{"id":13527810,"url":"https://github.com/nfriedly/set-cookie-parser","last_synced_at":"2025-05-14T14:10:11.746Z","repository":{"id":34433621,"uuid":"38366929","full_name":"nfriedly/set-cookie-parser","owner":"nfriedly","description":"Parse HTTP set-cookie headers in JavaScript","archived":false,"fork":false,"pushed_at":"2025-02-24T18:15:55.000Z","size":209,"stargazers_count":192,"open_issues_count":2,"forks_count":22,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-05-06T17:12:11.721Z","etag":null,"topics":["cookie","cookies","header","headers","http","javascript","nodejs","parser","react-native"],"latest_commit_sha":null,"homepage":"https://www.npmjs.com/package/set-cookie-parser","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nfriedly.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":["nfriedly"],"patreon":null,"open_collective":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"lfx_crowdfunding":null,"polar":null,"buy_me_a_coffee":null,"thanks_dev":null,"custom":null}},"created_at":"2015-07-01T11:14:35.000Z","updated_at":"2025-05-02T04:08:45.000Z","dependencies_parsed_at":"2024-01-13T17:11:17.037Z","dependency_job_id":"c8fa58ab-67a8-4477-9240-1a9c67de80fe","html_url":"https://github.com/nfriedly/set-cookie-parser","commit_stats":{"total_commits":139,"total_committers":21,"mean_commits":6.619047619047619,"dds":0.3381294964028777,"last_synced_commit":"71f7b02015da604a6b5f9269b99ea644629d84ef"},"previous_names":[],"tags_count":31,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nfriedly%2Fset-cookie-parser","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nfriedly%2Fset-cookie-parser/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nfriedly%2Fset-cookie-parser/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nfriedly%2Fset-cookie-parser/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nfriedly","download_url":"https://codeload.github.com/nfriedly/set-cookie-parser/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252922342,"owners_count":21825636,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cookie","cookies","header","headers","http","javascript","nodejs","parser","react-native"],"created_at":"2024-08-01T06:02:02.594Z","updated_at":"2025-05-14T14:10:06.722Z","avatar_url":"https://github.com/nfriedly.png","language":"JavaScript","readme":"# set-cookie-parser \n\n[![Node.js CI](https://github.com/nfriedly/set-cookie-parser/actions/workflows/node.js.yml/badge.svg)](https://github.com/nfriedly/set-cookie-parser/actions/workflows/node.js.yml)\n[![NPM version][npm-image]][npm-url] \n[![npm downloads](https://img.shields.io/npm/dm/set-cookie-parser)][npm-url]\n\n---\n\nℹ️ **Note for current users:** I'm considering some changes for the next major version and would appreciate your feedback: https://github.com/nfriedly/set-cookie-parser/discussions/68\n\n---\n\nParses set-cookie headers into JavaScript objects\n\nAccepts a single `set-cookie` header value, an array of `set-cookie` header values, a Node.js response object, or a `fetch()` `Response` object that may have 0 or more `set-cookie` headers.\n\nAlso accepts an optional options object. Defaults:\n\n```js\n{\n    decodeValues: true,  // Calls decodeURIComponent on each value - default: true\n    map: false,          // Return an object instead of an array - default: false\n    silent: false,       // Suppress the warning that is logged when called on a request instead of a response - default: false\n}\n```\n\nReturns either an array of cookie objects or a map of name =\u003e cookie object with `{map: true}`. Each cookie object will have, at a minimum `name` and `value` properties, and may have additional properties depending on the set-cookie header:\n\n* `name` - cookie name (string)\n* `value` - cookie value (string)\n* `path` - URL path to limit the scope to (string or undefined)\n* `domain` - domain to expand the scope to (string or undefined, may begin with \".\" to indicate the named domain or any subdomain of it)\n* `expires` - absolute expiration date for the cookie (Date object or undefined)\n* `maxAge` - relative expiration time of the cookie in seconds from when the client receives it (integer or undefined)\n  * Note: when using with [express's res.cookie() method](http://expressjs.com/en/4x/api.html#res.cookie), multiply `maxAge` by 1000 to convert to milliseconds.\n* `secure` - indicates cookie should only be sent over HTTPs (true or undefined)\n* `httpOnly` - indicates cookie should *not* be accessible to client-side JavaScript (true or undefined)\n* `sameSite` - indicates if cookie should be included in cross-site requests ([more info](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#samesitesamesite-value)) (string or undefined)\n  * Note: valid values are `\"Strict\"`, `\"Lax\"`, and `\"None\"`, but set-cookie-parser coppies the value verbatim and does *not* perform any validation.