The pgpass npm package is used to handle PostgreSQL password files (.pgpass) in Node.js applications. It simplifies the process of managing database credentials by reading and parsing the .pgpass file, which stores passwords for PostgreSQL connections.
Reading .pgpass file
This feature allows you to read the .pgpass file and retrieve the password for a given connection information. The pgpass function takes connection info and a callback, and returns the password if found.
const pgpass = require('pgpass');
const connInfo = { host: 'localhost', port: 5432, user: 'user', database: 'mydb' };
pgpass(connInfo, (err, password) => {
if (err) {
console.error('Error reading .pgpass file:', err);
} else {
console.log('Password:', password);
}
});Handling multiple entries
This feature demonstrates how to handle multiple entries in the .pgpass file. You can retrieve passwords for different users and databases by providing the respective connection information.
const pgpass = require('pgpass');
const connInfo1 = { host: 'localhost', port: 5432, user: 'user1', database: 'db1' };
const connInfo2 = { host: 'localhost', port: 5432, user: 'user2', database: 'db2' };
pgpass(connInfo1, (err, password1) => {
if (err) {
console.error('Error reading .pgpass file for user1:', err);
} else {
console.log('Password for user1:', password1);
}
});
pgpass(connInfo2, (err, password2) => {
if (err) {
console.error('Error reading .pgpass file for user2:', err);
} else {
console.log('Password for user2:', password2);
}
});The 'pg' package is a PostgreSQL client for Node.js. While it does not specifically handle .pgpass files, it provides comprehensive functionality for connecting to and interacting with PostgreSQL databases. Users can manually read .pgpass files and pass the credentials to the 'pg' client.
The 'pg-promise' package is a PostgreSQL interface for Node.js that uses promises. Similar to 'pg', it does not handle .pgpass files directly but offers robust database interaction capabilities. Users can integrate .pgpass file reading manually if needed.
The 'node-postgres' package, also known as 'pg', is another PostgreSQL client for Node.js. It provides a rich set of features for database operations but does not include built-in support for .pgpass files. Users can manage .pgpass file reading separately.
npm install --save hoegaarden/pgpass
var pgPass = require('pgpass');
var connInfo = {
'host' : 'pgserver' ,
'user' : 'the_user_name' ,
};
// ---- async ----
pgPass(connInfo, function(pass){
conn_info.password = pass;
// connect to postgresql server
});
This module tries to read the ~/.pgpass file (or the equivalent for windows systems). If the environment variable PGPASSFILE is set, this file is used instead. If everything goes right, the password from said file is to the callback; if the password cannot be read undefined is passed to the callback.
Cases where undefined is returned:
PGPASSWORD is setThe goal of this package is to get included in the node-postgresql module to get the same behaviour for the javascript client as for the native client.
There are tests in ./test/; including linting and coverage testing. Running npm test runs:
jshintmocha testsjscoverage and mocha -R html-covYou can see the coverage report in coverage.html.
If you find Bugs or have improvments, please feel free to open a issue on github. If you provide a pull request, I'm more than happy to merge them, just make sure to add tests for your changes.
FAQs
Module for reading .pgpass
The npm package pgpass receives a total of 4,499,902 weekly downloads. As such, pgpass popularity was classified as popular.
We found that pgpass demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.
Security News
ENISA’s 2024 report highlights the EU’s top cybersecurity threats, including rising DDoS attacks, ransomware, supply chain vulnerabilities, and weaponized AI.
Security News
NIST's new password guidelines remove periodic changes and special character requirements, focusing on longer, more secure passwords for better authentication practices.