Security News
Cloudflare Adds Security.txt Setup Wizard
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
The pgpass npm package is used to handle PostgreSQL password files (.pgpass) in Node.js applications. It simplifies the process of managing database credentials by reading and parsing the .pgpass file, which stores passwords for PostgreSQL connections.
Reading .pgpass file
This feature allows you to read the .pgpass file and retrieve the password for a given connection information. The pgpass function takes connection info and a callback, and returns the password if found.
const pgpass = require('pgpass');
const connInfo = { host: 'localhost', port: 5432, user: 'user', database: 'mydb' };
pgpass(connInfo, (err, password) => {
if (err) {
console.error('Error reading .pgpass file:', err);
} else {
console.log('Password:', password);
}
});
Handling multiple entries
This feature demonstrates how to handle multiple entries in the .pgpass file. You can retrieve passwords for different users and databases by providing the respective connection information.
const pgpass = require('pgpass');
const connInfo1 = { host: 'localhost', port: 5432, user: 'user1', database: 'db1' };
const connInfo2 = { host: 'localhost', port: 5432, user: 'user2', database: 'db2' };
pgpass(connInfo1, (err, password1) => {
if (err) {
console.error('Error reading .pgpass file for user1:', err);
} else {
console.log('Password for user1:', password1);
}
});
pgpass(connInfo2, (err, password2) => {
if (err) {
console.error('Error reading .pgpass file for user2:', err);
} else {
console.log('Password for user2:', password2);
}
});
The 'pg' package is a PostgreSQL client for Node.js. While it does not specifically handle .pgpass files, it provides comprehensive functionality for connecting to and interacting with PostgreSQL databases. Users can manually read .pgpass files and pass the credentials to the 'pg' client.
The 'pg-promise' package is a PostgreSQL interface for Node.js that uses promises. Similar to 'pg', it does not handle .pgpass files directly but offers robust database interaction capabilities. Users can integrate .pgpass file reading manually if needed.
The 'node-postgres' package, also known as 'pg', is another PostgreSQL client for Node.js. It provides a rich set of features for database operations but does not include built-in support for .pgpass files. Users can manage .pgpass file reading separately.
npm install pgpass
var pgPass = require('pgpass');
var connInfo = {
'host' : 'pgserver' ,
'user' : 'the_user_name' ,
};
pgPass(connInfo, function(pass){
conn_info.password = pass;
// connect to postgresql server
});
This module tries to read the ~/.pgpass
file (or the equivalent for windows systems). If the environment variable PGPASSFILE
is set, this file is used instead. If everything goes right, the password from said file is passed to the callback; if the password cannot be read undefined
is passed to the callback.
Cases where undefined
is returned:
PGPASSWORD
is setThere should be no need to use this module directly; it is already included in node-postgresq
.
The module reads the environment variable PGPASS_NO_DEESCAPE
to decide if the the read tokens from the password file should be de-escaped or not. Default is to do de-escaping. For further information on this see this commit.
There are tests in ./test/
; including linting and coverage testing. Running npm test
runs:
jshint
mocha
testsjscoverage
and mocha -R html-cov
You can see the coverage report in coverage.html
.
If you find Bugs or have improvments, please feel free to open a issue on github. If you provide a pull request, I'm more than happy to merge them, just make sure to add tests for your changes.
FAQs
Module for reading .pgpass
The npm package pgpass receives a total of 4,499,902 weekly downloads. As such, pgpass popularity was classified as popular.
We found that pgpass demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.
Security News
ENISA’s 2024 report highlights the EU’s top cybersecurity threats, including rising DDoS attacks, ransomware, supply chain vulnerabilities, and weaponized AI.