js-cookie vs universal-cookie vs react-cookie vs universal-cookie-express
JavaScript Cookie Management Libraries Comparison
Search packages..
1 Year
js-cookieuniversal-cookiereact-cookieuniversal-cookie-expressSimilar Packages:
What's JavaScript Cookie Management Libraries?

Cookie management libraries provide developers with tools to easily create, read, and manipulate cookies in web applications. These libraries abstract the complexities of cookie handling, ensuring that developers can manage user sessions, preferences, and other data stored in cookies without dealing with the underlying intricacies of the browser's cookie API. They enhance the developer experience by simplifying cookie operations, improving code readability, and ensuring consistent behavior across different browsers.

Package Weekly Downloads Trend
Github Stars Ranking
Stat Detail
Package
Downloads
Stars
Size
Issues
Publish
License
js-cookie11,439,80822,16326.2 kB32 years agoMIT
universal-cookie1,619,44917352.9 kB144 months agoMIT
react-cookie648,74917371.2 kB144 months agoMIT
universal-cookie-express32,8481735.55 kB144 months agoMIT
Feature Comparison: js-cookie vs universal-cookie vs react-cookie vs universal-cookie-express

Integration with Frameworks

  • js-cookie:

    js-cookie is a standalone library that does not integrate with any specific framework, making it suitable for any JavaScript project, including vanilla JS, jQuery, or any other framework.

  • universal-cookie:

    universal-cookie is framework-agnostic but is particularly useful in React applications for both client-side and server-side cookie management, allowing for a consistent API across environments.

  • react-cookie:

    react-cookie is specifically designed for React applications, providing hooks and components that allow for easy cookie management within the React lifecycle, making it a perfect fit for React developers.

  • universal-cookie-express:

    universal-cookie-express is tailored for Express.js applications, providing middleware to handle cookies seamlessly in server-side routes, making it ideal for full-stack JavaScript applications.

Ease of Use

  • js-cookie:

    js-cookie offers a simple API that allows developers to set, get, and delete cookies with minimal code. Its straightforward syntax makes it easy to learn and implement, even for beginners.

  • universal-cookie:

    universal-cookie has a user-friendly API that abstracts cookie handling, making it easy to manage cookies in both client and server environments without dealing with the complexities of the underlying cookie storage.

  • react-cookie:

    react-cookie provides a React-specific API that leverages hooks and context, making it intuitive for React developers to manage cookies in a way that aligns with React's declarative style.

  • universal-cookie-express:

    universal-cookie-express simplifies cookie management in Express applications by providing middleware that automatically parses cookies from requests, allowing developers to focus on application logic rather than cookie handling.

Browser Compatibility

  • js-cookie:

    js-cookie is designed to work consistently across all modern browsers, ensuring that cookie operations behave as expected regardless of the user's browser choice.

  • universal-cookie:

    universal-cookie is built to handle cookie management across different environments, including both client-side and server-side, ensuring consistent behavior in various browser contexts.

  • react-cookie:

    react-cookie inherits the browser compatibility of js-cookie, ensuring that cookie management works seamlessly in all modern browsers when used within React applications.

  • universal-cookie-express:

    universal-cookie-express also benefits from the compatibility of universal-cookie, ensuring that cookie management works reliably in Express applications across different browsers.

Server-Side Support

  • js-cookie:

    js-cookie is primarily focused on client-side cookie management and does not provide server-side capabilities, making it less suitable for applications that require server-rendered cookies.

  • universal-cookie:

    universal-cookie supports both client-side and server-side cookie management, making it a versatile choice for applications that require consistent cookie handling across different environments.

  • react-cookie:

    react-cookie is designed for client-side use within React applications and does not offer built-in server-side support, which may limit its use in server-rendered scenarios.

  • universal-cookie-express:

    universal-cookie-express is specifically designed for server-side use with Express.js, allowing developers to manage cookies easily in server-rendered applications.

Performance

  • js-cookie:

    js-cookie is lightweight and optimized for performance, ensuring that cookie operations do not introduce significant overhead, even in applications with frequent cookie access.

  • universal-cookie:

    universal-cookie is designed to be efficient in both client and server environments, providing a balance between ease of use and performance, ensuring that cookie operations are handled swiftly.

  • react-cookie:

    react-cookie's performance is closely tied to React's rendering cycle, and while it is efficient, developers should be mindful of how cookie changes may trigger re-renders in their components.

