cookieParser.signedCookie(str, secret)

Parse a cookie value as a signed cookie. This will return the parsed unsigned value if it was a signed cookie and the signature was valid, otherwise it will return the passed value.

The code reads different. If the cookie seems signed but cannot be unsigned properly, false is returned, not the original argument: https://github.com/expressjs/cookie-parser/blob/master/index.js#L149.

I'd send a PR but wanted to check first.

Yea, sounds like a docs issue.