Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
12factor-config
Advanced tools
A config module which only reads the environment. For Node.js that means process.env
.
Note 1 : We will not ever use NODE_ENV
in any example here since each environment
should specify everything it needs and nothing should be dependent on being a particular
environment (such as 'development', 'testing', 'staging' or 'production').
Note 2 : This package is considered stable so the fact that there are few commits these days is no sign of inactivity, just stability. Please use and submit PRs for bugs. New features will be considered too.
Please note that this project is pretty much feature complete. Issues will be fixed. New features may be added if necessary. Otherwise it won't have very many more releases - but rest assured I will support it and you. The project is not dead, it is merely resting.
Firstly, set some environment variables that your program will look for. You don't need to set any that have a 'default' but you do need to set any that are 'required'.
$ export REDIS_URL=redis://user:password@hostname:port/db
$ export APPNAME_PORT=8080
Then, in your program:
var config = require('12factor-config');
var cfg = config({
redisUrl : {
env : 'REDIS_URL',
type : 'string', // default
required : true,
},
logfile : {
env : 'APPNAME_LOG_FILE',
type : 'string',
default : '/var/log/appname.log',
required : true,
},
port : {
env : 'APPNAME_PORT',
type : 'integer',
default : '8000',
required : true,
},
debug : {
env : 'APPNAME_DEBUG',
type : 'boolean',
default : false,
},
env : {
// you really shouldn't use this, but some people/packages do
env : 'NODE_ENV',
type : 'enum',
values : [ 'development', 'test', 'stage', 'production', ],
},
});
console.log(cfg);
Should output something like:
{
redisUrl: 'redis://user:password@hostname:port/db',
logfile: '/var/log/appname.log',
port: 8080,
debug: false,
env: 'development'
}
It is advisable to prefix your environment variables with a prefix related to your application name as shown in the later config vars above. Mainly this is to namespace your vars and not stomp over others already defined. Of course you don't need to use the prefix in the local name.
When you have certain types, some transformations are performed to get it from a string (since the environment only contains string) into the required value.
boolean
- upper or lower case is allowed
I usually have a lib/cfg.js
such as the following:
var config = require('12factor-config');
var cfg = config({
// ... environment config here ...
});
module.exports = cfg;
By doing this, all other files in your application can just require('lib/cfg.js')
and obtain
the exact same configuration.
Written by Andrew Chilton - Twitter.
MIT - http://chilts.mit-license.org/2013/
(Ends)
FAQs
Read the config for your app from only the environment.
The npm package 12factor-config receives a total of 959 weekly downloads. As such, 12factor-config popularity was classified as not popular.
We found that 12factor-config demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.