Installations
npm install @rudderstack/analytics-js-cookiesDeveloper Guide
Typescript
Yes
Module System
ESM
Node Version
20.11.1
NPM Version
10.2.4
Score
74.5
Supply Chain
98.9
Quality
97.6
Maintenance
100
Vulnerability
93.6
License
Releases
rudderstack/analytics-js-service-worker@3.2.17
Published on 17 Dec 2024
@rudderstack/analytics-js-integrations@3.11.14
Published on 17 Dec 2024
@rudderstack/analytics-js-loading-scripts@3.0.59
Published on 17 Dec 2024
rudder-sdk-js@2.48.42
Published on 17 Dec 2024
@rudderstack/analytics-js@3.11.16
Published on 17 Dec 2024
@rudderstack/analytics-js-plugins@3.6.20
Published on 17 Dec 2024
Contributors
Languages
TypeScript (48.61%)
JavaScript (44.44%)
HTML (6.7%)
Shell (0.24%)
Developer
Download Statistics
Total Downloads
10,488
Last Day
19
Last Week
365
Last Month
2,290
Last Year
10,488
GitHub Statistics
145 Stars
4,074 Commits
83 Forks
13 Watching
18 Branches
88 Contributors
Bundle Size
3.09 kB
Minified
1.28 kB
Minified + Gzipped
Maintainers
Package Meta Information
Latest Version
0.4.17
Package Id
@rudderstack/analytics-js-cookies@0.4.17
Unpacked Size
79.20 kB
Size
13.91 kB
File Count
12
NPM Version
10.2.4
Node Version
20.11.1
Publised On
17 Dec 2024
Total Downloads
Cumulative downloads
Total Downloads
10,488
Last day
-78.7%
19
Compared to previous day
Last week
-15.1%
365
Compared to previous week
Last month
-29%
2,290
Compared to previous month
Last year
0%
10,488
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
No dependencies detected.
The Customer Data Platform for Developers
Website · Documentation · Community Slack
@rudderstack/analytics-js-cookies
RudderStack JavaScript SDK utilities for cookies in browser and Node.js environments. Use the appropriate functions for your environment.
APIs
getDecryptedValueBrowser
:warning: Only for browser environments
This function decrypts the provided encrypted RudderStack JavaScript cookie value using the RudderStack JavaScript SDK encryption version "v3".
If the provided value is either not encrypted or not properly encrypted, the function returns
null.
:warning: Any errors during decryption are swallowed by the function, returning
null.
1import { getDecryptedValueBrowser } from '@rudderstack/analytics-js-cookies'; 2 3const encryptedCookieValue = 'RS_ENC_v3_InRlc3QtZGF0YSI='; 4const decryptedCookieValue = getDecryptedValueBrowser(encryptedCookieValue); 5console.log('Decrypted Cookie Value: ', decryptedCookieValue); 6// Output: 7// Decrypted Cookie Value: test-data
getDecryptedValue
:warning: Only for Node.js environments
This function decrypts the provided encrypted RudderStack JavaScript cookie value using the RudderStack JavaScript SDK encryption version "v3".
If the provided value is either not encrypted or not properly encrypted, the function returns
null.
:warning: Any errors during decryption are swallowed by the function, returning
null.
1import { getDecryptedValue } from '@rudderstack/analytics-js-cookies'; 2 3const encryptedCookieValue = 'RS_ENC_v3_InRlc3QtZGF0YSI='; 4const decryptedCookieValue = getDecryptedValue(encryptedCookieValue); 5console.log('Decrypted Cookie Value: ', decryptedCookieValue); 6// Output: 7// Decrypted Cookie Value: test-data
getDecryptedCookieBrowser
:warning: Only for browser environments
This function takes the name of the RudderStack JavaScript SDK cookie and returns the decrypted value.
The return type is either a string or an object as some cookies like user ID, anonymous user ID have string values while user traits are objects.
It returns null in either of the following scenarios:
- If the cookie is not present.
- If the cookie is not properly encrypted.
- It only decrypts the cookies that are created by the RudderStack JavaScript SDK encryption version "v3".
- If the decrypted cookie value is not a valid JSON string.
- If the provided cookie name is not a valid RudderStack JavaScript SDK cookie name.
:warning: Any errors during decryption are swallowed by the function, returning
null.
The following cookie keys are exported which can be used with this function:
userIdKey: The key for the user ID cookie.userTraitsKey: The key for the user traits cookie.anonymousUserIdKey: The key for the anonymous user ID cookie.groupIdKey: The key for the group ID cookie.groupTraitsKey: The key for the group traits cookie.pageInitialReferrerKey: The key for the page initial referrer cookie.pageInitialReferringDomainKey: The key for the page initial referring domain cookie.sessionInfoKey: The key for the session ID cookie.authTokenKey: The key for the auth token cookie.
1import { 2 getDecryptedCookieBrowser, 3 anonymousUserIdKey, 4 userTraitsKey, 5} from '@rudderstack/analytics-js-cookies'; 6 7const anonymousId = getDecryptedCookieBrowser(anonymousUserIdKey); 8console.log('Anonymous User ID: ', anonymousId); 9// Output: 10// Anonymous User ID: 2c5b6d48-ea90-43a2-a2f6-457d27f90328 11 12const userTraits = getDecryptedCookieBrowser(userTraitsKey); 13console.log('User Traits: ', userTraits); 14// Output: 15// User Traits: {"email":"abc@xyz.com","name":"John Doe"} 16 17const invalidCookie = getDecryptedCookieBrowser('invalid-cookie-name'); 18console.log('Invalid Cookie: ', invalidCookie); 19// Output: 20// Invalid Cookie: null
Debugging
As all the above APIs swallow the errors, you can set the debug argument to true to log the errors.
