npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

secure-cookie

v0.1.0

Published

Cookie library/middleware with signing and encryption support

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

ayzagenayzagen

Keywords

cookieencrypted-cookiesigned-cookienodejsexpresskoafastifymiddleware

Readme

secure-cookie

NPM Version Build Status Test Coverage Licencse

Nodejs cookie library with signing and encryption support. For those familiar with cookies this library is almost the same plus encryption and additional configuration support.

Installation

This library is published in the NPM registry and can be installed using any compatible package manager.

npm install secure-cookie --save

# For Yarn, use the command below.
yarn add secure-cookie

Documentation

Signed Cookies

const {Cookies, KeyStore} = require('secure-cookies')

const app = express()
app.use(Cookies.express({
  signed: true,
  keyStore: new KeyStore({
    signing: {
  //  encoding: 'base64',
  //  algorithm: 'sha1',
      keys: ["mysigningkey"]
    }
  })
}))

//In a route handler
app.get('/some-route', function (req, res, next) {
  //This will create a cookie named MC with given value.
  // Because of signing is enabled, a new cookie with MC.sig will also be created
  // and would contain signature of the cookie.
  req.cookies.set('MC', "someValue")
})

Encrypted Cookies

const {Cookies, KeyStore} = require('secure-cookies')

const app = express()

app.use(Cookies.express({
  signed: true,
  keyStore: new KeyStore({
    encryption: {
   // algorithm: 'aes-192-ccm',
   // authTagLength: 16,
   // encoding: 'hex',
      keys: ["a24bytesecretmustchanged"]
    }
  })
}))

app.get('/set-cookie', function (req, res, next) {
  //This will create a cookie named MC with and with its encrtypted value.
  req.cookies.set('MC', "someValue")
})
app.get('/get-cookie', function (req, res, next) {
  // get decrypted value without hassle
  const myCookie = req.cookies.get('MC')
  assert.equal(myCookie, "someValue")
})

Make sure selected algorithm is supported by your NodeJs version. By default aes-192-ccm is selected. You can override that and related settings from KeyStore constructor options. If the algorithm you would like to use is missing from the default ones you can add it by following:

const {KeyStore} = require('secure-cookies')
KeyStore.cipherInfo['aes-xxx-xxx'] =  { ivLength: 16, keyLength: 16 }

You can see included algorithms from src/ciphers.ts

For all options and internals have a look at to API documentation.

License

Released under MIT License.