feat(readline): add skipHistory option to rl.question() to exclude input from history

[pckrishnadas88]

Description

This PR adds a new skipHistory boolean option to the readline.Interface.question() method.
When set to true, the user input is excluded from the readline history, useful for sensitive inputs such as passwords.

Implements the skipHistory flag throughout the readline and repl internals.

• Implements the skipHistory flag throughout the readline and repl internals.
• Defaults to false, so existing behavior is unaffected.
• Includes tests covering usage with and without the option.

Testing

• Added parallel test test-readline-skip-history.js verifying correct behavior.

Documentation

Documentation for the skipHistory option will be added in a follow-up PR or upon maintainer guidance.

Example usage

const readline = require('readline');

const rl = readline.createInterface({
  input: process.stdin,
  output: process.stdout
});

// Default behavior: input saved in history
rl.question('Enter your name: ', (name) => {
  console.log(`Hello, ${name}!`);
  console.log('History after name input:', rl.history);

  // Using skipHistory: true to avoid saving sensitive input
  rl.question('Password? ', { skipHistory: true }, (password) => {
    console.log('Password received but not stored in history.');
    console.log('History after password input (should not include password):', rl.history);
    rl.close();
  });
});

/*
Example console interaction:

Enter your name: Alice
Hello, Alice!
History after name input: [ 'Alice' ]
Password? supersecret
Password received but not stored in history.
History after password input (should not include password): [ 'Alice' ]
*/

Fixes: #59390

[codecov]

Codecov Report

❌ Patch coverage is 80.95238% with 4 lines in your changes missing coverage. Please review.
✅ Project coverage is 89.85%. Comparing base (abccbb4) to head (11c50c9).
⚠️ Report is 10 commits behind head on main.

Files with missing lines	Patch %	Lines
lib/internal/readline/interface.js	69.23%	4 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #59450      +/-   ##
==========================================
- Coverage   89.87%   89.85%   -0.02%     
==========================================
  Files         656      656              
  Lines      192956   192976      +20     
  Branches    37844    37847       +3     
==========================================
- Hits       173410   173399      -11     
- Misses      12101    12114      +13     
- Partials     7445     7463      +18     

Files with missing lines	Coverage Δ
lib/internal/readline/utils.js	98.34% <100.00%> (+<0.01%)	⬆️
lib/internal/repl/history.js	92.47% <100.00%> (+0.03%)	⬆️
lib/readline.js	96.58% <100.00%> (+0.02%)	⬆️
lib/internal/readline/interface.js	96.91% <69.23%> (-0.23%)	⬇️

... and 35 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[BridgeAR]

I think having such functionality makes sense.

I just wonder if we should ever save the response in the history or, if it would be best to ignore it by default. Has this ever been discussed anywhere? I couldn't find anything around that.

[pckrishnadas88]

I think having such functionality makes sense.

I just wonder if we should ever save the response in the history or, if it would be best to ignore it by default. Has this ever been discussed anywhere? I couldn't find anything around that.

I'm a newcomer in this ecosystem. Saw this as an open issue so tried to do something. Issue is listed here.

#59390

[pckrishnadas88]

This issue #59390 hasn’t seen much discussion yet, but I put together a fix to help move things forward. I’m happy to adjust the approach if needed — feedback is welcome from anyone familiar with REPL changes, @pimterry included if you have time to take a look.

[aduh95]

We would want to document the new option if that's the approach we decide to go with.

[pckrishnadas88]

We would want to document the new option if that's the approach we decide to go with.

I can update the documentation as per the guidelines once we decide about the requirements. Will keep this as open until then. If someone could finalise about the requirements it will be easy to continue.

[BridgeAR]

Let's just change the current implementation and release it as breaking change. I believe it was just an oversight to include these entries in the history originally. No one has likely thought about that.

[pckrishnadas88]

Let's just change the current implementation and release it as breaking change. I believe it was just an oversight to include these entries in the history originally. No one has likely thought about that.

Sorry I missed your reply. So what you recommend

1. Remove user inputs completely from history ie no need of skipHistory
2. Make the flag skipHistory true by default.

[pckrishnadas88]

Hi @nodejs/tsc @nodejs/collaborators,

Hope you're all doing well! I wanted to gently follow up on my PR.