1import { getDecryptedValue } from '@rudderstack/analytics-js-cookies'; 2 3const encryptedCookieValue = 'RS_ENC_v3_InRlc3QtZGF0YSI-some-random-data'; 4 5// Set the debug flag to true 6const decryptedCookieValue = getDecryptedValue(encryptedCookieValue, true); 7console.log('Decrypted Cookie Value: ', decryptedCookieValue); 8 9// Output: 10// Error occurred during decryption: Unexpected non-whitespace character after JSON at position 11 11// Decrypted Cookie Value: null
License
This project is licensed under the Elastic License 2.0. See the LICENSE.md file for details. Review the license terms to understand your permissions and restrictions.
If you have any questions about licensing, please contact us or refer to the official Elastic licensing page.
Contribute
We invite you to contribute to this project. For more information on how to contribute, please see here.
Contact us
For more information on any of the sections covered in this readme, you can contact us or start a conversation on our Slack channel.
Follow Us
:clap: Our Supporters
No vulnerabilities found.
Reason
30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE.md:0
- Warn: project license file does not contain an FSF or OSI license.
Reason
2 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-7gfc-8cq8-jh5f
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
Reason
branch protection is not maximal on development and all release branches
Details
- Info: 'allow deletion' disabled on branch 'develop'
- Info: 'force pushes' disabled on branch 'develop'
- Warn: 'branch protection settings apply to administrators' is disabled on branch 'develop'
- Info: 'stale review dismissal' is required to merge on branch 'develop'
- Warn: required approving review count is 1 on branch 'develop'
- Info: codeowner review is required on branch 'develop'
- Info: 'last push approval' is required to merge on branch 'develop'
- Warn: 'up-to-date branches' is disabled on branch 'develop'
- Info: status check found to merge onto on branch 'develop'
- Info: PRs are required in order to make changes on branch 'develop'
Reason
Found 3/13 approved changesets -- score normalized to 2
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/check_pr_title.yml:1
- Warn: no topLevel permission defined: .github/workflows/create-hotfix-branch.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/deploy-beta.yml:8
- Warn: no topLevel permission defined: .github/workflows/deploy-dev.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/deploy-npm.yml:22
- Warn: no topLevel permission defined: .github/workflows/deploy-prod.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/deploy-sanity-suite.yml:49
- Warn: no topLevel permission defined: .github/workflows/deploy-staging.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/deploy.yml:48
- Warn: no topLevel permission defined: .github/workflows/draft-new-release.yml:1
- Warn: no topLevel permission defined: .github/workflows/housekeeping.yaml:1
- Warn: no topLevel permission defined: .github/workflows/publish-new-release.yml:1
- Warn: no topLevel permission defined: .github/workflows/rollback.yml:1
- Warn: no topLevel permission defined: .github/workflows/security-code-quality-and-bundle-size-checks.yml:1
- Warn: no topLevel permission defined: .github/workflows/trigger-sanity-suite.yml:1
- Warn: no topLevel permission defined: .github/workflows/unit-tests-and-lint.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/update-cache-policy.yml:16
- Warn: no topLevel permission defined: .github/workflows/validate-actor.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/check_pr_title.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/check_pr_title.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/create-hotfix-branch.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/create-hotfix-branch.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-npm.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/deploy-npm.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-npm.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/deploy-npm.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy-npm.yml:148: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/deploy-npm.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy-npm.yml:198: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/deploy-npm.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy-npm.yml:248: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/deploy-npm.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-sanity-suite.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/deploy-sanity-suite.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy-sanity-suite.yml:104: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/deploy-sanity-suite.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy-sanity-suite.yml:107: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/deploy-sanity-suite.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-sanity-suite.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/deploy-sanity-suite.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy-sanity-suite.yml:146: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/deploy-sanity-suite.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/deploy.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/deploy.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/deploy.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/deploy.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:243: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/deploy.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/draft-new-release.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/draft-new-release.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/draft-new-release.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/draft-new-release.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/draft-new-release.yml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/draft-new-release.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/draft-new-release.yml:125: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/draft-new-release.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/housekeeping.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/housekeeping.yaml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/housekeeping.yaml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/housekeeping.yaml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/housekeeping.yaml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/housekeeping.yaml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-new-release.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/publish-new-release.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-new-release.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/publish-new-release.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-new-release.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/publish-new-release.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-new-release.yml:110: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/publish-new-release.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/security-code-quality-and-bundle-size-checks.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/security-code-quality-and-bundle-size-checks.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/security-code-quality-and-bundle-size-checks.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/security-code-quality-and-bundle-size-checks.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/security-code-quality-and-bundle-size-checks.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/security-code-quality-and-bundle-size-checks.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/security-code-quality-and-bundle-size-checks.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/security-code-quality-and-bundle-size-checks.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/security-code-quality-and-bundle-size-checks.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/security-code-quality-and-bundle-size-checks.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/trigger-sanity-suite.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/trigger-sanity-suite.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit-tests-and-lint.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/unit-tests-and-lint.yml/develop?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit-tests-and-lint.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/unit-tests-and-lint.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/unit-tests-and-lint.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/unit-tests-and-lint.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/unit-tests-and-lint.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/unit-tests-and-lint.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-cache-policy.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/update-cache-policy.yml/develop?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-cache-policy.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/rudderlabs/rudder-sdk-js/update-cache-policy.yml/develop?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/draft-new-release.yml:98
- Info: 0 out of 20 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 20 third-party GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 1 commits out of 22 are checked with a SAST tool
Score
5.4
/10
Last Scanned on 2024-12-16
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More