pg - npm Package Compare versions

Comparing version 7.18.2 to 8.0.0

lib/client.js

@@ -33,3 +33,12 @@ 'use strict'
   this.host = this.connectionParameters.host
-  this.password = this.connectionParameters.password
+
+  // "hiding" the password so it doesn't show up in stack traces
+  // or if the client is console.logged
+  Object.defineProperty(this, 'password', {
+    configurable: true,
+    enumerable: false,
+    writable: true,
+    value: this.connectionParameters.password
+  })
+
   this.replication = this.connectionParameters.replication
@@ -549,2 +558,11 @@
 
+  // if we have never connected, then end is a noop, callback immediately
+  if (this.connection.stream.readyState === 'closed') {
+    if (cb) {
+      cb()
+    } else {
+      return this._Promise.resolve()
+    }
+  }
+
   if (this.activeQuery || !this._queryable) {
@@ -551,0 +569,0 @@ // if we have an active query we need to force a disconnect

lib/connection-fast.js

@@ -18,4 +18,2 @@ 'use strict'
 
-var warnDeprecation = require('./compat/warn-deprecation')
-
 var TEXT_MODE = 0
@@ -99,17 +97,5 @@
     var tls = require('tls')
-    const options = {
-      socket: self.stream,
-      checkServerIdentity: self.ssl.checkServerIdentity || tls.checkServerIdentity,
-      rejectUnauthorized: self.ssl.rejectUnauthorized,
-      ca: self.ssl.ca,
-      pfx: self.ssl.pfx,
-      key: self.ssl.key,
-      passphrase: self.ssl.passphrase,
-      cert: self.ssl.cert,
-      secureOptions: self.ssl.secureOptions,
-      NPNProtocols: self.ssl.NPNProtocols
-    }
-    if (typeof self.ssl.rejectUnauthorized !== 'boolean') {
-      warnDeprecation('Implicit disabling of certificate verification is deprecated and will be removed in pg 8. Specify `rejectUnauthorized: true` to require a valid CA or `rejectUnauthorized: false` to explicitly opt out of MITM protection.', 'PG-SSL-VERIFY')
-    }
+    const options = Object.assign({
+      socket: self.stream
+    }, self.ssl)
     if (net.isIP(host) === 0) {
@@ -116,0 +102,0 @@ options.servername = host

lib/connection-parameters.js

@@ -55,5 +55,19 @@ 'use strict'
   this.database = val('database', config)
+
+  if (this.database === undefined) {
+    this.database = this.user
+  }
+
   this.port = parseInt(val('port', config), 10)
   this.host = val('host', config)
-  this.password = val('password', config)
+
+  // "hiding" the password so it doesn't show up in stack traces
+  // or if the client is console.logged
+  Object.defineProperty(this, 'password', {
+    configurable: true,
+    enumerable: false,
+    writable: true,
+    value: val('password', config)
+  })
+
   this.binary = val('binary', config)
@@ -60,0 +74,0 @@ this.ssl = typeof config.ssl === 'undefined' ? useSsl() : config.ssl

lib/connection.js

@@ -17,4 +17,2 @@ 'use strict'
 
-var warnDeprecation = require('./compat/warn-deprecation')
-
 var TEXT_MODE = 0
@@ -99,17 +97,5 @@ var BINARY_MODE = 1
     var tls = require('tls')
-    const options = {
-      socket: self.stream,
-      checkServerIdentity: self.ssl.checkServerIdentity || tls.checkServerIdentity,
-      rejectUnauthorized: self.ssl.rejectUnauthorized,
-      ca: self.ssl.ca,
-      pfx: self.ssl.pfx,
-      key: self.ssl.key,
-      passphrase: self.ssl.passphrase,
-      cert: self.ssl.cert,
-      secureOptions: self.ssl.secureOptions,
-      NPNProtocols: self.ssl.NPNProtocols
-    }
-    if (typeof self.ssl.rejectUnauthorized !== 'boolean') {
-      warnDeprecation('Implicit disabling of certificate verification is deprecated and will be removed in pg 8. Specify `rejectUnauthorized: true` to require a valid CA or `rejectUnauthorized: false` to explicitly opt out of MITM protection.', 'PG-SSL-VERIFY')
-    }
+    const options = Object.assign({
+      socket: self.stream
+    }, self.ssl)
     if (net.isIP(host) === 0) {
@@ -607,3 +593,3 @@ options.servername = host
 // parses error
-Connection.prototype.parseE = function (buffer, length) {
+Connection.prototype.parseE = function (buffer, length, isNotice) {
   var fields = {}
@@ -617,6 +603,6 @@ var fieldType = this.readString(buffer, 1)
   // the msg is an Error instance
-  var msg = new Error(fields.M)
+  var msg = isNotice ? { message: fields.M } : new Error(fields.M)
 
