* Set default PostgreSQL user to 'postgres' to avoid Deno env access errors
Currently, the pg package defaults the database user to process.env.USER (or USERNAME on Windows).
This causes errors when running in Deno without --allow-env, as environment access is restricted.
This PR changes the default user to 'postgres', so:
- Node.js behavior is unchanged when a user is explicitly provided in config.
- Deno users no longer hit NotCapable errors for environment access.
- Avoids relying on process.env for default values.
Example:
Before:
user: process.platform === 'win32' ? process.env.USERNAME : process.env.USER,
After:
user: 'postgres', // default user, avoids using process.env
* Prioritize config values over environment variables in ConnectionParameters
Previously, ConnectionParameters would first check process.env for connection settings before using the provided config object. This could cause errors in environments like Deno where environment access is restricted.
This change updates the val function to:
1. Use the value from config if it is defined.
2. Fall back to environment variables only if config does not provide a value.
3. Use default values if neither config nor environment variables are set.
This ensures that explicitly provided configuration values are always respected, avoiding unnecessary errors in restricted environments.
* Wrap NODE_PG_FORCE_NATIVE check in try/catch for Deno compatibility
Replace the `typeof process.env.NODE_PG_FORCE_NATIVE !== 'undefined'` check with a try/catch
to safely handle environments like Deno without `--allow-env`.
- Keeps Node.js behavior unchanged.
- Prevents errors when accessing process.env in Deno.
- Preserves lazy loading of the native module.
* Make default database user Deno-safe
Wrap the default database user assignment in a try/catch to prevent errors when environment access is restricted (e.g., in Deno).
- Uses process.env.USER / USERNAME on Node if available
- Falls back to 'postgres' when env access fails or is unavailable
- Maintains code structure and comments
- Ensures Node tests continue to pass while preventing Deno runtime errors
* Fixing checks pass
* Update packages/pg/lib/connection-parameters.js
Co-authored-by: Charmander <~@charmander.me>
* fix(pg): only guard process.env access when forcing native client
---------
Co-authored-by: Charmander <~@charmander.me>
* Drop support for EOL versions of node (#2062)
* Drop support for EOL versions of node
* Re-add testing for node@8.x
* Revert changes to .travis.yml
* Update packages/pg-pool/package.json
Co-Authored-By: Charmander <~@charmander.me>
Co-authored-by: Charmander <~@charmander.me>
* Remove password from stringified outputs (#2066)
* Remove password from stringified outputs
Theres a security concern where if you're not careful and you include your client or pool instance in console.log or stack traces it might include the database password. To widen the pit of success I'm making that field non-enumerable. You can still get at it...it just wont show up "by accident" when you're logging things now.
The backwards compatiblity impact of this is very small, but it is still technically somewhat an API change so...8.0.
* Implement feedback
* Fix more whitespace the autoformatter changed
* Simplify code a bit
* Remove password from stringified outputs (#2070)
* Keep ConnectionParameters’s password property writable
`Client` writes to it when `password` is a function.
* Avoid creating password property on pool options
when it didn’t exist previously.
* Allow password option to be non-enumerable
to avoid breaking uses like `new Pool(existingPool.options)`.
* Make password property definitions consistent
in formatting and configurability.
Co-authored-by: Charmander <~@charmander.me>
* Make `native` non-enumerable (#2065)
* Make `native` non-enumerable
Making it non-enumerable means less spurious "Cannot find module"
errors in your logs when iterating over `pg` objects.
`Object.defineProperty` has been available since Node 0.12.
See https://github.com/brianc/node-postgres/issues/1894#issuecomment-543300178
* Add test for `native` enumeration
Co-authored-by: Gabe Gorelick <gabegorelick@gmail.com>
* Use class-extends to wrap Pool (#1541)
* Use class-extends to wrap Pool
* Minimize diff
* Test `BoundPool` inheritance
Co-authored-by: Charmander <~@charmander.me>
Co-authored-by: Brian C <brian.m.carlson@gmail.com>
* Continue support for creating a pg.Pool from another instance’s options (#2076)
* Add failing test for creating a `BoundPool` from another instance’s settings
* Continue support for creating a pg.Pool from another instance’s options
by dropping the requirement for the `password` property to be enumerable.
* Use user name as default database when user is non-default (#1679)
Not entirely backwards-compatible.
* Make native client password property consistent with others
i.e. configurable.
* Make notice messages not an instance of Error (#2090)
* Make notice messages not an instance of Error
Slight API cleanup to make a notice instance the same shape as it was, but not be an instance of error. This is a backwards incompatible change though I expect the impact to be minimal.
Closes#1982
* skip notice test in travis
* Pin node@13.6 for regression in async iterators
* Check and see if node 13.8 is still borked on async iterator
* Yeah, node still has changed edge case behavior on stream
* Emit notice messages on travis
* Revert "Revert "Support additional tls.connect() options (#1996)" (#2010)" (#2113)
This reverts commit 510a273ce45fb73d0355cf384e97ea695c8a5bcc.
* Fix ssl tests (#2116)
* Convert Query to an ES6 class (#2126)
The last missing `new` deprecation warning for pg 8.
Co-authored-by: Charmander <~@charmander.me>
Co-authored-by: Gabe Gorelick <gabegorelick@gmail.com>
Co-authored-by: Natalie Wolfe <natalie@lifewanted.com>
