almereyda
commented
2 years ago There is a package for prompts at https://github.com/flatiron/prompt which allows to hide passwords, in case one wanted to add another (stable) dependency.
Yet it knows similar, spooky errors, which eventually disappear. https://github.com/flatiron/prompt/issues/187
Eventually this could be reimplemented with using TTY flags (e.g. disable-input-echo) instead of masking characters. https://github.com/wez/wezterm/issues/2460
- https://wezfurlong.org/wezterm/config/lua/pane/get_metadata.html?highlight=password#password_input
if it appears as though the local PTY is configured for password entry (local echo disabled, canonical input mode enabled)
The method to call could be process.stdin.setRawMode(true), according to https://nodejs.org/api/tty.html#readstreamsetrawmodemode:
When in raw mode, input is always available character-by-character, not including modifiers. Additionally, all special processing of characters by the terminal is disabled, including echoing input characters.
Ctrl+Cwill no longer cause aSIGINTwhen in this mode.
This means an own handler for Ctrl + C SIGINT would have to accompany such an implementation, in case one wanted to abort typing a password. Eventually also arrow keys and delete or backspace would have to be implemented alongside.
Another package helps with this setting https://github.com/jerch/node-termios
jcoglan
When running
vaultfrom a Node 18 host, its passphrase is shown on the terminal:This does not occur on Node 16, the current LTS:
What becomes obvious, is, that the masking asterisk characters will be printed on a separate line instead, just right after entering the passphrase.
Reference: