@adobe/aio-lib-core-config - npm Package Compare versions

Comparing version 3.0.0 to 3.1.0

package.json

 {
   "name": "@adobe/aio-lib-core-config",
-  "version": "3.0.0",
+  "version": "3.1.0",
   "description": "Adobe I/O Configuration Module",
@@ -5,0 +5,0 @@ "main": "./src/index.js",

src/Config.js

@@ -40,7 +40,10 @@ /*
     dotenv(true)
-
+    // get the env var and use it as the config root key
+    // this could be aio or wxp or whatever
+    const configRootKey = process.env.AIO_CONFIG_KEY || 'aio'
     const configBasePath = process.env.XDG_CONFIG_HOME || path.join(os.homedir(), '.config')
-    this.global = { file: process.env.AIO_CONFIG_FILE || path.join(configBasePath, 'aio') }
-    this.local = { file: path.join(process.cwd(), '.aio') }
 
+    this.global = { file: process.env.AIO_CONFIG_FILE || path.join(configBasePath, configRootKey) }
+    this.local = { file: path.join(process.cwd(), `.${configRootKey}`) }
+
     this.global = { ...this.global, ...readFile(this.global.file) }
@@ -53,4 +56,7 @@ this.local = { ...this.local, ...readFile(this.local.file) }
     for (const key in process.env) {
-      const match = key.match(/^AIO_(.+)/i)
+      const dynamicKey = new RegExp(`^${configRootKey.toUpperCase()}_(.+)`, 'i')
+      const match = key.match(dynamicKey)
       if (match) {
+        // join single _ with .
+        // replace double __ with _
         const newKey = match[1].toLowerCase()
@@ -57,0 +63,0 @@ .split(/(?<!_)_(?!_)/)

New alerts

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

33242

increased by1.01%

Lines of code

535

increased by1.13%

Worsened metrics

Number of low supply chain risk alerts

12

increased by9.09%

No dependency changes