  • universal-cookie-express:

    universal-cookie-express is optimized for use in Express applications, ensuring that cookie management does not become a bottleneck in server performance.

How to Choose: js-cookie vs universal-cookie vs react-cookie vs universal-cookie-express
  • js-cookie:

    Choose js-cookie for a lightweight, straightforward solution that focuses solely on cookie management without any dependencies. It is ideal for projects that require simple cookie handling without the need for React integration.

  • universal-cookie:

    Select universal-cookie for a versatile solution that works in both client-side and server-side environments. This package is particularly useful for applications that require cookie management in server-rendered React applications, as it allows for consistent cookie handling across different environments.

  • react-cookie:

    Opt for react-cookie if you are working within a React application and need a library that integrates seamlessly with React's component lifecycle. It provides hooks and higher-order components for managing cookies in a React-friendly way, making it suitable for projects that heavily utilize React.

  • universal-cookie-express:

    Use universal-cookie-express if you are building an Express.js application and need a middleware solution for cookie management. This package simplifies cookie handling in server-side applications, making it easier to manage cookies in conjunction with Express routes.

README for js-cookie

JavaScript Cookie CI BrowserStack JavaScript Style Guide Code Climate npm size jsDelivr Hits

A simple, lightweight JavaScript API for handling cookies

👉👉 If you're viewing this at https://github.com/js-cookie/js-cookie, you're reading the documentation for the main branch. View documentation for the latest release. 👈👈

Installation

NPM

JavaScript Cookie supports npm under the name js-cookie.

npm i js-cookie

The npm package has a module field pointing to an ES module variant of the library, mainly to provide support for ES module aware bundlers, whereas its browser field points to an UMD module for full backward compatibility.

Not all browsers support ES modules natively yet. For this reason the npm package/release provides both the ES and UMD module variant and you may want to include the ES module along with the UMD fallback to account for this:

CDN

Alternatively, include js-cookie via jsDelivr CDN.

Basic Usage

Create a cookie, valid across the entire site:

Cookies.set('name', 'value')

Create a cookie that expires 7 days from now, valid across the entire site:

Cookies.set('name', 'value', { expires: 7 })

Create an expiring cookie, valid to the path of the current page:

Cookies.set('name', 'value', { expires: 7, path: '' })

Read cookie:

Cookies.get('name') // => 'value'
Cookies.get('nothing') // => undefined

Read all visible cookies:

Cookies.get() // => { name: 'value' }

Note: It is not possible to read a particular cookie by passing one of the cookie attributes (which may or may not have been used when writing the cookie in question):

Cookies.get('foo', { domain: 'sub.example.com' }) // `domain` won't have any effect...!

The cookie with the name foo will only be available on .get() if it's visible from where the code is called; the domain and/or path attribute will not have an effect when reading.

Delete cookie:

Cookies.remove('name')

Delete a cookie valid to the path of the current page:

Cookies.set('name', 'value', { path: '' })
Cookies.remove('name') // fail!
Cookies.remove('name', { path: '' }) // removed!

IMPORTANT! When deleting a cookie and you're not relying on the default attributes, you must pass the exact same path and domain attributes that were used to set the cookie:

Cookies.remove('name', { path: '', domain: '.yourdomain.com' })

Note: Removing a nonexistent cookie neither raises any exception nor returns any value.

Namespace conflicts

If there is any danger of a conflict with the namespace Cookies, the noConflict method will allow you to define a new namespace and preserve the original one. This is especially useful when running the script on third party sites e.g. as part of a widget or SDK.

// Assign the js-cookie api to a different variable and restore the original "window.Cookies"
var Cookies2 = Cookies.noConflict()
Cookies2.set('name', 'value')

Note: The .noConflict method is not necessary when using AMD or CommonJS, thus it is not exposed in those environments.

Encoding

This project is RFC 6265 compliant. All special characters that are not allowed in the cookie-name or cookie-value are encoded with each one's UTF-8 Hex equivalent using percent-encoding.
The only character in cookie-name or cookie-value that is allowed and still encoded is the percent % character, it is escaped in order to interpret percent input as literal.
Please note that the default encoding/decoding strategy is meant to be interoperable only between cookies that are read/written by js-cookie. To override the default encoding/decoding strategy you need to use a converter.

Note: According to RFC 6265, your cookies may get deleted if they are too big or there are too many cookies in the same domain, more details here.

