(undefined)

// e.g. "com"
err = new Error('Cookie has domain set to a public suffix');
const err = new Error('Cookie has domain set to a public suffix');
return options?.ignoreError

@@ -277,3 +283,3 @@ ? promiseCallback.resolve(undefined)

if (!(0, domainMatch_1.domainMatch)(host ?? undefined, cookie.cdomain() ?? undefined, false)) {
err = new Error(`Cookie not in this host's domain. Cookie:${cookie.cdomain() ?? 'null'} Request:${host ?? 'null'}`);
const err = new Error(`Cookie not in this host's domain. Cookie:${cookie.cdomain() ?? 'null'} Request:${host ?? 'null'}`);
return options?.ignoreError

@@ -303,3 +309,3 @@ ? promiseCallback.resolve(undefined)

if (options?.http === false && cookie.httpOnly) {
err = new Error("Cookie is HttpOnly and this isn't an HTTP API");
const err = new Error("Cookie is HttpOnly and this isn't an HTTP API");
return options.ignoreError

@@ -318,3 +324,3 @@ ? promiseCallback.resolve(undefined)

if (sameSiteContext === 'none') {
err = new Error('Cookie is SameSite but this is a cross-origin request');
const err = new Error('Cookie is SameSite but this is a cross-origin request');
return options?.ignoreError

@@ -321,0 +327,0 @@ ? promiseCallback.resolve(undefined)

@@ -22,9 +22,12 @@ "use strict";

};
const safeToStringImpl = (val, seenArrays) => {
const safeToStringImpl = (val, seenArrays = new WeakSet()) => {
// Using .toString() fails for null/undefined and implicit conversion (val + "") fails for symbols
// and objects with null prototype
if (val === undefined || val === null || typeof val.toString === 'function') {
if (typeof val !== 'object' || val === null) {
return String(val);
}
else if (typeof val.toString === 'function') {
return Array.isArray(val)
? // Arrays have a weird custom toString that we need to replicate
safeArrayToString(val, seenArrays ?? new WeakSet())
safeArrayToString(val, seenArrays)
: String(val);

@@ -31,0 +34,0 @@ }

@@ -8,2 +8,2 @@ "use strict";

*/
exports.version = '5.0.0-rc.3';
exports.version = '5.0.0-rc.4';

@@ -78,3 +78,3 @@ {

],
"version": "5.0.0-rc.3",
"version": "5.0.0-rc.4",
"homepage": "https://github.com/salesforce/tough-cookie",

@@ -112,2 +112,3 @@ "repository": {

},
"//": "We only support node 18+, but v16 still works. We won't block v16 until it becomes a burden.",
"engines": {

@@ -117,28 +118,24 @@ "node": ">=16"

"devDependencies": {
"@eslint/js": "^9.5.0",
"@microsoft/api-documenter": "^7.25.3",
"@microsoft/api-extractor": "^7.47.0",
"@eslint/js": "^9.7.0",
"@microsoft/api-documenter": "^7.25.7",
"@microsoft/api-extractor": "^7.47.2",
"@types/jest": "^29.5.12",
"@types/node": "^14.18.63",
"@types/punycode": "^2.1.4",
"@types/url-parse": "^1.4.11",
"@types/node": "^16.18.101",
"async": "3.2.5",
"eslint": "^8.57.0",
"eslint-config-prettier": "^9.1.0",
"eslint-plugin-prettier": "^5.1.3",
"eslint-plugin-prettier": "^5.2.1",
"genversion": "^3.2.0",
"globals": "^15.6.0",
"globals": "^15.8.0",
"jest": "^29.7.0",
"prettier": "^3.3.2",
"ts-jest": "^29.1.5",
"prettier": "^3.3.3",
"ts-jest": "^29.2.2",
"ts-node": "^10.9.2",
"typescript": "5.5.2",
"typescript-eslint": "^7.13.1",
"typescript": "5.5.3",
"typescript-eslint": "^7.16.1",
"vows": "^0.8.3"
},
"dependencies": {
"punycode": "^2.3.1",
"tldts": "^6.1.28",
"url-parse": "^1.5.10"
"tldts": "^6.1.32"
}
}
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc