npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@rineex/cookie-parser-mw-module

v1.2.4

Published

Nest - a Cookie Parser Middleware module

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

hoseinprdhoseinprd

Keywords

rineexnestjsnestmiddlewarecookiecookie-parser

Readme

Cookie Parser Middleware Module

Overview

CookieParserModule is a NestJS module that integrates the cookie-parser middleware into NestJS applications. It parses HTTP request cookies and makes them available via req.cookies and req.signedCookies.

When to use:

  • Applications that need to read HTTP cookies from incoming requests
  • Applications using cookie-based authentication or session management
  • Applications that need signed cookie support

When not to use:

  • Applications that only set cookies but never read them
  • Applications using alternative cookie parsing libraries
  • Applications that handle cookies at a different layer (e.g., API gateway)

Public API

CookieParserModule

A NestJS module that configures and applies cookie parsing middleware globally.

Static Methods

CookieParserModule.forRoot(options?)

Synchronously configures the module with cookie parser options.

Parameters:

  • options (optional): CookieParseOptions - Configuration options for cookie-parser
    • secret (optional): string | string[] - Secret(s) for signing cookies. If provided, enables signed cookie support via req.signedCookies
    • All other options from cookie-parser are supported

Returns: DynamicModule - A configured NestJS module

Example:

CookieParserModule.forRoot({
  secret: 'my-secret-key',
});
CookieParserModule.forRootAsync(options)

Asynchronously configures the module, useful when options depend on other providers or configuration.

Parameters:

  • options: Object with one of:
    • useFactory: (...args: any[]) => CookieParseOptions | Promise<CookieParseOptions> - Factory function
    • useClass: Constructor class implementing ConfigurableModuleOptionsFactory
    • useExisting: Token for existing provider
    • imports (optional): Array of modules to import
    • inject (optional): Array of injection tokens for factory dependencies

Returns: DynamicModule - A configured NestJS module

Example:

CookieParserModule.forRootAsync({
  useFactory: (config: ConfigService) => ({
    secret: config.get('COOKIE_SECRET'),
  }),
  inject: [ConfigService],
});

CookieParserMiddleware

Internal middleware class that wraps cookie-parser. Not intended for direct use.

Usage Examples

Basic Setup

import { Module } from '@nestjs/common';
import { CookieParserModule } from '@rineex/cookie-parser-mw-module';

@Module({
  imports: [CookieParserModule.forRoot()],
})
export class AppModule {}

With Secret for Signed Cookies

import { Module } from '@nestjs/common';
import { CookieParserModule } from '@rineex/cookie-parser-mw-module';

@Module({
  imports: [
    CookieParserModule.forRoot({
      secret: 'your-secret-key',
    }),
  ],
})
export class AppModule {}

Async Configuration

import { Module } from '@nestjs/common';
import { ConfigModule, ConfigService } from '@nestjs/config';
import { CookieParserModule } from '@rineex/cookie-parser-mw-module';

@Module({
  imports: [
    ConfigModule.forRoot(),
    CookieParserModule.forRootAsync({
      imports: [ConfigModule],
      useFactory: (config: ConfigService) => ({
        secret: config.get<string>('COOKIE_SECRET'),
      }),
      inject: [ConfigService],
    }),
  ],
})
export class AppModule {}

Accessing Cookies in Controllers

import { Controller, Get, Req } from '@nestjs/common';
import { Request } from 'express';

@Controller()
export class AppController {
  @Get()
  getCookies(@Req() req: Request) {
    // Regular cookies
    const regularCookie = req.cookies?.sessionId;

    // Signed cookies (if secret is configured)
    const signedCookie = req.signedCookies?.token;

    return { regularCookie, signedCookie };
  }
}

Behavior & Guarantees

Invariants

  • Middleware is applied to all routes (forRoutes('*'))
  • Middleware runs before route handlers
  • req.cookies is always an object (empty if no cookies)
  • req.signedCookies is available only if a secret is configured
  • Invalid or tampered signed cookies are excluded from req.signedCookies but logged as errors

Performance

  • Cookie parsing is synchronous and lightweight
  • Parsing occurs once per request
  • No caching or memoization (stateless per request)

Concurrency

  • Stateless middleware; safe for concurrent requests
  • No shared state between requests

Operational Notes

Configuration

The module accepts all options from cookie-parser's CookieParseOptions:

  • secret: Enables signed cookie verification
  • Multiple secrets: Pass an array to support secret rotation

Cookie Access

After middleware execution:

  • req.cookies: Plain cookies as key-value pairs
  • req.signedCookies: Verified signed cookies (only if secret configured)

Common Pitfalls

  1. Missing secret for signed cookies: If you set signed cookies but don't configure a secret, they won't appear in req.signedCookies
  2. Secret mismatch: Signed cookies created with one secret won't verify with a different secret
  3. Order matters: Ensure CookieParserModule is imported before modules that depend on cookies
  4. Route-specific application: The middleware applies to all routes. For selective application, use the middleware directly instead of this module

Logging

  • Invalid signed cookies are logged as errors by cookie-parser
  • No additional logging is provided by this module

License

Apache-2.0