Skip to content

Files

Latest commit

briancbrianc
Jun 14, 2025
7ab5923 · Jun 14, 2025

History

History

pg-connection-string

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
esm
esm
Apr 22, 2025
test
test
Jun 14, 2025
.coveralls.yml
.coveralls.yml
Apr 28, 2020
.gitignore
.gitignore
May 6, 2025
.mocharc.json
.mocharc.json
May 6, 2025
LICENSE
LICENSE
Apr 28, 2020
README.md
README.md
May 14, 2025
index.d.ts
index.d.ts
May 6, 2025
index.js
index.js
Jun 14, 2025
package.json
package.json
May 12, 2025
tsconfig.json
tsconfig.json
May 6, 2025

README.md

pg-connection-string

NPM

Functions for dealing with a PostgresSQL connection string

parse method taken from node-postgres Copyright (c) 2010-2014 Brian Carlson (brian.m.carlson@gmail.com) MIT License

Usage

const parse = require('pg-connection-string').parse;

const config = parse('postgres://someuser:somepassword@somehost:381/somedatabase')

The resulting config contains a subset of the following properties:

  • user - User with which to authenticate to the server
  • password - Corresponding password
  • host - Postgres server hostname or, for UNIX domain sockets, the socket filename
  • port - port on which to connect
  • database - Database name within the server
  • client_encoding - string encoding the client will use
  • ssl, either a boolean or an object with properties
    • rejectUnauthorized
    • cert
    • key
    • ca
  • any other query parameters (for example, application_name) are preserved intact.

ClientConfig Compatibility for TypeScript

The pg-connection-string ConnectionOptions interface is not compatible with the ClientConfig interface that pg.Client expects. To remedy this, use the parseIntoClientConfig function instead of parse:

import { ClientConfig } from 'pg';
import { parseIntoClientConfig } from 'pg-connection-string';

const config: ClientConfig = parseIntoClientConfig('postgres://someuser:somepassword@somehost:381/somedatabase')

You can also use toClientConfig to convert an existing ConnectionOptions interface into a ClientConfig interface:

import { ClientConfig } from 'pg';
import { parse, toClientConfig } from 'pg-connection-string';

const config = parse('postgres://someuser:somepassword@somehost:381/somedatabase')
const clientConfig: ClientConfig = toClientConfig(config)

Connection Strings

The short summary of acceptable URLs is:

  • socket:<path>?<query> - UNIX domain socket
  • postgres://<user>:<password>@<host>:<port>/<database>?<query> - TCP connection

But see below for more details.

UNIX Domain Sockets

When user and password are not given, the socket path follows socket:, as in socket:/var/run/pgsql. This form can be shortened to just a path: /var/run/pgsql.

When user and password are given, they are included in the typical URL positions, with an empty host, as in socket://user:pass@/var/run/pgsql.

Query parameters follow a ? character, including the following special query parameters:

  • db=<database> - sets the database name (urlencoded)
  • encoding=<encoding> - sets the client_encoding property

TCP Connections

TCP connections to the Postgres server are indicated with pg: or postgres: schemes (in fact, any scheme but socket: is accepted). If username and password are included, they should be urlencoded. The database name, however, should not be urlencoded.

Query parameters follow a ? character, including the following special query parameters:

  • host=<host> - sets host property, overriding the URL's host
  • encoding=<encoding> - sets the client_encoding property
  • ssl=1, ssl=true, ssl=0, ssl=false - sets ssl to true or false, accordingly
  • uselibpqcompat=true - use libpq semantics
  • sslmode=<sslmode> when uselibpqcompat=true is not set
    • sslmode=disable - sets ssl to false
    • sslmode=no-verify - sets ssl to { rejectUnauthorized: false }
    • sslmode=prefer, sslmode=require, sslmode=verify-ca, sslmode=verify-full - sets ssl to true
  • sslmode=<sslmode> when uselibpqcompat=true
    • sslmode=disable - sets ssl to false
    • sslmode=prefer - sets ssl to { rejectUnauthorized: false }
    • sslmode=require - sets ssl to { rejectUnauthorized: false } unless sslrootcert is specified, in which case it behaves like verify-ca
    • sslmode=verify-ca - sets ssl to { checkServerIdentity: no-op } (verify CA, but not server identity). This verifies the presented certificate against the effective CA specified in sslrootcert.
    • sslmode=verify-full - sets ssl to {} (verify CA and server identity)
  • sslcert=<filename> - reads data from the given file and includes the result as ssl.cert
  • sslkey=<filename> - reads data from the given file and includes the result as ssl.key
  • sslrootcert=<filename> - reads data from the given file and includes the result as ssl.ca

A bare relative URL, such as salesdata, will indicate a database name while leaving other properties empty.

Caution

Choosing an sslmode other than verify-full has serious security implications. Please read https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-SSLMODE-STATEMENTS to understand the trade-offs.