{"id":15575,"library":"cookies-js","title":"Cookies.js Client-Side Cookie Manipulation","description":"Cookies.js is a lightweight client-side JavaScript library for managing browser cookies, adhering to RFC6265 standards. The current stable version is 1.2.3, which was released approximately eight years ago (as of April 2026), indicating that the project is likely abandoned or in a deep maintenance phase with no active development. It distinguishes itself by having no external dependencies, offering cross-browser compatibility (IE6+, Chrome, Firefox 3+, Safari 4+, Opera 10+), and being released into the public domain. The library supports AMD and CommonJS module loaders and includes specific provisions for use in Node.js environments that lack a native `window` object, requiring a factory method for initialization. It transparently handles URI encoding of cookie keys and values using UTF-8 representation.","status":"abandoned","version":"1.2.3","language":"javascript","source_language":"en","source_url":"git://github.com/ScottHamper/Cookies","tags":["javascript","cookies","client","browser"],"install":[{"cmd":"npm install cookies-js","lang":"bash","label":"npm"},{"cmd":"yarn add cookies-js","lang":"bash","label":"yarn"},{"cmd":"pnpm add cookies-js","lang":"bash","label":"pnpm"}],"dependencies":[],"imports":[{"note":"For modern bundlers, this library is often consumed as a namespace import due to its CommonJS origins. A default import (`import Cookies from 'cookies-js'`) might not work or could result in `undefined`.","wrong":"import Cookies from 'cookies-js';","symbol":"Cookies","correct":"import * as Cookies from 'cookies-js';"},{"note":"This is the standard CommonJS import for browser-like environments where a `window` object is globally available.","wrong":"import Cookies from 'cookies-js';","symbol":"Cookies (CommonJS)","correct":"const Cookies = require('cookies-js');"},{"note":"In Node.js or other environments without a native `window` object, `cookies-js` exports a factory method that requires a `window` instance (e.g., from `jsdom`) to be explicitly passed.","wrong":"const Cookies = require('cookies-js');","symbol":"Cookies (Node.js/JSDOM factory)","correct":"const { JSDOM } = require('jsdom');\nconst window = new JSDOM().window;\nconst Cookies = require('cookies-js')(window);"}],"quickstart":{"code":"import { JSDOM } from 'jsdom';\nimport * as CookiesFactory from 'cookies-js'; // Assuming it's a factory function for Node\n\n// Simulate a browser window for Node.js using jsdom\nconst { window } = new JSDOM('', { url: 'http://localhost' });\n\n// Initialize Cookies.js with the simulated window object\nconst Cookies = (CookiesFactory as any)(window);\n\nconsole.log('--- Initializing Cookies.js ---');\n\n// Set a persistent cookie with an expiry date far in the future\nCookies.set('user_session', 'session_token_123abc', {\n expires: Infinity, // Sets a persistent cookie (effectively never expires for a browser)\n path: '/',\n secure: true, // Only send over HTTPS (if applicable)\n domain: 'localhost' // Restrict to a specific domain\n});\nconsole.log('Cookie \"user_session\" set to a persistent value.');\n\n// Retrieve a cookie\nconst sessionToken = Cookies.get('user_session');\nconsole.log(`Retrieved 'user_session': ${sessionToken}`);\n\n// Check if cookies are enabled in the environment\nif (Cookies.enabled) {\n console.log('Cookies are enabled in this environment.');\n} else {\n console.log('Cookies are disabled.');\n}\n\n// Set a temporary cookie that expires in 5 seconds\nCookies.set('last_activity', Date.now().toString(), { expires: 5 });\nconsole.log('Cookie \"last_activity\" set to expire in 5 seconds.');\n\n// Immediately expire the 'user_session' cookie\nCookies.expire('user_session');\nconsole.log('Cookie \"user_session\" immediately expired.');\n\n// Attempt to retrieve the expired cookie (should be undefined)\nconst expiredSessionToken = Cookies.get('user_session');\nconsole.log(`Attempted to retrieve expired 'user_session': ${expiredSessionToken || 'undefined'}.