		'use strict'

		var EventEmitter = require('events').EventEmitter
		var util = require('util')
		var utils = require('./utils')
		var sasl = require('./sasl')
		var pgPass = require('pgpass')
		var sasl = require('./crypto/sasl')
		var TypeOverrides = require('./type-overrides')
		@@ -14,2 +12,3 @@
		var Connection = require('./connection')
		const crypto = require('./crypto/utils')

		@@ -42,2 +41,3 @@ class Client extends EventEmitter {
		this._ending = false
		this._ended = false
		this._connecting = false
		@@ -138,2 +138,3 @@ this._connected = false
		this._errorAllQueries(error)
		this._ended = true

		@@ -230,8 +231,13 @@ if (!this._ending) {
		} else {
		pgPass(this.connectionParameters, (pass) => {
		if (undefined !== pass) {
		this.connectionParameters.password = this.password = pass
		}
		cb()
		})
		try {
		const pgPass = require('pgpass')
		pgPass(this.connectionParameters, (pass) => {
		if (undefined !== pass) {
		this.connectionParameters.password = this.password = pass
		}
		cb()
		})
		} catch (e) {
		this.emit('error', e)
		}
		}
		@@ -247,5 +253,9 @@ }
		_handleAuthMD5Password(msg) {
		this._checkPgPass(() => {
		const hashedPassword = utils.postgresMd5PasswordHash(this.user, this.password, msg.salt)
		this.connection.password(hashedPassword)
		this._checkPgPass(async () => {
		try {
		const hashedPassword = await crypto.postgresMd5PasswordHash(this.user, this.password, msg.salt)
		this.connection.password(hashedPassword)
		} catch (e) {
		this.emit('error', e)
		}
		})
		@@ -256,15 +266,27 @@ }
		this._checkPgPass(() => {
		this.saslSession = sasl.startSession(msg.mechanisms)
		this.connection.sendSASLInitialResponseMessage(this.saslSession.mechanism, this.saslSession.response)
		try {
		this.saslSession = sasl.startSession(msg.mechanisms)
		this.connection.sendSASLInitialResponseMessage(this.saslSession.mechanism, this.saslSession.response)
		} catch (err) {
		this.connection.emit('error', err)
		}
		})
		}

		_handleAuthSASLContinue(msg) {
		sasl.continueSession(this.saslSession, this.password, msg.data)
		this.connection.sendSCRAMClientFinalMessage(this.saslSession.response)
		async _handleAuthSASLContinue(msg) {
		try {
		await sasl.continueSession(this.saslSession, this.password, msg.data)
		this.connection.sendSCRAMClientFinalMessage(this.saslSession.response)
		} catch (err) {
		this.connection.emit('error', err)
		}
		}

		_handleAuthSASLFinal(msg) {
		sasl.finalizeSession(this.saslSession, msg.data)
		this.saslSession = null
		try {
		sasl.finalizeSession(this.saslSession, msg.data)
		this.saslSession = null
		} catch (err) {
		this.connection.emit('error', err)
		}
		}
		@@ -412,2 +434,5 @@
		}
		if (params.lock_timeout) {
		data.lock_timeout = String(parseInt(params.lock_timeout, 10))
		}
		if (params.idle_in_transaction_session_timeout) {
		@@ -450,31 +475,11 @@ data.idle_in_transaction_session_timeout = String(parseInt(params.idle_in_transaction_session_timeout, 10))

		// Ported from PostgreSQL 9.2.4 source code in src/interfaces/libpq/fe-exec.c
		// escapeIdentifier and escapeLiteral moved to utility functions & exported
		// on PG
		// re-exported here for backwards compatibility
		escapeIdentifier(str) {
		return '"' + str.replace(/"/g, '""') + '"'
		return utils.escapeIdentifier(str)
		}

		// Ported from PostgreSQL 9.2.4 source code in src/interfaces/libpq/fe-exec.c
		escapeLiteral(str) {
		var hasBackslash = false
		var escaped = "'"

		for (var i = 0; i < str.length; i++) {
		var c = str[i]
		if (c === "'") {
		escaped += c + c
		} else if (c === '\\') {
		escaped += c + c
		hasBackslash = true
		} else {
		escaped += c
		}
		}

		escaped += "'"

		if (hasBackslash === true) {
		escaped = ' E' + escaped
		}

		return escaped
		return utils.escapeLiteral(str)
		}
		@@ -526,2 +531,7 @@
		query.callback = (err, res) => (err ? reject(err) : resolve(res))
		}).catch(err => {
		// replace the stack trace that leads to `TCP.onStreamRead` with one that leads back to the
		// application that created the query
		Error.captureStackTrace(err);
		throw err;
		})
		@@ -601,3 +611,3 @@ }
		// if we have never connected, then end is a noop, callback immediately
		if (!this.connection._connecting) {
		if (!this.connection._connecting \|\| this._ended) {
		if (cb) {
		@@ -604,0 +614,0 @@ cb()

