Sign and unsign cookies

(cookie, sign, unsign)

Critical or Security advisories for 1.1.0

This version doesn't have any advisory. Want to report one?

Changelog for 1.1.0

  • switch to built-in crypto.timingSafeEqual for validation instead of previous double-hash method (thank you @jodevsa!)

Dependencies for 1.1.0

Name Requirement Status


My projects using cookie-signature

Name Locked version Requirement
You should be logged in to see which of your projects use cookie-signature.