`);\n","lang":"typescript","description":"Demonstrates setting, getting, and expiring cookies using Cookies.js within a Node.js environment by simulating a browser's `window` object with `jsdom`."},"warnings":[{"fix":"For new projects, consider more actively maintained cookie management libraries. For existing projects, be aware of the lack of ongoing support and potential future compatibility issues or unpatched vulnerabilities.","message":"The `cookies-js` package appears to be abandoned, with the last update (v1.2.3) occurring approximately eight years ago. While it remains functional for its core purpose, new feature development, bug fixes, or security patches are unlikely.","severity":"gotcha","affected_versions":">=1.2.3"},{"fix":"Review the licensing terms if your project's legal compliance depends on the pre-1.0.0 licensing model. The API itself remained stable from 0.4.0, so code changes are generally not required.","message":"Version 1.0.0 marked a significant change in the project's licensing, moving it into the public domain. While no API-breaking changes occurred between v0.4.0 and v1.0.0, this represented a major shift in project governance.","severity":"breaking","affected_versions":"<1.0.0"},{"fix":"For Node.js, use a library like `jsdom` to create a `window` instance and pass it to the `cookies-js` factory: `const { JSDOM } = require('jsdom'); const window = new JSDOM().window; const Cookies = require('cookies-js')(window);`","message":"When using `cookies-js` in environments without a native `window` object (e.g., Node.js), the library exports a factory method that requires an explicit `window` instance to be passed during initialization.","severity":"gotcha","affected_versions":">=1.1.0"},{"fix":"Ensure all cookie keys and values are consistently URI encoded using UTF-8. For .NET users, specifically avoid `HttpUtility.UrlEncode` and `HttpUtility.UrlDecode`, and instead use `System.Uri.EscapeDataString` and `System.Uri.UnescapeDataString`.","message":"`cookies-js` strictly adheres to RFC6265 and expects all cookie keys and values to be URI encoded in UTF-8 representation. Incorrect encoding, especially when interoperating with server-side frameworks that use different encoding schemes, can lead to malformed cookies or data loss.","severity":"gotcha","affected_versions":">=0.3.0"},{"fix":"Upgrade `cookies-js` to version `1.2.3` or higher to resolve issues related to global context availability in modern bundling environments.","message":"Older versions of `cookies-js` (prior to v1.2.3) could encounter a null object reference error when both the global `this` and `window` objects were undefined, particularly in bundled environments like webpack.","severity":"gotcha","affected_versions":"<1.2.3"}],"env_vars":null,"last_verified":"2026-04-21T00:00:00.000Z","next_check":"2026-07-20T00:00:00.000Z","problems":[{"fix":"Initialize `cookies-js` by providing a `window` instance from a library like `jsdom`: `const { JSDOM } = require('jsdom'); const window = new JSDOM().window; const Cookies = require('cookies-js')(window);`","cause":"Attempting to use `cookies-js` directly in a Node.js environment without providing a `window` object.","error":"TypeError: Cannot read properties of undefined (reading 'document')"},{"fix":"Verify that both client and server are using compatible URI encoding (UTF-8). For .NET, use `System.Uri.EscapeDataString` and `System.Uri.UnescapeDataString` instead of `HttpUtility` methods.","cause":"Inconsistent URI encoding between client-side `cookies-js` (UTF-8) and server-side processing, often due to server frameworks using non-standard URL encoders/decoders.","error":"Cookie values or keys are malformed/incorrect when read from the server."},{"fix":"Upgrade `cookies-js` to version `0.4.0` or higher to fix the `Cookies.enabled` detection in IE7/IE8.","cause":"A bug in `cookies-js` versions prior to `0.4.0` caused `Cookies.enabled` to incorrectly report `true` in older IE browsers.","error":"`Cookies.enabled` always returns `true` even when cookies are disabled in Internet Explorer 7 or 8."}],"ecosystem":"npm"}