lib/connection-parameters.js

		@@ -106,2 +106,3 @@ 'use strict'
		this.statement_timeout = val('statement_timeout', config, false)
		this.lock_timeout = val('lock_timeout', config, false)
		this.idle_in_transaction_session_timeout = val('idle_in_transaction_session_timeout', config, false)
		@@ -108,0 +109,0 @@ this.query_timeout = val('query_timeout', config, false)

lib/connection.js

		@@ -7,2 +7,3 @@ 'use strict'
		const { parse, serialize } = require('pg-protocol')
		const { getStream, getSecureStream } = require('./stream')

		@@ -18,3 +19,8 @@ const flushBuffer = serialize.flush()
		config = config \|\| {}
		this.stream = config.stream \|\| new net.Socket()

		this.stream = config.stream \|\| getStream(config.ssl)
		if (typeof this.stream === 'function') {
		this.stream = this.stream(config)
		}

		this._keepAlive = config.keepAlive
		@@ -79,3 +85,2 @@ this._keepAliveInitialDelayMillis = config.keepAliveInitialDelayMillis
		}
		var tls = require('tls')
		const options = {
		@@ -93,7 +98,8 @@ socket: self.stream,

		if (net.isIP(host) === 0) {
		var net = require('net')
		if (net.isIP && net.isIP(host) === 0) {
		options.servername = host
		}
		try {
		self.stream = tls.connect(options)
		self.stream = getSecureStream(options)
		} catch (err) {
		@@ -110,5 +116,2 @@ return self.emit('error', err)
		attachListeners(stream) {
		stream.on('end', () => {
		this.emit('end')
		})
		parse(stream, (msg) => {
		@@ -181,3 +184,2 @@ var eventName = msg.name === 'error' ? 'errorMessage' : msg.name
		this._ending = true
		this._send(flushBuffer)
		this._send(syncBuffer)
		@@ -184,0 +186,0 @@ }

lib/defaults.js

		@@ -57,2 +57,6 @@ 'use strict'

		// Abort any statement that waits longer than the specified duration in milliseconds while attempting to acquire a lock.
		// false=unlimited
		lock_timeout: false,

		// Terminate any session with an open transaction that has been idle for longer than the specified duration in milliseconds
		@@ -59,0 +63,0 @@ // false=unlimited

lib/index.js

		@@ -8,2 +8,3 @@ 'use strict'
		const { DatabaseError } = require('pg-protocol')
		const { escapeIdentifier, escapeLiteral } = require('./utils')

		@@ -27,2 +28,4 @@ const poolFactory = (Client) => {
		this.DatabaseError = DatabaseError
		this.escapeIdentifier = escapeIdentifier
		this.escapeLiteral = escapeLiteral
		}
		@@ -29,0 +32,0 @@

lib/native/client.js

		'use strict'

		// eslint-disable-next-line
		var Native = require('pg-native')
		var Native
		try {
		// Wrap this `require()` in a try-catch to avoid upstream bundlers from complaining that this might not be available since it is an optional import
		Native = require('pg-native')
		} catch (e) {
		throw e
		}
		var TypeOverrides = require('../type-overrides')
		var pkg = require('../../package.json')
		var EventEmitter = require('events').EventEmitter
		@@ -33,2 +38,3 @@ var util = require('util')
		var cp = (this.connectionParameters = new ConnectionParameters(config))
		if (config.nativeConnectionString) cp.nativeConnectionString = config.nativeConnectionString
		this.user = cp.user
		@@ -87,2 +93,3 @@
		this.connectionParameters.getLibpqConnectionString(function (err, conString) {
		if (self.connectionParameters.nativeConnectionString) conString = self.connectionParameters.nativeConnectionString
		if (err) return cb(err)
		@@ -172,2 +179,5 @@ self.native.connect(conString, function (err) {
		rejectOut = reject
		}).catch(err => {
		Error.captureStackTrace(err);
		throw err;
		})
		@@ -174,0 +184,0 @@ query.callback = (err, res) => (err ? rejectOut(err) : resolveOut(res))

lib/query.js

		@@ -138,3 +138,10 @@ 'use strict'
		if (this.callback) {
		this.callback(null, this._results)
		try {
		this.callback(null, this._results)
		}
		catch(err) {
		process.nextTick(() => {
		throw err
		})
		}
		}
		@@ -141,0 +148,0 @@ this.emit('end', this._results)

lib/utils.js

		'use strict'

		const crypto = require('crypto')

		const defaults = require('./defaults')
		@@ -167,11 +165,30 @@

		const md5 = function (string) {
		return crypto.createHash('md5').update(string, 'utf-8').digest('hex')
		// Ported from PostgreSQL 9.2.4 source code in src/interfaces/libpq/fe-exec.c
		const escapeIdentifier = function (str) {
		return '"' + str.replace(/"/g, '""') + '"'
		}

