The pgpass npm package is used to handle PostgreSQL password files (.pgpass) in Node.js applications. It simplifies the process of managing database credentials by reading and parsing the .pgpass file, which stores passwords for PostgreSQL connections.
Reading .pgpass file
This feature allows you to read the .pgpass file and retrieve the password for a given connection information. The pgpass function takes connection info and a callback, and returns the password if found.
const pgpass = require('pgpass');
const connInfo = { host: 'localhost', port: 5432, user: 'user', database: 'mydb' };
pgpass(connInfo, (err, password) => {
if (err) {
console.error('Error reading .pgpass file:', err);
} else {
console.log('Password:', password);
}
});Handling multiple entries
This feature demonstrates how to handle multiple entries in the .pgpass file. You can retrieve passwords for different users and databases by providing the respective connection information.
const pgpass = require('pgpass');
const connInfo1 = { host: 'localhost', port: 5432, user: 'user1', database: 'db1' };
const connInfo2 = { host: 'localhost', port: 5432, user: 'user2', database: 'db2' };
pgpass(connInfo1, (err, password1) => {
if (err) {
console.error('Error reading .pgpass file for user1:', err);
} else {
console.log('Password for user1:', password1);
}
});
pgpass(connInfo2, (err, password2) => {
if (err) {
console.error('Error reading .pgpass file for user2:', err);
} else {
console.log('Password for user2:', password2);
}
});The 'pg' package is a PostgreSQL client for Node.js. While it does not specifically handle .pgpass files, it provides comprehensive functionality for connecting to and interacting with PostgreSQL databases. Users can manually read .pgpass files and pass the credentials to the 'pg' client.
The 'pg-promise' package is a PostgreSQL interface for Node.js that uses promises. Similar to 'pg', it does not handle .pgpass files directly but offers robust database interaction capabilities. Users can integrate .pgpass file reading manually if needed.
The 'node-postgres' package, also known as 'pg', is another PostgreSQL client for Node.js. It provides a rich set of features for database operations but does not include built-in support for .pgpass files. Users can manage .pgpass file reading separately.
npm install pgpass
var pgPass = require('pgpass');
var connInfo = {
'host' : 'pgserver' ,
'user' : 'the_user_name' ,
};
pgPass(connInfo, function(pass){
conn_info.password = pass;
// connect to postgresql server
});
This module tries to read the ~/.pgpass file (or the equivalent for windows systems). If the environment variable PGPASSFILE is set, this file is used instead. If everything goes right, the password from said file is passed to the callback; if the password cannot be read undefined is passed to the callback.
Cases where undefined is returned:
PGPASSWORD is setThere should be no need to use this module directly; it is already included in node-postgresq.
The module reads the environment variable PGPASS_NO_DEESCAPE to decide if the the read tokens from the password file should be de-escaped or not. Default is to do de-escaping. For further information on this see this commit.
There are tests in ./test/; including linting and coverage testing. Running npm test runs:
jshintmocha testsjscoverage and mocha -R html-covYou can see the coverage report in coverage.html.
If you find Bugs or have improvments, please feel free to open a issue on github. If you provide a pull request, I'm more than happy to merge them, just make sure to add tests for your changes.
Copyright (c) 2013-2016 Hannes Hörl
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
FAQs
Module for reading .pgpass
The npm package pgpass receives a total of 4,612,038 weekly downloads. As such, pgpass popularity was classified as popular.
We found that pgpass demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.
Security News
PyPI now supports digital attestations, enhancing security and trust by allowing package maintainers to verify the authenticity of Python packages.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.