   // for compatibility with Message
-  msg.name = 'error'
+  msg.name = isNotice ? 'notice' : 'error'
   msg.length = length
@@ -645,3 +631,3 @@
 Connection.prototype.parseN = function (buffer, length) {
-  var msg = this.parseE(buffer, length)
+  var msg = this.parseE(buffer, length, true)
   msg.name = 'notice'
@@ -648,0 +634,0 @@ return msg

lib/defaults.js

@@ -18,3 +18,3 @@ 'use strict'
   // name of database to connect
-  database: process.platform === 'win32' ? process.env.USERNAME : process.env.USER,
+  database: undefined,
 
@@ -21,0 +21,0 @@ // database user's password

lib/index.js

@@ -10,3 +10,2 @@ 'use strict'
 
-var util = require('util')
 var Client = require('./client')
@@ -16,16 +15,9 @@ var defaults = require('./defaults')
 var Pool = require('pg-pool')
-const checkConstructor = require('./compat/check-constructor')
 
 const poolFactory = (Client) => {
-  var BoundPool = function (options) {
-    // eslint-disable-next-line no-eval
-    checkConstructor('pg.Pool', 'PG-POOL-NEW', () => eval('new.target'))
-
-    var config = Object.assign({ Client: Client }, options)
-    return new Pool(config)
+  return class BoundPool extends Pool {
+    constructor (options) {
+      super(options, Client)
+    }
   }
-
-  util.inherits(BoundPool, Pool)
-
-  return BoundPool
 }
@@ -49,18 +41,26 @@
   // lazy require native module...the native module may not have installed
-  module.exports.__defineGetter__('native', function () {
-    delete module.exports.native
-    var native = null
-    try {
-      native = new PG(require('./native'))
-    } catch (err) {
-      if (err.code !== 'MODULE_NOT_FOUND') {
-        throw err
+  Object.defineProperty(module.exports, 'native', {
+    configurable: true,
+    enumerable: false,
+    get() {
+      var native = null
+      try {
+        native = new PG(require('./native'))
+      } catch (err) {
+        if (err.code !== 'MODULE_NOT_FOUND') {
+          throw err
+        }
+        /* eslint-disable no-console */
+        console.error(err.message)
+        /* eslint-enable no-console */
       }
-      /* eslint-disable no-console */
-      console.error(err.message)
-      /* eslint-enable no-console */
+
+      // overwrite module.exports.native so that getter is never called again
+      Object.defineProperty(module.exports, 'native', {
+        value: native
+      })
+
+      return native
     }
-    module.exports.native = native
-    return native
   })
 }

lib/native/client.js

@@ -46,3 +46,11 @@ 'use strict'
   this.user = cp.user
-  this.password = cp.password
+
+  // "hiding" the password so it doesn't show up in stack traces
+  // or if the client is console.logged
+  Object.defineProperty(this, 'password', {
+    configurable: true,
+    enumerable: false,
+    writable: true,
+    value: cp.password
+  })
   this.database = cp.database
@@ -49,0 +57,0 @@ this.host = cp.host

lib/query.js

@@ -10,224 +10,218 @@ 'use strict'
 
-var EventEmitter = require('events').EventEmitter
-var util = require('util')
-const checkConstructor = require('./compat/check-constructor')
+const { EventEmitter } = require('events')
 
-var Result = require('./result')
-var utils = require('./utils')
+const Result = require('./result')
+const utils = require('./utils')
 
-var Query = function (config, values, callback) {
-  // use of "new" optional in pg 7
-  // eslint-disable-next-line no-eval
-  checkConstructor('Query', 'PG-QUERY-NEW', () => eval('new.target'))
-  if (!(this instanceof Query)) { return new Query(config, values, callback) }
+class Query extends EventEmitter {
+  constructor(config, values, callback) {
+    super()
 