		// See AuthenticationMD5Password at https://www.postgresql.org/docs/current/static/protocol-flow.html
		const postgresMd5PasswordHash = function (user, password, salt) {
		var inner = md5(password + user)
		var outer = md5(Buffer.concat([Buffer.from(inner), salt]))
		return 'md5' + outer
		const escapeLiteral = function (str) {
		var hasBackslash = false
		var escaped = "'"

		for (var i = 0; i < str.length; i++) {
		var c = str[i]
		if (c === "'") {
		escaped += c + c
		} else if (c === '\\') {
		escaped += c + c
		hasBackslash = true
		} else {
		escaped += c
		}
		}

		escaped += "'"

		if (hasBackslash === true) {
		escaped = ' E' + escaped
		}

		return escaped
		}
		@@ -186,4 +203,4 @@
		normalizeQueryConfig,
		postgresMd5PasswordHash,
		md5,
		escapeIdentifier,
		escapeLiteral,
		}

package.json

		{
		"name": "pg",
		"version": "8.7.3",
		"version": "8.11.1",
		"description": "PostgreSQL client - pure javascript & libpq with the same API",
		@@ -25,5 +25,5 @@ "keywords": [
		"packet-reader": "1.0.0",
		"pg-connection-string": "^2.5.0",
		"pg-pool": "^3.5.1",
		"pg-protocol": "^1.5.0",
		"pg-connection-string": "^2.6.1",
		"pg-pool": "^3.6.1",
		"pg-protocol": "^1.6.0",
		"pg-types": "^2.1.0",
		@@ -33,9 +33,16 @@ "pgpass": "1.x"
		"devDependencies": {
		"async": "0.9.0",
		"@cloudflare/workers-types": "^4.20230404.0",
		"async": "2.6.4",
		"bluebird": "3.5.2",
		"co": "4.6.0",
		"pg-copy-streams": "0.3.0"
		"pg-copy-streams": "0.3.0",
		"typescript": "^4.0.3",
		"workerd": "^1.20230419.0",
		"wrangler": "^2.16.0"
		},
		"optionalDependencies": {
		"pg-cloudflare": "^1.1.1"
		},
		"peerDependencies": {
		"pg-native": ">=2.0.0"
		"pg-native": ">=3.0.1"
		},
		@@ -58,3 +65,3 @@ "peerDependenciesMeta": {
		},
		"gitHead": "4fa7ee891a456168a75695ac026792136f16577f"
		"gitHead": "eaafac36dc8f4a13f1fecc9e3420d35559fd8e2b"
		}

README.md

		# node-postgres

		[![Build Status](https://secure.travis-ci.org/brianc/node-postgres.svg?branch=master)](http://travis-ci.org/brianc/node-postgres)
		[![Dependency Status](https://david-dm.org/brianc/node-postgres.svg?path=packages/pg)](https://david-dm.org/brianc/node-postgres?path=packages/pg)
		<span class="badge-npmversion"><a href="https://npmjs.org/package/pg" title="View this project on NPM"><img src="https://img.shields.io/npm/v/pg.svg" alt="NPM version" /></a></span>
		@@ -50,15 +49,4 @@ <span class="badge-npmdownloads"><a href="https://npmjs.org/package/pg" title="View this project on NPM"><img src="https://img.shields.io/npm/dm/pg.svg" alt="NPM downloads" /></a></span>

		node-postgres's continued development has been made possible in part by generous finanical support from [the community](https://github.com/brianc/node-postgres/blob/master/SPONSORS.md) and these featured sponsors:
		node-postgres's continued development has been made possible in part by generous finanical support from [the community](https://github.com/brianc/node-postgres/blob/master/SPONSORS.md).

		<div align="center">
		<a href="https://crate.io" target="_blank">
		<img height="80" src="https://node-postgres.com/crate-io.png" />
		</a>

		<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAABCAQAAAB0m0auAAAADElEQVR42mNkIBIAAABSAAI2VLqiAAAAAElFTkSuQmCC" />
		<a href="https://www.eaze.com" target="_blank">
		<img height="80" src="https://node-postgres.com/eaze.png" />
		</a>
		</div>

		If you or your company are benefiting from node-postgres and would like to help keep the project financially sustainable [please consider supporting](https://github.com/sponsors/brianc) its development.
		@@ -65,0 +53,0 @@

lib/sasl.js

pg - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics

Dependency changes