How to hide password in the nodejs console?

How to hide password in the nodejs console?

I want to hide password input. I see many answers in stackoverflow but I can’t verify value if I press backspace. The condition return false.
I tried several solution to overwrite the function but I got an issue with buffer if I press backspace, I got invisible character \b.
I press : “A”, backspace, “B”, I have in my buffer this : “\u0041\u0008\u0042” (toString() = ‘A\bB’) and not “B”.
I have :
var readline = require(‘readline’);

var rl = readline.createInterface({
input: process.stdin,
output: process.stdout
});

rl.question(“password : “, function(password) {
console.log(“Your password : ” + password);
});

Solutions/Answers:

Solution 1:

This can be handled with readline by intercepting the output through a muted stream, as is done in the read project on npm (https://github.com/isaacs/read/blob/master/lib/read.js):

var readline = require('readline');
var Writable = require('stream').Writable;

var mutableStdout = new Writable({
  write: function(chunk, encoding, callback) {
    if (!this.muted)
      process.stdout.write(chunk, encoding);
    callback();
  }
});

mutableStdout.muted = false;

var rl = readline.createInterface({
  input: process.stdin,
  output: mutableStdout,
  terminal: true
});

rl.question('Password: ', function(password) {
  console.log('\nPassword is ' + password);
  rl.close();
});

mutableStdout.muted = true;

Solution 2:

Overwrite _writeToOutput of application’s readline interface : https://github.com/nodejs/node/blob/v9.5.0/lib/readline.js#L291

Related:  Generate an RFC 3339 timestamp similar to Google Tasks API?

To hide your password input, you can use :

FIRST SOLUTION : “password : [=-]”

This solution has animation when you press a touch :

password : [-=]
password : [=-]

The code :

var readline = require('readline');

var rl = readline.createInterface({
  input: process.stdin,
  output: process.stdout
});

rl.stdoutMuted = true;

rl.query = "Password : ";
rl.question(rl.query, function(password) {
  console.log('\nPassword is ' + password);
  rl.close();
});

rl._writeToOutput = function _writeToOutput(stringToWrite) {
  if (rl.stdoutMuted)
    rl.output.write("\x1B[2K\x1B[200D"+rl.query+"["+((rl.line.length%2==1)?"=-":"-=")+"]");
  else
    rl.output.write(stringToWrite);
};

This sequence “\x1B[2K\x1BD” uses two escapes sequences :

  • Esc [2K : clear entire line.
  • Esc D : move/scroll window up one line.

To learn more, read this : http://ascii-table.com/ansi-escape-sequences-vt-100.php

SECOND SOLUTION : “password : ****”

var readline = require('readline');

var rl = readline.createInterface({
  input: process.stdin,
  output: process.stdout
});

rl.stdoutMuted = true;

rl.question('Password: ', function(password) {
  console.log('\nPassword is ' + password);
  rl.close();
});

rl._writeToOutput = function _writeToOutput(stringToWrite) {
  if (rl.stdoutMuted)
    rl.output.write("*");
  else
    rl.output.write(stringToWrite);
};

You can clear history with :

rl.history = rl.history.slice(1);

Solution 3:

You can use the readline-sync module instead of node’s readline.

Password-hiding functionality is built in via it’s “hideEchoBack” option.

https://www.npmjs.com/package/readline-sync

Solution 4:

Wanted to add to the marked solution#2.

When we detect the line-ends, I believe we should remove the event handler instead of just stdin.pause(). This can be an issue if you are waiting on rl.question/rl.prompt elsewhere.
In those cases, if stdin.pause() was used, it would just exit the program without giving any errors and can be quite annoying to debug.

function hidden(query, callback) {
    var stdin = process.openStdin();
    var onDataHandler = function(char) {
        char = char + "";
        switch (char) {
          case "\n": case "\r": case "\u0004":
            // Remove this handler
            stdin.removeListener("data",onDataHandler); 
            break;//stdin.pause(); break;
          default:
            process.stdout.write("\033[2K\033[200D" + query + Array(rl.line.length+1).join("*"));
          break;
        }
    }
    process.stdin.on("data", onDataHandler);

    rl.question(query, function(value) {
      rl.history = rl.history.slice(1);
      callback(value);
    });
}

Solution 5:

My solution, scraped together from various bits online:

import readline from 'readline';

export const hiddenQuestion = query => new Promise((resolve, reject) => {
  const rl = readline.createInterface({
    input: process.stdin,
    output: process.stdout
  });
  const stdin = process.openStdin();
  process.stdin.on('data', char => {
    char = char + '';
    switch (char) {
      case '\n':
      case '\r':
      case '\u0004':
        stdin.pause();
        break;
      default:
        process.stdout.clearLine();
        readline.cursorTo(process.stdout, 0);
        process.stdout.write(query + Array(rl.line.length + 1).join('*'));
        break;
    }
  });
  rl.question(query, value => {
    rl.history = rl.history.slice(1);
    resolve(value);
  });
});

Usage is like this:

// import { hiddenQuestion } from './hidden-question.js';

const main = async () => {
  console.log('Enter your password and I will tell you your password! ');
  const password = await hiddenQuestion('> ');
  console.log('Your password is "' + password + '". ');
};

main().catch(error => console.error(error));

Solution 6:

Also one can use tty.ReadStream
changing mode of process.stdin
to disable echoing input characters.

Related:  How to simulate a click with JavaScript?

let read_Line_Str = "";
let credentials_Obj = {};
process.stdin.setEncoding('utf8');
process.stdin.setRawMode( true );
process.stdout.write( "Enter password:" ); 
process.stdin.on( 'readable', () => {
  const chunk = process.stdin.read();
  if ( chunk !== null ) {
    read_Line_Str += chunk;
    if( 
      chunk == "\n" ||
      chunk == "\r" ||
      chunk == "\u0004"
    ){
      process.stdout.write( "\n" );
      process.stdin.setRawMode( false );
      process.stdin.emit('end'); /// <- this invokes on.end
    }else{
      // providing visual feedback
      process.stdout.write( "*" );  
    }  
  }else{
    //console.log( "readable data chunk is null|empty" );
  }
} );
process.stdin.on( 'end', () => {
  credentials_Obj.user = process.env.USER;
  credentials_Obj.host = 'localhost';
  credentials_Obj.database = process.env.USER;
  credentials_Obj.password = read_Line_Str.trim();
  credentials_Obj.port = 5432;
  //
  connect_To_DB( credentials_Obj );
} );

References