-  config = utils.normalizeQueryConfig(config, values, callback)
+    config = utils.normalizeQueryConfig(config, values, callback)
 
-  this.text = config.text
-  this.values = config.values
-  this.rows = config.rows
-  this.types = config.types
-  this.name = config.name
-  this.binary = config.binary
-  // use unique portal name each time
-  this.portal = config.portal || ''
-  this.callback = config.callback
-  this._rowMode = config.rowMode
-  if (process.domain && config.callback) {
-    this.callback = process.domain.bind(config.callback)
+    this.text = config.text
+    this.values = config.values
+    this.rows = config.rows
+    this.types = config.types
+    this.name = config.name
+    this.binary = config.binary
+    // use unique portal name each time
+    this.portal = config.portal || ''
+    this.callback = config.callback
+    this._rowMode = config.rowMode
+    if (process.domain && config.callback) {
+      this.callback = process.domain.bind(config.callback)
+    }
+    this._result = new Result(this._rowMode, this.types)
+
+    // potential for multiple results
+    this._results = this._result
+    this.isPreparedStatement = false
+    this._canceledDueToError = false
+    this._promise = null
   }
-  this._result = new Result(this._rowMode, this.types)
 
-  // potential for multiple results
-  this._results = this._result
-  this.isPreparedStatement = false
-  this._canceledDueToError = false
-  this._promise = null
-  EventEmitter.call(this)
-}
+  requiresPreparation() {
+    // named queries must always be prepared
+    if (this.name) { return true }
+    // always prepare if there are max number of rows expected per
+    // portal execution
+    if (this.rows) { return true }
+    // don't prepare empty text queries
+    if (!this.text) { return false }
+    // prepare if there are values
+    if (!this.values) { return false }
+    return this.values.length > 0
+  }
 
-util.inherits(Query, EventEmitter)
+  _checkForMultirow() {
+    // if we already have a result with a command property
+    // then we've already executed one query in a multi-statement simple query
+    // turn our results into an array of results
+    if (this._result.command) {
+      if (!Array.isArray(this._results)) {
+        this._results = [this._result]
+      }
+      this._result = new Result(this._rowMode, this.types)
+      this._results.push(this._result)
+    }
+  }
 
-Query.prototype.requiresPreparation = function () {
-  // named queries must always be prepared
-  if (this.name) { return true }
-  // always prepare if there are max number of rows expected per
-  // portal execution
-  if (this.rows) { return true }
-  // don't prepare empty text queries
-  if (!this.text) { return false }
-  // prepare if there are values
-  if (!this.values) { return false }
-  return this.values.length > 0
-}
+  // associates row metadata from the supplied
+  // message with this query object
+  // metadata used when parsing row results
+  handleRowDescription(msg) {
+    this._checkForMultirow()
+    this._result.addFields(msg.fields)
+    this._accumulateRows = this.callback || !this.listeners('row').length
+  }
 
-Query.prototype._checkForMultirow = function () {
-  // if we already have a result with a command property
-  // then we've already executed one query in a multi-statement simple query
-  // turn our results into an array of results
-  if (this._result.command) {
-    if (!Array.isArray(this._results)) {
-      this._results = [this._result]
+  handleDataRow(msg) {
+    let row
+
+    if (this._canceledDueToError) {
+      return
     }
-    this._result = new Result(this._rowMode, this.types)
-    this._results.push(this._result)
-  }
-}
 
-// associates row metadata from the supplied
-// message with this query object
-// metadata used when parsing row results
-Query.prototype.handleRowDescription = function (msg) {
-  this._checkForMultirow()
-  this._result.addFields(msg.fields)
-  this._accumulateRows = this.callback || !this.listeners('row').length
-}
+    try {
+      row = this._result.parseRow(msg.fields)
+    } catch (err) {
+      this._canceledDueToError = err
+      return
+    }
 
-Query.prototype.handleDataRow = function (msg) {
-  var row
+    this.emit('row', row, this._result)
+    if (this._accumulateRows) {
+      this._result.addRow(row)
+    }
+  }
 
-  if (this._canceledDueToError) {
-    return
+  handleCommandComplete(msg, con) {
+    this._checkForMultirow()
+    this._result.addCommandComplete(msg)
+    // need to sync after each command complete of a prepared statement
+    if (this.isPreparedStatement) {
+      con.sync()
+    }
   }
 
