Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
pg-connection-string
Advanced tools
The pg-connection-string package is a utility for parsing PostgreSQL connection strings. It can parse a connection string into an object with configuration details, which can then be used to establish a connection to a PostgreSQL database. This is particularly useful when working with environment variables or configuration files that store database connection information in a URI format.
Parsing connection string
This feature allows you to parse a PostgreSQL connection string into a configuration object. The object includes properties such as user, password, host, port, and database, which can be used to establish a connection to a PostgreSQL database.
const { parse } = require('pg-connection-string');
const config = parse('postgres://user:password@localhost:5432/database');
console.log(config);
The connection-string package is a more generic parser for connection strings, not limited to PostgreSQL. It can parse various types of connection strings into a structured format. Compared to pg-connection-string, it offers a broader scope of functionality but might not have PostgreSQL-specific optimizations.
Functions for dealing with a PostgresSQL connection string
parse
method taken from node-postgres
Copyright (c) 2010-2014 Brian Carlson (brian.m.carlson@gmail.com)
MIT License
var parse = require('pg-connection-string').parse;
var config = parse('postgres://someuser:somepassword@somehost:381/somedatabase')
The resulting config contains a subset of the following properties:
user
- User with which to authenticate to the serverpassword
- Corresponding passwordhost
- Postgres server hostname or, for UNIX domain sockets, the socket filenameport
- port on which to connectdatabase
- Database name within the serverclient_encoding
- string encoding the client will usessl
, either a boolean or an object with properties
rejectUnauthorized
cert
key
ca
application_name
) are preserved intact.The short summary of acceptable URLs is:
socket:<path>?<query>
- UNIX domain socketpostgres://<user>:<password>@<host>:<port>/<database>?<query>
- TCP connectionBut see below for more details.
When user and password are not given, the socket path follows socket:
, as in socket:/var/run/pgsql
.
This form can be shortened to just a path: /var/run/pgsql
.
When user and password are given, they are included in the typical URL positions, with an empty host
, as in socket://user:pass@/var/run/pgsql
.
Query parameters follow a ?
character, including the following special query parameters:
db=<database>
- sets the database name (urlencoded)encoding=<encoding>
- sets the client_encoding
propertyTCP connections to the Postgres server are indicated with pg:
or postgres:
schemes (in fact, any scheme but socket:
is accepted).
If username and password are included, they should be urlencoded.
The database name, however, should not be urlencoded.
Query parameters follow a ?
character, including the following special query parameters:
host=<host>
- sets host
property, overriding the URL's hostencoding=<encoding>
- sets the client_encoding
propertyssl=1
, ssl=true
, ssl=0
, ssl=false
- sets ssl
to true or false, accordinglysslmode=<sslmode>
sslmode=disable
- sets ssl
to falsesslmode=no-verify
- sets ssl
to { rejectUnauthorized: false }
sslmode=prefer
, sslmode=require
, sslmode=verify-ca
, sslmode=verify-full
- sets ssl
to truesslcert=<filename>
- reads data from the given file and includes the result as ssl.cert
sslkey=<filename>
- reads data from the given file and includes the result as ssl.key
sslrootcert=<filename>
- reads data from the given file and includes the result as ssl.ca
A bare relative URL, such as salesdata
, will indicate a database name while leaving other properties empty.
pg-cursor@2.7.0
FAQs
Functions for dealing with a PostgresSQL connection string
The npm package pg-connection-string receives a total of 5,215,792 weekly downloads. As such, pg-connection-string popularity was classified as popular.
We found that pg-connection-string demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.