Picture of the author

This site is an independent open-source project and is not affiliated with, endorsed by, or sponsored by npm, Inc. or GitHub, Inc. The name “npm” is a registered trademark of npm, Inc., used here solely to describe compatibility and reference publicly available npm package data.

📦 tough-cookie

RFC6265 Cookies and Cookie Jar for node.js

Author

Jeremy Stashewsky

License

BSD-3-Clause

Unpacked Size

742.35 KB

Packed Size

156.06 KB

Last Activity

7 days ago

Wkly Downloads

322K

Unpacked Size

742.35 KB

Packed Size

156.06 KB

License

BSD-3-Clause

Author

Jeremy Stashewsky

Last Activity

7 days ago

Dependencies Overview

Dependencies (1)

Peer Dependencies (0)

There are not dependencies

Dev Dependencies (18)

@arethetypeswrong/cli ^0.18.2 @eslint/js ^9.24.0 @microsoft/api-documenter ^7.26.20 @microsoft/api-extractor ^7.52.3 @types/node ^20.19.6 @vitest/eslint-plugin ^1.1.40 eslint ^9.24.0 eslint-config-prettier ^10.1.2 eslint-import-resolver-typescript ^4.3.2 eslint-plugin-import ^2.31.0 eslint-plugin-prettier ^5.2.6 genversion ^3.2.0 globals ^16.0.0 prettier ^3.5.3 tsup ^8.5.0 typescript 5.5.3 typescript-eslint ^8.29.1 vitest ^3.1.1

Versions Overview

Last Version

6.0.0

Last Version Released

3 months ago

N. of Versions

48

Repository Overview

Default Branch

master

Is Archived?

NO

Is Disabled?

NO

Is Fork?

NO

Is Locked?

NO

Security Policy Enabled?

YES

Latest Commits

Last 10 commits in the repository

Bump vitest from 3.2.4 to 4.0.6 (#546) Bumps [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) from 3.2.4 to 4.0.6. - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.0.6/packages/vitest) --- updated-dependencies: - dependency-name: vitest dependency-version: 4.0.6 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

8 days ago

Bump tldts from 7.0.16 to 7.0.17 in the production-dependencies group (#544) Bumps the production-dependencies group with 1 update: [tldts](https://github.com/remusao/tldts). Updates `tldts` from 7.0.16 to 7.0.17 - [Release notes](https://github.com/remusao/tldts/releases) - [Changelog](https://github.com/remusao/tldts/blob/master/CHANGELOG.md) - [Commits](https://github.com/remusao/tldts/compare/v7.0.16...v7.0.17) --- updated-dependencies: - dependency-name: tldts dependency-version: 7.0.17 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

8 days ago

Bump the dev-dependencies group with 8 updates (#545) * Bump the dev-dependencies group with 8 updates Bumps the dev-dependencies group with 8 updates: | Package | From | To | | --- | --- | --- | | [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) | `9.36.0` | `9.39.0` | | [@microsoft/api-documenter](https://github.com/microsoft/rushstack/tree/HEAD/apps/api-documenter) | `7.26.36` | `7.27.3` | | [@microsoft/api-extractor](https://github.com/microsoft/rushstack/tree/HEAD/apps/api-extractor) | `7.52.15` | `7.53.3` | | [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `20.19.19` | `20.19.24` | | [@vitest/eslint-plugin](https://github.com/vitest-dev/eslint-plugin-vitest) | `1.3.13` | `1.4.0` | | [eslint](https://github.com/eslint/eslint) | `9.36.0` | `9.39.0` | | [globals](https://github.com/sindresorhus/globals) | `16.4.0` | `16.5.0` | | [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.45.0` | `8.46.2` | Updates `@eslint/js` from 9.36.0 to 9.39.0 - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](https://github.com/eslint/eslint/commits/v9.39.0/packages/js) Updates `@microsoft/api-documenter` from 7.26.36 to 7.27.3 - [Changelog](https://github.com/microsoft/rushstack/blob/main/apps/api-documenter/CHANGELOG.md) - [Commits](https://github.com/microsoft/rushstack/commits/@microsoft/api-documenter_v7.27.3/apps/api-documenter) Updates `@microsoft/api-extractor` from 7.52.15 to 7.53.3 - [Changelog](https://github.com/microsoft/rushstack/blob/main/apps/api-extractor/CHANGELOG.md) - [Commits](https://github.com/microsoft/rushstack/commits/@microsoft/api-extractor_v7.53.3/apps/api-extractor) Updates `@types/node` from 20.19.19 to 20.19.24 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `@vitest/eslint-plugin` from 1.3.13 to 1.4.0 - [Release notes](https://github.com/vitest-dev/eslint-plugin-vitest/releases) - [Commits](https://github.com/vitest-dev/eslint-plugin-vitest/compare/v1.3.13...v1.4.0) Updates `eslint` from 9.36.0 to 9.39.0 - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](https://github.com/eslint/eslint/compare/v9.36.0...v9.39.0) Updates `globals` from 16.4.0 to 16.5.0 - [Release notes](https://github.com/sindresorhus/globals/releases) - [Commits](https://github.com/sindresorhus/globals/compare/v16.4.0...v16.5.0) Updates `typescript-eslint` from 8.45.0 to 8.46.2 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.46.2/packages/typescript-eslint) --- updated-dependencies: - dependency-name: "@eslint/js" dependency-version: 9.39.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: "@microsoft/api-documenter" dependency-version: 7.27.3 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: "@microsoft/api-extractor" dependency-version: 7.53.3 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: "@types/node" dependency-version: 20.19.24 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: "@vitest/eslint-plugin" dependency-version: 1.4.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: eslint dependency-version: 9.39.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: globals dependency-version: 16.5.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: typescript-eslint dependency-version: 8.46.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> * Upgrade to eslint 9.39.1 to fix unified-signatures bug * Fix jsdom workflow --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Colin Casey <casey.colin@gmail.com>