-  try {
-    row = this._result.parseRow(msg.fields)
-  } catch (err) {
-    this._canceledDueToError = err
-    return
+  // if a named prepared statement is created with empty query text
+  // the backend will send an emptyQuery message but *not* a command complete message
+  // execution on the connection will hang until the backend receives a sync message
+  handleEmptyQuery(con) {
+    if (this.isPreparedStatement) {
+      con.sync()
+    }
   }
 
-  this.emit('row', row, this._result)
-  if (this._accumulateRows) {
-    this._result.addRow(row)
+  handleReadyForQuery(con) {
+    if (this._canceledDueToError) {
+      return this.handleError(this._canceledDueToError, con)
+    }
+    if (this.callback) {
+      this.callback(null, this._results)
+    }
+    this.emit('end', this._results)
   }
-}
 
-Query.prototype.handleCommandComplete = function (msg, con) {
-  this._checkForMultirow()
-  this._result.addCommandComplete(msg)
-  // need to sync after each command complete of a prepared statement
-  if (this.isPreparedStatement) {
-    con.sync()
+  handleError(err, connection) {
+    // need to sync after error during a prepared statement
+    if (this.isPreparedStatement) {
+      connection.sync()
+    }
+    if (this._canceledDueToError) {
+      err = this._canceledDueToError
+      this._canceledDueToError = false
+    }
+    // if callback supplied do not emit error event as uncaught error
+    // events will bubble up to node process
+    if (this.callback) {
+      return this.callback(err)
+    }
+    this.emit('error', err)
   }
-}
 
-// if a named prepared statement is created with empty query text
-// the backend will send an emptyQuery message but *not* a command complete message
-// execution on the connection will hang until the backend receives a sync message
-Query.prototype.handleEmptyQuery = function (con) {
-  if (this.isPreparedStatement) {
-    con.sync()
+  submit(connection) {
+    if (typeof this.text !== 'string' && typeof this.name !== 'string') {
+      return new Error('A query must have either text or a name. Supplying neither is unsupported.')
+    }
+    const previous = connection.parsedStatements[this.name]
+    if (this.text && previous && this.text !== previous) {
+      return new Error(`Prepared statements must be unique - '${this.name}' was used for a different statement`)
+    }
+    if (this.values && !Array.isArray(this.values)) {
+      return new Error('Query values must be an array')
+    }
+    if (this.requiresPreparation()) {
+      this.prepare(connection)
+    } else {
+      connection.query(this.text)
+    }
+    return null
   }
-}
 
-Query.prototype.handleReadyForQuery = function (con) {
-  if (this._canceledDueToError) {
-    return this.handleError(this._canceledDueToError, con)
+  hasBeenParsed(connection) {
+    return this.name && connection.parsedStatements[this.name]
   }
-  if (this.callback) {
-    this.callback(null, this._results)
-  }
-  this.emit('end', this._results)
-}
 
-Query.prototype.handleError = function (err, connection) {
-  // need to sync after error during a prepared statement
-  if (this.isPreparedStatement) {
-    connection.sync()
+  handlePortalSuspended(connection) {
+    this._getRows(connection, this.rows)
   }
-  if (this._canceledDueToError) {
-    err = this._canceledDueToError
-    this._canceledDueToError = false
-  }
-  // if callback supplied do not emit error event as uncaught error
-  // events will bubble up to node process
-  if (this.callback) {
-    return this.callback(err)
-  }
-  this.emit('error', err)
-}
 
-Query.prototype.submit = function (connection) {
-  if (typeof this.text !== 'string' && typeof this.name !== 'string') {
-    return new Error('A query must have either text or a name. Supplying neither is unsupported.')
+  _getRows(connection, rows) {
+    connection.execute({
+      portal: this.portal,
+      rows: rows
+    }, true)
+    connection.flush()
   }
-  const previous = connection.parsedStatements[this.name]
-  if (this.text && previous && this.text !== previous) {
-    return new Error(`Prepared statements must be unique - '${this.name}' was used for a different statement`)
-  }
-  if (this.values && !Array.isArray(this.values)) {
-    return new Error('Query values must be an array')
-  }
-  if (this.requiresPreparation()) {
-    this.prepare(connection)
-  } else {
-    connection.query(this.text)
-  }
-  return null
-}
 