Cookie Attributes

Cookie attribute defaults can be set globally by creating an instance of the api via withAttributes(), or individually for each call to Cookies.set(...) by passing a plain object as the last argument. Per-call attributes override the default attributes.

expires

Define when the cookie will be removed. Value must be a Number which will be interpreted as days from time of creation or a Date instance. If omitted, the cookie becomes a session cookie.

To create a cookie that expires in less than a day, you can check the FAQ on the Wiki.

Default: Cookie is removed when the user closes the browser.

Examples:

Cookies.set('name', 'value', { expires: 365 })
Cookies.get('name') // => 'value'
Cookies.remove('name')

path

A String indicating the path where the cookie is visible.

Default: /

Examples:

Cookies.set('name', 'value', { path: '' })
Cookies.get('name') // => 'value'
Cookies.remove('name', { path: '' })

Note regarding Internet Explorer:

Due to an obscure bug in the underlying WinINET InternetGetCookie implementation, IE’s document.cookie will not return a cookie if it was set with a path attribute containing a filename.

(From Internet Explorer Cookie Internals (FAQ))

This means one cannot set a path using window.location.pathname in case such pathname contains a filename like so: /check.html (or at least, such cookie cannot be read correctly).

In fact, you should never allow untrusted input to set the cookie attributes or you might be exposed to a XSS attack.

domain

A String indicating a valid domain where the cookie should be visible. The cookie will also be visible to all subdomains.

Default: Cookie is visible only to the domain or subdomain of the page where the cookie was created, except for Internet Explorer (see below).

Examples:

Assuming a cookie that is being created on site.com:

Cookies.set('name', 'value', { domain: 'subdomain.site.com' })
Cookies.get('name') // => undefined (need to read at 'subdomain.site.com')

Note regarding Internet Explorer default behavior:

Q3: If I don’t specify a DOMAIN attribute (for) a cookie, IE sends it to all nested subdomains anyway?
A: Yes, a cookie set on example.com will be sent to sub2.sub1.example.com.
Internet Explorer differs from other browsers in this regard.

(From Internet Explorer Cookie Internals (FAQ))

This means that if you omit the domain attribute, it will be visible for a subdomain in IE.

secure

Either true or false, indicating if the cookie transmission requires a secure protocol (https).

Default: No secure protocol requirement.

Examples:

Cookies.set('name', 'value', { secure: true })
Cookies.get('name') // => 'value'
Cookies.remove('name')

sameSite

A String, allowing to control whether the browser is sending a cookie along with cross-site requests.

Default: not set.

Note that more recent browsers are making "Lax" the default value even without specifiying anything here.

Examples:

Cookies.set('name', 'value', { sameSite: 'strict' })
Cookies.get('name') // => 'value'
Cookies.remove('name')

Setting up defaults

const api = Cookies.withAttributes({ path: '/', domain: '.example.com' })

Converters

Read

Create a new instance of the api that overrides the default decoding implementation. All get methods that rely in a proper decoding to work, such as Cookies.get() and Cookies.get('name'), will run the given converter for each cookie. The returned value will be used as the cookie value.

Example from reading one of the cookies that can only be decoded using the escape function:

document.cookie = 'escaped=%u5317'
document.cookie = 'default=%E5%8C%97'
var cookies = Cookies.withConverter({
  read: function (value, name) {
    if (name === 'escaped') {
      return unescape(value)
    }
    // Fall back to default for all other cookies
    return Cookies.converter.read(value, name)
  }
})
cookies.get('escaped') // 北
cookies.get('default') // 北
cookies.get() // { escaped: '北', default: '北' }

Write

Create a new instance of the api that overrides the default encoding implementation:

Cookies.withConverter({
  write: function (value, name) {
    return value.toUpperCase()
  }
})

TypeScript declarations

npm i @types/js-cookie

Server-side integration

Check out the Servers Docs

Contributing

Check out the Contributing Guidelines

Security

For vulnerability reports, send an e-mail to js-cookie at googlegroups dot com

Releasing

Releasing should be done via the Release GitHub Actions workflow, so that published packages on npmjs.com have package provenance.

GitHub releases are created as a draft and need to be published manually! (This is so we are able to craft suitable release notes before publishing.)

Supporters

Many thanks to BrowserStack for providing unlimited browser testing free of cost.

Authors

npm-compare.com is an independent website designed to help developers choose the most suitable npm packages. We are not affiliated with npm, Inc or npmjs.com, the official website for the npm registry. Please note that npm is a registered trademark of npm, Inc. For more details, please refer to our Terms & Privacy.