Gathering detailed insights and metrics for cookie-parser
Gathering detailed insights and metrics for cookie-parser
Installations
npm install cookie-parserDeveloper Guide
BETA
Typescript
No
Module System
N/A
Min. Node Version
>= 0.8.0
Node Version
22.5.1
NPM Version
10.8.2
Releases
17
Languages
1
JavaScript
JavaScript (100%)
Developer
expressjs
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
2,007 Stars
270 Commits
225 Forks
31 Watchers
5 Branches
37 Contributors
Updated on Jul 12, 2025
Maintainers
3
Package Meta Information
Latest Version
1.4.7
Package Id
cookie-parser@1.4.7
Unpacked Size
12.67 kB
Size
4.56 kB
File Count
5
NPM Version
10.8.2
Node Version
22.5.1
Published on
Oct 08, 2024
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
cookie-parser
Parse Cookie header and populate req.cookies with an object keyed by the
cookie names. Optionally you may enable signed cookie support by passing a
secret string, which assigns req.secret so it may be used by other
middleware.
Installation
1$ npm install cookie-parser
API
1var cookieParser = require('cookie-parser')
cookieParser(secret, options)
Create a new cookie parser middleware function using the given secret and
options.
secreta string or array used for signing cookies. This is optional and if not specified, will not parse signed cookies. If a string is provided, this is used as the secret. If an array is provided, an attempt will be made to unsign the cookie with each secret in order.optionsan object that is passed tocookie.parseas the second option. See cookie for more information.decodea function to decode the value of the cookie
The middleware will parse the Cookie header on the request and expose the
cookie data as the property req.cookies and, if a secret was provided, as
the property req.signedCookies. These properties are name value pairs of the
cookie name to cookie value.
When secret is provided, this module will unsign and validate any signed cookie
values and move those name value pairs from req.cookies into req.signedCookies.
A signed cookie is a cookie that has a value prefixed with s:. Signed cookies
that fail signature validation will have the value false instead of the tampered
value.
In addition, this module supports special "JSON cookies". These are cookie where
the value is prefixed with j:. When these values are encountered, the value will
be exposed as the result of JSON.parse. If parsing fails, the original value will
remain.
cookieParser.JSONCookie(str)
Parse a cookie value as a JSON cookie. This will return the parsed JSON value if it was a JSON cookie, otherwise, it will return the passed value.
cookieParser.JSONCookies(cookies)
Given an object, this will iterate over the keys and call JSONCookie on each
value, replacing the original value with the parsed value. This returns the
same object that was passed in.
cookieParser.signedCookie(str, secret)
Parse a cookie value as a signed cookie. This will return the parsed unsigned
value if it was a signed cookie and the signature was valid. If the value was
not signed, the original value is returned. If the value was signed but the
signature could not be validated, false is returned.
The secret argument can be an array or string. If a string is provided, this
is used as the secret. If an array is provided, an attempt will be made to
unsign the cookie with each secret in order.
cookieParser.signedCookies(cookies, secret)
Given an object, this will iterate over the keys and check if any value is a signed cookie. If it is a signed cookie and the signature is valid, the key will be deleted from the object and added to the new object that is returned.
The secret argument can be an array or string. If a string is provided, this
is used as the secret. If an array is provided, an attempt will be made to
unsign the cookie with each secret in order.
Example
1var express = require('express') 2var cookieParser = require('cookie-parser') 3 4var app = express() 5app.use(cookieParser()) 6 7app.get('/', function (req, res) { 8 // Cookies that have not been signed 9 console.log('Cookies: ', req.cookies) 10 11 // Cookies that have been signed 12 console.log('Signed Cookies: ', req.signedCookies) 13}) 14 15app.listen(8080) 16 17// curl command that sends an HTTP request with two cookies 18// curl http://127.0.0.1:8080 --cookie "Cho=Kim;Greet=Hello"
License
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
update tool detected
Details
- Info: detected update tool: Dependabot: .github/dependabot.yml:1
Reason
no dangerous workflow patterns detected
Reason
GitHub workflow tokens follow principle of least privilege
Details
- Warn: jobLevel 'checks' permission set to 'write': .github/workflows/ci.yml:13
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/ci.yml:14
- Warn: jobLevel 'checks' permission set to 'write': .github/workflows/ci.yml:214
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:31
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:32
- Info: topLevel 'contents' permission set to 'read': .github/workflows/ci.yml:8
- Info: topLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:24
- Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:19
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/expressjs/.github/SECURITY.md:1
- Info: Found linked content: github.com/expressjs/.github/SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/expressjs/.github/SECURITY.md:1
- Info: Found text in security policy: github.com/expressjs/.github/SECURITY.md:1
Reason
project has 6 contributing companies or organizations
Details
- Info: found contributions from: ExpressGateway, crypto-utils, mysqljs, nodejs, repo-utils, stream-utils
Reason
SAST tool detected but not run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Warn: 8 commits out of 14 are checked with a SAST tool
Reason
11 out of 14 merged PRs checked by a CI test -- score normalized to 7
Reason
8 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 6
Reason
dependency not pinned by hash detected -- score normalized to 6
Details
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:165
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:181
- Info: 7 out of 7 GitHub-owned GitHubAction dependencies pinned
- Info: 3 out of 3 third-party GitHubAction dependencies pinned
- Info: 0 out of 2 npmCommand dependencies pinned
Reason
Found 8/24 approved changesets -- score normalized to 3
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Score
7.1
/10
Last Scanned on 2025-07-07T21:24:38Z
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More