-Query.prototype.hasBeenParsed = function (connection) {
-  return this.name && connection.parsedStatements[this.name]
-}
+  prepare(connection) {
+    // prepared statements need sync to be called after each command
+    // complete or when an error is encountered
+    this.isPreparedStatement = true
+    // TODO refactor this poor encapsulation
+    if (!this.hasBeenParsed(connection)) {
+      connection.parse({
+        text: this.text,
+        name: this.name,
+        types: this.types
+      }, true)
+    }
 
-Query.prototype.handlePortalSuspended = function (connection) {
-  this._getRows(connection, this.rows)
-}
+    if (this.values) {
+      try {
+        this.values = this.values.map(utils.prepareValue)
+      } catch (err) {
+        this.handleError(err, connection)
+        return
+      }
+    }
 
-Query.prototype._getRows = function (connection, rows) {
-  connection.execute({
-    portal: this.portal,
-    rows: rows
-  }, true)
-  connection.flush()
-}
+    // http://developer.postgresql.org/pgdocs/postgres/protocol-flow.html#PROTOCOL-FLOW-EXT-QUERY
+    connection.bind({
+      portal: this.portal,
+      statement: this.name,
+      values: this.values,
+      binary: this.binary
+    }, true)
 
-Query.prototype.prepare = function (connection) {
-  var self = this
-  // prepared statements need sync to be called after each command
-  // complete or when an error is encountered
-  this.isPreparedStatement = true
-  // TODO refactor this poor encapsulation
-  if (!this.hasBeenParsed(connection)) {
-    connection.parse({
-      text: self.text,
-      name: self.name,
-      types: self.types
+    connection.describe({
+      type: 'P',
+      name: this.portal || ''
     }, true)
+
+    this._getRows(connection, this.rows)
   }
 
-  if (self.values) {
-    try {
-      self.values = self.values.map(utils.prepareValue)
-    } catch (err) {
-      this.handleError(err, connection)
-      return
-    }
+  handleCopyInResponse(connection) {
+    connection.sendCopyFail('No source stream defined')
   }
 
-  // http://developer.postgresql.org/pgdocs/postgres/protocol-flow.html#PROTOCOL-FLOW-EXT-QUERY
-  connection.bind({
-    portal: self.portal,
-    statement: self.name,
-    values: self.values,
-    binary: self.binary
-  }, true)
-
-  connection.describe({
-    type: 'P',
-    name: self.portal || ''
-  }, true)
-
-  this._getRows(connection, this.rows)
+  // eslint-disable-next-line no-unused-vars
+  handleCopyData(msg, connection) {
+    // noop
+  }
 }
 
-Query.prototype.handleCopyInResponse = function (connection) {
-  connection.sendCopyFail('No source stream defined')
-}
-
-// eslint-disable-next-line no-unused-vars
-Query.prototype.handleCopyData = function (msg, connection) {
-  // noop
-}
 module.exports = Query

package.json

 {
   "name": "pg",
-  "version": "7.18.2",
+  "version": "8.0.0",
   "description": "PostgreSQL client - pure javascript & libpq with the same API",
@@ -26,3 +26,3 @@ "keywords": [
     "pg-packet-stream": "^1.1.0",
-    "pg-pool": "^2.0.10",
+    "pg-pool": "^3.0.0",
     "pg-types": "^2.1.0",
@@ -55,5 +55,5 @@ "pgpass": "1.x",
   "engines": {
-    "node": ">= 4.5.0"
+    "node": ">= 8.0.0"
   },
-  "gitHead": "29877530c6f7b5ebc0bf814e3a711b4b66e4d51a"
+  "gitHead": "a227d3e8d47e1eb53296a3a013f2e7514cd152c3"
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses eval() which is a dangerous function. This prevents the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Improved metrics

Number of low supply chain risk alerts

8

decreased by-20%

Number of medium supply chain risk alerts

5

decreased by-37.5%

Worsened metrics

Total package byte prevSize

91229

decreased by-2.11%

Number of package files

17

decreased by-10.53%

Lines of code

2653

decreased by-1.08%

Dependency changes

• + Addedpg-pool@3.7.0(transitive)

• - Removedpg-pool@2.0.10(transitive)

• Updatedpg-pool@^3.0.0