\n* `partitioned` - indicates cookie should be scoped to the combination of 3rd party domain + top page domain ([more info](https://developer.mozilla.org/en-US/docs/Web/Privacy/Privacy_sandbox/Partitioned_cookies)) (true or undefined)\n\n(The output format is loosely based on the input format of https://www.npmjs.com/package/cookie)\n\n## Install\n\n```sh\n$ npm install --save set-cookie-parser\n```\n\n\n## Usage\n\n### Get array of cookie objects\n\n```js\nvar http = require('http');\nvar setCookie = require('set-cookie-parser');\n\nhttp.get('http://example.com', function(res) {\n  var cookies = setCookie.parse(res, {\n    decodeValues: true  // default: true\n  });\n\n  cookies.forEach(console.log);\n}\n```\n\nExample output:\n\n```js\n[\n    {\n        name: 'bam',\n        value: 'baz'\n    },\n    {\n        name: 'foo',\n        value: 'bar',\n        path: '/',\n        expires: new Date('Tue Jul 01 2025 06:01:11 GMT-0400 (EDT)'),\n        maxAge: 1000,\n        domain: '.example.com',\n        secure: true,\n        httpOnly: true,\n        sameSite: 'lax'\n    }\n]\n```\n\n### Get map of cookie objects\n\n```js\nvar http = require('http');\nvar setCookie = require('set-cookie-parser');\n\nhttp.get('http://example.com', function(res) {\n  var cookies = setCookie.parse(res, {\n    decodeValues: true,  // default: true\n    map: true            // default: false\n  });\n\n  var desiredCookie = cookies['session'];\n  console.log(desiredCookie);\n});\n```\nExample output:\n```js\n{\n    bam: {\n        name: 'bam',\n        value: 'baz'\n    },\n    foo: {\n        name: 'foo',\n        value: 'bar',\n        path: '/',\n        expires: new Date('Tue Jul 01 2025 06:01:11 GMT-0400 (EDT)'),\n        maxAge: 1000,\n        domain: '.example.com',\n        secure: true,\n        httpOnly: true,\n        sameSite: 'lax'\n    }\n}\n```\n\n### Creating a new, modified set-cookie header\n\nThis library can be used in conjunction with the [cookie](https://www.npmjs.com/package/cookie) library to modify and replace set-cookie headers:\n\n```js\nconst libCookie = require('cookie');\nconst setCookie = require('set-cookie-parser');\n\nfunction modifySetCookie(res){\n  // parse the set-cookie headers with this library\n  let cookies = setCookie.parse(res);\n  \n  // modify the cookies here\n  // ...\n  \n  // create new set-cookie headers using the cookie library\n  res.headers['set-cookie'] = cookies.map(function(cookie) {\n      return libCookie.serialize(cookie.name, cookie.value, cookie);\n  });\n}\n```\n\nSee a real-world example of this in [unblocker](https://github.com/nfriedly/node-unblocker/blob/08a89ec27274b46dcd80d0a324a59406f2bdad3d/lib/cookies.js#L67-L85)\n\n## Usage in React Native (and with some other fetch implementations)\n\nReact Native follows the Fetch spec more closely and combines all of the Set-Cookie header values into a single string.\nThe `splitCookiesString` method reverses this.\n\n```js\nvar setCookie = require('set-cookie-parser');\n\nvar response = fetch(/*...*/);\n\n// This is mainly for React Native; Node.js does not combine set-cookie headers.\nvar combinedCookieHeader = response.headers.get('Set-Cookie');\nvar splitCookieHeaders = setCookie.splitCookiesString(combinedCookieHeader)\nvar cookies = setCookie.parse(splitCookieHeaders);\n\nconsole.log(cookies); // should be an array of cookies\n```\n\nThis behavior may become a default part of parse in the next major release, but requires the extra step for now.\n\nNote that the `fetch()` spec now includes a `getSetCookie()` method that provides un-combined `Set-Cookie` headers. This library will automatically use that method if it is present.\n\n## API\n\n### parse(input, [options])\n\nParses cookies from a string, array of strings, or a http response object. \nAlways returns an array, regardless of input format. (Unless the `map` option is set, in which case it always returns an object.)\n\n### parseString(individualSetCookieHeader, [options])\n\nParses a single set-cookie header value string. Options default is `{decodeValues: true}`. Used under-the-hood by `parse()`. \nReturns an object.\n\n### splitCookiesString(combinedSetCookieHeader)\n\nIt's uncommon, but the HTTP spec does allow for multiple of the same header to have their values combined (comma-separated) into a single header. \nThis method splits apart a combined header without choking on commas that appear within a cookie's value (or expiration date).\nReturns an array of strings that may be passed to `parse()`.\n\n## References\n\n* [RFC 6265: HTTP State Management Mechanism](https://tools.ietf.org/html/rfc6265)\n* [draft-ietf-httpbis-rfc6265bis-10](https://httpwg.org/http-extensions/draft-ietf-httpbis-rfc6265bis.html)\n\n## License\n\nMIT © [Nathan Friedly](http://www.nfriedly.com/)\n\n\n[npm-image]: https://badge.fury.io/js/set-cookie-parser.svg\n[npm-url]: https://npmjs.org/package/set-cookie-parser\n","funding_links":["https://github.com/sponsors/nfriedly"],"categories":["JavaScript"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnfriedly%2Fset-cookie-parser","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnfriedly%2Fset-cookie-parser","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnfriedly%2Fset-cookie-parser/lists"}