You can change the default behavior at the schema definition level using the select
attribute of the field:
password: { type: String, select: false }
Then you can pull it in as needed in find
and populate
calls via field selection as '+password'
. For example:
Users.findOne({_id: id}).select('+password').exec(...);