{"id":18679,"library":"pouchdb-security","title":"PouchDB Security","description":"pouchdb-security (v4.2.0) is a plugin for PouchDB that enforces database access restrictions via a CouchDB-compatible security document. It validates user permissions for read, write, admin roles against the `_security` doc. Part of the PouchDB ecosystem with irregular releases; key differentiator is its server-side enforcement when used with pouchdb-server/express-pouchdb, supporting both Node.js and browser environments.","status":"active","version":"4.2.0","language":"javascript","source_language":"en","source_url":"https://github.com/pouchdb/pouchdb-server","tags":["javascript","pouch","pouchdb","couch","couchdb","security","access","online","offline"],"install":[{"cmd":"npm install pouchdb-security","lang":"bash","label":"npm"},{"cmd":"yarn add pouchdb-security","lang":"bash","label":"yarn"},{"cmd":"pnpm add pouchdb-security","lang":"bash","label":"pnpm"}],"dependencies":[{"reason":"Peer dependency; required as the database engine.","package":"pouchdb","optional":false}],"imports":[{"note":"ESM-only since v4.0.0; CJS require() will fail.","wrong":"const Security = require('pouchdb-security')","symbol":"default","correct":"import Security from 'pouchdb-security'"},{"note":"Package exports a class named 'Security' as default; named import works too.","wrong":"import security from 'pouchdb-security'","symbol":"Security","correct":"import { Security } from 'pouchdb-security'"},{"note":"In Node.js/bundler, always import PouchDB from 'pouchdb'. For browser, use script tag.","wrong":"const PouchDB = window.PouchDB","symbol":"PouchDB","correct":"import PouchDB from 'pouchdb'"}],"quickstart":{"code":"import PouchDB from 'pouchdb';\nimport Security from 'pouchdb-security';\n\n// Register plugin\nPouchDB.plugin(Security);\n\nconst db = new PouchDB('mydb');\n\n// Set security document\nawait db.putSecurity({\n  admins: { names: ['admin'], roles: [] },\n  members: { names: ['alice'], roles: ['reader'] }\n});\n\n// Verify access (server-side only)\ntry {\n  const doc = await db.get('some-doc', { auth: { username: 'alice', password: 'pass' } });\n  console.log('Access granted');\n} catch (err) {\n  console.error('Access denied:', err);\n}","lang":"typescript","description":"Registers the pouchdb-security plugin, creates a database, sets a security document, and attempts to fetch a document with authentication."},"warnings":[{"fix":"Use import syntax or upgrade to an ESM-compatible environment.","message":"Package switched to ESM-only in v4.0.0; CommonJS require() no longer works.","severity":"breaking","affected_versions":">=4.0.0"},{"fix":"Use with pouchdb-server or express-pouchdb to enforce restrictions.","message":"Security enforcement only works in a server context (pouchdb-server/express-pouchdb). In browser or Node without server, it does nothing.","severity":"gotcha","affected_versions":"*"},{"fix":"Use a proper authentication proxy or server-side auth middleware.","message":"The 'auth' option in db.get() and similar methods may be deprecated in future PouchDB versions.","severity":"deprecated","affected_versions":">=7.0.0"}],"env_vars":null,"last_verified":"2026-04-25T00:00:00.000Z","next_check":"2026-07-24T00:00:00.000Z","problems":[{"fix":"Run 'npm install pouchdb-security' and ensure it is in package.json.","cause":"Package not installed or not present in node_modules.","error":"Error: Cannot find module 'pouchdb-security'"},{"fix":"Ensure import PouchDB from 'pouchdb' is called before PouchDB.plugin(Security).","cause":"PouchDB not imported properly or Security plugin registered before PouchDB is available.","error":"TypeError: PouchDB.plugin is not a function"},{"fix":"Call db.putSecurity() with an appropriate security object before enforcing access.","cause":"The '_security' document does not exist in the database.","error":"SecurityError: No security document found"}],"ecosystem":"npm","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}