The pgpass npm package is used to handle PostgreSQL password files (.pgpass) in Node.js applications. It simplifies the process of managing database credentials by reading and parsing the .pgpass file, which stores passwords for PostgreSQL connections.
Reading .pgpass file
This feature allows you to read the .pgpass file and retrieve the password for a given connection information. The pgpass function takes connection info and a callback, and returns the password if found.
const pgpass = require('pgpass');
const connInfo = { host: 'localhost', port: 5432, user: 'user', database: 'mydb' };
pgpass(connInfo, (err, password) => {
if (err) {
console.error('Error reading .pgpass file:', err);
} else {
console.log('Password:', password);
}
});Handling multiple entries
This feature demonstrates how to handle multiple entries in the .pgpass file. You can retrieve passwords for different users and databases by providing the respective connection information.
const pgpass = require('pgpass');
const connInfo1 = { host: 'localhost', port: 5432, user: 'user1', database: 'db1' };
const connInfo2 = { host: 'localhost', port: 5432, user: 'user2', database: 'db2' };
pgpass(connInfo1, (err, password1) => {
if (err) {
console.error('Error reading .pgpass file for user1:', err);
} else {
console.log('Password for user1:', password1);
}
});
pgpass(connInfo2, (err, password2) => {
if (err) {
console.error('Error reading .pgpass file for user2:', err);
} else {
console.log('Password for user2:', password2);
}
});The 'pg' package is a PostgreSQL client for Node.js. While it does not specifically handle .pgpass files, it provides comprehensive functionality for connecting to and interacting with PostgreSQL databases. Users can manually read .pgpass files and pass the credentials to the 'pg' client.
The 'pg-promise' package is a PostgreSQL interface for Node.js that uses promises. Similar to 'pg', it does not handle .pgpass files directly but offers robust database interaction capabilities. Users can integrate .pgpass file reading manually if needed.
The 'node-postgres' package, also known as 'pg', is another PostgreSQL client for Node.js. It provides a rich set of features for database operations but does not include built-in support for .pgpass files. Users can manage .pgpass file reading separately.
npm install pgpass
var pgPass = require('pgpass');
var connInfo = {
'host' : 'pgserver' ,
'user' : 'the_user_name' ,
};
pgPass(connInfo, function(pass){
conn_info.password = pass;
// connect to postgresql server
});
This module tries to read the ~/.pgpass file (or the equivalent for windows systems). If the environment variable PGPASSFILE is set, this file is used instead. If everything goes right, the password from said file is passed to the callback; if the password cannot be read undefined is passed to the callback.
Cases where undefined is returned:
PGPASSWORD is setThere should be no need to use this module directly; it is already included in node-postgresq.
The module reads the environment variable PGPASS_NO_DEESCAPE to decide if the the read tokens from the password file should be de-escaped or not. Default is to do de-escaping. For further information on this see this commit.
There are tests in ./test/; including linting and coverage testing. Running npm test runs:
jshintmocha testsjscoverage and mocha -R html-covYou can see the coverage report in coverage.html.
If you find Bugs or have improvments, please feel free to open a issue on github. If you provide a pull request, I'm more than happy to merge them, just make sure to add tests for your changes.
FAQs
Module for reading .pgpass
The npm package pgpass receives a total of 4,131,781 weekly downloads. As such, pgpass popularity was classified as popular.
We found that pgpass demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.
Security News
Research
Socket's threat research team has detected five malicious npm packages targeting Roblox developers, deploying malware to steal credentials and personal data.