8 days ago

Bump tldts from 7.0.10 to 7.0.12 in the production-dependencies group (#540) Bumps the production-dependencies group with 1 update: [tldts](https://github.com/remusao/tldts). Updates `tldts` from 7.0.10 to 7.0.12 - [Release notes](https://github.com/remusao/tldts/releases) - [Changelog](https://github.com/remusao/tldts/blob/master/CHANGELOG.md) - [Commits](https://github.com/remusao/tldts/compare/v7.0.10...v7.0.12) --- updated-dependencies: - dependency-name: tldts dependency-version: 7.0.12 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

about 1 month ago

Bump the dev-dependencies group across 1 directory with 9 updates (#543) * Bump the dev-dependencies group across 1 directory with 9 updates Bumps the dev-dependencies group with 9 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) | `9.32.0` | `9.36.0` | | [@microsoft/api-documenter](https://github.com/microsoft/rushstack/tree/HEAD/apps/api-documenter) | `7.26.31` | `7.26.36` | | [@microsoft/api-extractor](https://github.com/microsoft/rushstack/tree/HEAD/apps/api-extractor) | `7.52.10` | `7.52.15` | | [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `20.19.9` | `20.19.19` | | [@vitest/eslint-plugin](https://github.com/vitest-dev/eslint-plugin-vitest) | `1.3.4` | `1.3.13` | | [eslint](https://github.com/eslint/eslint) | `9.32.0` | `9.36.0` | | [eslint-plugin-prettier](https://github.com/prettier/eslint-plugin-prettier) | `5.5.3` | `5.5.4` | | [globals](https://github.com/sindresorhus/globals) | `16.3.0` | `16.4.0` | | [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.38.0` | `8.45.0` | Updates `@eslint/js` from 9.32.0 to 9.36.0 - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md) - [Commits](https://github.com/eslint/eslint/commits/v9.36.0/packages/js) Updates `@microsoft/api-documenter` from 7.26.31 to 7.26.36 - [Changelog](https://github.com/microsoft/rushstack/blob/main/apps/api-documenter/CHANGELOG.md) - [Commits](https://github.com/microsoft/rushstack/commits/@microsoft/api-documenter_v7.26.36/apps/api-documenter) Updates `@microsoft/api-extractor` from 7.52.10 to 7.52.15 - [Changelog](https://github.com/microsoft/rushstack/blob/main/apps/api-extractor/CHANGELOG.md) - [Commits](https://github.com/microsoft/rushstack/commits/@microsoft/api-extractor_v7.52.15/apps/api-extractor) Updates `@types/node` from 20.19.9 to 20.19.19 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `@vitest/eslint-plugin` from 1.3.4 to 1.3.13 - [Release notes](https://github.com/vitest-dev/eslint-plugin-vitest/releases) - [Commits](https://github.com/vitest-dev/eslint-plugin-vitest/compare/v1.3.4...v1.3.13) Updates `eslint` from 9.32.0 to 9.36.0 - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md) - [Commits](https://github.com/eslint/eslint/compare/v9.32.0...v9.36.0) Updates `eslint-plugin-prettier` from 5.5.3 to 5.5.4 - [Release notes](https://github.com/prettier/eslint-plugin-prettier/releases) - [Changelog](https://github.com/prettier/eslint-plugin-prettier/blob/main/CHANGELOG.md) - [Commits](https://github.com/prettier/eslint-plugin-prettier/compare/v5.5.3...v5.5.4) Updates `globals` from 16.3.0 to 16.4.0 - [Release notes](https://github.com/sindresorhus/globals/releases) - [Commits](https://github.com/sindresorhus/globals/compare/v16.3.0...v16.4.0) Updates `typescript-eslint` from 8.38.0 to 8.45.0 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.45.0/packages/typescript-eslint) --- updated-dependencies: - dependency-name: "@eslint/js" dependency-version: 9.36.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: "@microsoft/api-documenter" dependency-version: 7.26.36 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: "@microsoft/api-extractor" dependency-version: 7.52.15 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: "@types/node" dependency-version: 20.19.19 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: "@vitest/eslint-plugin" dependency-version: 1.3.13 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: eslint dependency-version: 9.36.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: eslint-plugin-prettier dependency-version: 5.5.4 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: globals dependency-version: 16.4.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: typescript-eslint dependency-version: 8.45.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> * lint fixes --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Will Harney <wharney@salesforce.com>

