npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

whomst

v0.1.5

Published

Module to get user (passwd) and group info, with lots of fallbacks

Downloads

17

Readme

whomst

Gets user and group info, by any means necessary

whomst

Background

Node doesn't have a built-in function to resolve an OS username or groupname to a UID or GID (or vice versa). There are a few native modules that expose the functions necessary to get this information, but native modules can't always be relied upon (in environments where the toolchain isn't present, or the architecture isn't supported, or the targeted ABI is unmaintained, or any of a number of other possible ways native modules can break).

There are other ways to get this information, but they've all got possible pitfalls themselves. You can query the system database with the getent binary, but that will fail if getent isn't present. You can try reading the contents of /etc/passwd, but that will fail if the current user doesn't have permission to access /etc/passwd (or if user IDs are coming from a different source, such as LDAP). You can exploit the locations in Node's code where it calls out to the relevant functions as a side effect (namely process.setuid and os.userInfo, which both incorporate getpwnam under the hood), but this requires the user to have permission to setuid to the user being queried, not to mention being incredibly hacky. (Nonetheless, this last technique is the approach actually used internally by npm.)

For a program to truly be resilient against all these possible contingencies, it should be ready to try all of the possible techniques.

Implementation

whomst will try obtaining info, in order of availability, from:

  • the getpwnamand getgrnam functions from the posix module
  • the functions from the userid module (if installed)
  • the getent(1) binary
  • the contents of /etc/passwd and /etc/group
  • the results of doing a setuid or setgid with the given name (as used by the uid-number module)
  • as a last-ditch effort, seeing if the uid matches the current user's info

As of v0.1.2, not all of these code paths have been tested (though they are all believed to be implemented).

API

whomst.user andwhomst.group take a number or string and return a promise. whomst.sync.user and whomst.sync.group do the same thing, but synchronously instead of via promises.

These functions return objects compatible with the return values of the corresponding functions from the posix package. See the documentation for posix.getpwnam and posix.getgrnam for examples of returns from whomst.user and whomst.group, respectively.

Note that not all fields are guaranteed: if whomst.group has to fall back to the setgid hack method for determining a group's gid, the return value may only contain name and gid (or even only gid, if the name wasn't provided). This means that you may not be able to determine a group's name from its gid, if all the more-reliable mechanisms fail.

Tips

Unlike some similar modules like uid-number, whomst does not cache any results between calls (as these results could, in theory, change between two separate invocations). If you wish to cache results between calls to this function (say, if you're going to make thousands of calls to it in the space of a very short time), you may wish to implement a memoization layer like fast-memoize around whomst.