Security News
The Changelog Podcast: Practical Steps to Stay Safe on npm
Learn the essential steps every developer should take to stay secure on npm and reduce exposure to supply chain attacks.
By Sarah Gooding -  Oct 31, 2025
🚀 DAY 5 OF LAUNCH WEEK: Introducing Socket Firewall Enterprise.Learn more →
cloudant-user
Advanced tools
cloudant-user
Helper module to use standard CouchDB _users db on a Cloudant db.
Purpose
When _users db is enabled, Cloudant uses an old version of CouchDB auth which requires the salt and sha1-hashed password to be included with user creation.
https://cloudant.com/for-developers/faq/auth/
So, if you'd like to run your own npm registry with the solid hosting of Cloudant, this module is a huge help. I use it to create user accounts for our private npm.
Installation
git clone https://github.com/doublerebel/cloudant-user.git
Usage:
Enable standard CouchDB auth on a Cloudant DB
PUT _security-docs/_security-couchdb.json to youruser.cloudant.com/yourdbname/_security to enable standard CouchDB auth for that database.
curl -X PUT -d @_security-docs/_security-couchdb.json https://youruser.cloudant.com/yourdbname/_security
Example: Set your Cloudant user as CouchDB admin
When switching to CouchDB auth, it's useful to define the admin role as your existing Cloudant user. The admin user will be able to create/read/update/delete all other users in this database.
We can also limit this database to users which have a role "npm".
_security-docs/_security-cloudant.json
{
"couchdb_auth_only": true,
"admins": {
"names": ["your-cloudant-username"],
"roles": ["_admin"]
},
"members": {
"names": [],
"roles": ["npm"]
}
}
Revert to Cloudant auth on a Cloudant DB
PUT _security-docs/_security-cloudant.json to youruser.cloudant.com/yourdbname/_security to reset auth to Cloudant management for that database.
curl -X PUT -d @_security-docs/_security-cloudant.json https://youruser.cloudant.com/yourdbname/_security
Create a user with any set of roles
Example scripts to add a user to Cloudant. Create one of these scripts and run with coffee scriptname.coffee or node scriptname.js.
Server options are passed directly to cradle.
CoffeeScript
CloudantUser = require "cloudant-user"
server =
host: your-cloudant-user.cloudant.com
port: 443
secure: true
auth:
username: "your-admin-username"
password: "your-admin-password"
newuser =
name: "your-newuser-name"
password: "your-newuser-pass"
roles: ["_reader","_writer"]
callback = (err, res) ->
console.log err if err
console.log res if res
cloudantUser = new CloudantUser server
cloudantUser.create newuser.name, newuser.password, newuser.roles..., callback
JavaScript
var CloudantUser = require("cloudant-user");
var server = {
host: your-cloudant-user.cloudant.com,
port: 443,
secure: true,
auth: {
username: "your-admin-username",
password: "your-admin-password"
}
};
var newuser = {
name: "your-newuser-name",
password: "your-newuser-pass",
roles: ["_reader", "_writer"]
};
var callback = function(err, res) {
if (err) console.log(err);
if (res) return console.log(res);
};
var cloudantUser = new CloudantUser(server);
cloudantUser.create(newuser.name,
newuser.password,
newuser.roles[0],
newuser.roles[1],
callback);
cloudantUser.npmCreate()
Create a user with email (required by npm)
npmCreate(username, password, email, roles..., callback)
cloudantUser.createWithMeta()
Create a user with arbitrary metadata
metadata =
shrike: true
timewarp: false
createWithMeta(username, password, email, roles..., metadata, callback)
Extra help
Users need to change their own password
On Cloudant, a user without both roles "_reader" and "_writer" will be unable to change their password. Therefore, all normal users should be created with these roles.
Futon on Cloudant
Futon is available for any Cloudant database at https://cloudant.com/futon . Login there with your Cloudant account username and password.
Contributors
This module is originally based off of a gist by weilu.
License
Copyright 2014-2016 doublerebel. MIT licensed.
FAQs
Helper module to use standard CouchDB _users db on a Cloudant db
We found that cloudant-user demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 26 Apr 2016
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Security Community Slams MIT-linked Report Claiming AI Powers 80% of Ransomware
Experts push back on new claims about AI-driven ransomware, warning that hype and sponsored research are distorting how the threat is understood.
By Sarah Gooding -  Oct 30, 2025
Security News
Ruby Core Team Assumes Stewardship of RubyGems and Bundler, Former Maintainers Offer to Transfer All Rights to Matz
Ruby's creator Matz assumes control of RubyGems and Bundler repositories while former maintainers agree to step back and transfer all rights to end the dispute.
By Sarah Gooding -  Oct 29, 2025