about 1 month ago

Prepare v6 (#538) * Update README.md with changes related to potentially trustworthy origins * 6.0.0 * Fix README link

3 months ago

Support publishing of both ESM and CJS (#536) * Support publishing of both ESM and CJS The [ESM supported backported to Node 20.19.0](https://github.com/nodejs/node/releases/tag/v20.19.0) is nice but not sufficient for supporting users on earlier versions of Node v20 which is still in active maintenance until 2026-04-30. This PR adds in dual-publishing of both ESM and CJS and ensures that entrypoints and types are correctly declared. * Fix api extractor path * 6.0.0-rc.2 * Update package.json Co-authored-by: Will Harney <62956339+wjhsf@users.noreply.github.com> * Add validation for ESM/CJS types and entrypoints * Add validation for ESM/CJS types and entrypoints * Add explicit dependency on Are The Types Wrong cli + npm scripts --------- Co-authored-by: Will Harney <62956339+wjhsf@users.noreply.github.com>

3 months ago

Bump the dev-dependencies group with 8 updates (#537) Bumps the dev-dependencies group with 8 updates: | Package | From | To | | --- | --- | --- | | [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) | `9.30.1` | `9.32.0` | | [@microsoft/api-documenter](https://github.com/microsoft/rushstack/tree/HEAD/apps/api-documenter) | `7.26.29` | `7.26.31` | | [@microsoft/api-extractor](https://github.com/microsoft/rushstack/tree/HEAD/apps/api-extractor) | `7.52.8` | `7.52.10` | | [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `20.19.6` | `20.19.9` | | [eslint](https://github.com/eslint/eslint) | `9.30.1` | `9.32.0` | | [eslint-config-prettier](https://github.com/prettier/eslint-config-prettier) | `10.1.5` | `10.1.8` | | [eslint-plugin-prettier](https://github.com/prettier/eslint-plugin-prettier) | `5.5.1` | `5.5.3` | | [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.36.0` | `8.38.0` | Updates `@eslint/js` from 9.30.1 to 9.32.0 - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md) - [Commits](https://github.com/eslint/eslint/commits/v9.32.0/packages/js) Updates `@microsoft/api-documenter` from 7.26.29 to 7.26.31 - [Changelog](https://github.com/microsoft/rushstack/blob/main/apps/api-documenter/CHANGELOG.md) - [Commits](https://github.com/microsoft/rushstack/commits/@microsoft/api-documenter_v7.26.31/apps/api-documenter) Updates `@microsoft/api-extractor` from 7.52.8 to 7.52.10 - [Changelog](https://github.com/microsoft/rushstack/blob/main/apps/api-extractor/CHANGELOG.md) - [Commits](https://github.com/microsoft/rushstack/commits/@microsoft/api-extractor_v7.52.10/apps/api-extractor) Updates `@types/node` from 20.19.6 to 20.19.9 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `eslint` from 9.30.1 to 9.32.0 - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md) - [Commits](https://github.com/eslint/eslint/compare/v9.30.1...v9.32.0) Updates `eslint-config-prettier` from 10.1.5 to 10.1.8 - [Release notes](https://github.com/prettier/eslint-config-prettier/releases) - [Changelog](https://github.com/prettier/eslint-config-prettier/blob/main/CHANGELOG.md) - [Commits](https://github.com/prettier/eslint-config-prettier/compare/v10.1.5...v10.1.8) Updates `eslint-plugin-prettier` from 5.5.1 to 5.5.3 - [Release notes](https://github.com/prettier/eslint-plugin-prettier/releases) - [Changelog](https://github.com/prettier/eslint-plugin-prettier/blob/main/CHANGELOG.md) - [Commits](https://github.com/prettier/eslint-plugin-prettier/compare/v5.5.1...v5.5.3) Updates `typescript-eslint` from 8.36.0 to 8.38.0 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.38.0/packages/typescript-eslint) --- updated-dependencies: - dependency-name: "@eslint/js" dependency-version: 9.32.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: "@microsoft/api-documenter" dependency-version: 7.26.31 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: "@microsoft/api-extractor" dependency-version: 7.52.10 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: "@types/node" dependency-version: 20.19.9 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: eslint dependency-version: 9.32.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: eslint-config-prettier dependency-version: 10.1.8 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: eslint-plugin-prettier dependency-version: 5.5.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: typescript-eslint dependency-version: 8.38.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

3 months ago

6.0.0-rc.1 (#535)

4 months ago

Reverts the check on the Secure attribute when setting a cookie (#534) This change was introduce in https://github.com/salesforce/tough-cookie/pull/498. As this new feature was driven by current browser behaviors + updates to the terminology for "secure" connections from RFC6265bis-19, it seemed appropriate to also apply the following check from RFC6265bis-19 when setting a cookie: > If the request-uri does not denote a "secure" connection (as defined by the user agent), and the cookie's secure-only-flag is true, then abort these steps and ignore the cookie entirely. > - https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-19#section-5.7-3.13.1 This deviates from RFC6265 which does not describe any check for a "secure" connection when setting a cookie, only when retrieving the cookie. In our integration tests for JSDOM, this code also causes a failure in their Web Platform Test suite around passing cookies to Websocket connections. Testing the behavior for this in various browsers showed inconsistent results which I'll summarize below: | Browser | HTTP → WSS | HTTPS → WSS | |---------|------------|-------------| | Chrome | Fail | Pass | | Firefox | Pass | Pass | | Safari | Fail | Pass | | Edge | Fail | Pass | As it's unclear what the correct behavior should be here, I think we should revert this check to restore the previous behavior in https://github.com/salesforce/tough-cookie/blob/v5.1.2/lib/cookie/cookieJar.ts#L595 to what RFC6265 defines.

4 months ago

Top Contributors

The top contributors considering the last 100 commits & PRs

colincasey

dependabot[bot]

wjhsf

Open PRs (2)

Currently active PR in the repository

Review Section 5.1.1. Dates

7 days ago

docs: update readme to include bun install

8 months ago

Open Issues (24)

Currently active PR in the repository

Consider adopting npm trusted publishing

about 2 months ago

Why does setCookie resolve with an error when domain doesn't match the host?

2 months ago

Review Draft 20 - 5. User Agent Requirements

7 months ago

Review Draft 20 - 5.1.4. Paths and Path-Match

7 months ago

Review Draft 20 - 5.1. Subcomponent Algorithms

7 months ago

Review Draft 20 - 5.2.1. Document-based requests

7 months ago

Review Draft 20 - 5.2. "Same-site" and "cross-site" Requests

7 months ago

Review Draft 20 - 5.1.3. Domain Matching

7 months ago

Review Draft 20 - 5.1.2. Canonicalized Host Names

7 months ago

Review Draft 20 - 5.1.1. Dates

7 months ago

Open Discussions (4)

Currently open discussions in the repository

10 months ago

about 1 year ago

over 2 years ago

Proposal: Removal of support for callbacks

almost 3 years ago