New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

@avanio/variable-util

Package Overview
Dependencies
Maintainers
3
Versions
66
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@avanio/variable-util

Utility to get variables from multiple resources

latest
Source
npmnpm
Version
1.3.3
Version published
Weekly downloads
8
33.33%
Maintainers
3
Weekly downloads
 
Created
Source

@avanio/variable-util

TypeScript npm version Maintainability Code Coverage variable-util to npmjs

NodeJS Installation

npm i @avanio/variable-util

Browser Installation (use browserify events for compatibility)

npm i @avanio/variable-util events

Documentation

Usage examples

Base ConfigMap project setup

// file: loaders.ts
const fetchEnv = new FetchConfigLoader<OverrideMap>(() => new Request('https://example.com/config.json'));
const env = new EnvConfigLoader<OverrideMap>(undefined, {PORT: 'HTTP_PORT'}); // loads from process.env, with override PORT key from HTTP_PORT value
const reactEnv = new ReactEnvConfigLoader<OverrideMap>(); // loads from process.env in react app
// other loaders like dotenv from "@avanio/variable-util-node" can be added here

export const loaders: IConfigLoader[] = [env, fetchEnv, reactEnv];

// file: envTypes.ts
export type MainEnv = {
	PORT: number;
	HOST: string;
	DEBUG: boolean;
	URL: URL;
};
export type TestEnv = {
	TEST: string;
	API_SERVER: URL;
};
// override keys helper for loaders to know current key names
export type OverrideMap = InferOverrideKeyMap<MainEnv & TestEnv>;

// file: env.ts
export const mainConfig = new ConfigMap<MainEnv>(
	{
		DEBUG: {parser: booleanParser(), defaultValue: false},
		HOST: {parser: stringParser(), defaultValue: 'localhost'},
		PORT: {parser: integerParser(), defaultValue: 3000},
		URL: {parser: new UrlParser({urlSanitize: true}), defaultValue: new URL('http://localhost:3000')},
	},
	loaders,
);

Complex parsers

// file: envParsers.ts

// Define the custom parser instances for the config values
const objectSchema = z.object({
	foo: z.string(),
	baz: z.string(),
	secret: z.string(),
});

// parses 'foo=bar;baz=qux;secret=secret' string to {foo: "bar", baz: "qux", secret: "secret"}
export const fooBarSemicolonParser = new SemicolonConfigParser({
	validate: (value) => objectSchema.parse(value),
	protectedKeys: ['secret'],
	showProtectedKeys: 'prefix-suffix', // shows secret value with few characters from start and end on logging
});

// parses '{"foo": "bar", "baz": "qux", "secret": "secret"}' string to {foo: "bar", baz: "qux", secret: "secret"}
export const fooBarJsonParser = new JsonConfigParser({
	validate: (value) => objectSchema.parse(value),
	protectedKeys: ['secret'],
	showProtectedKeys: 'prefix-suffix', // shows secret value with few characters from start and end on logging
});

export const urlParser = new UrlParser({urlSanitize: true}); // urlSanitize hides credentials from logs

Legacy setup

const fetchEnv = new FetchConfigLoader(() => new Request('https://example.com/config.json'));
const env = new EnvConfigLoader(); // loads from process.env
const reactEnv = new ReactEnvConfigLoader(); // loads from process.env in react app
export const loaders: IConfigLoader[] = [env, fetchEnv, reactEnv];

const valueFromEnv = getConfigVariable('TEST', loaders, stringParser(), undefined, {showValue: true});

Keywords

env
variables

FAQs

Package last updated on 27 Feb 2026

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

The Hidden Blast Radius of the Axios Compromise

Security News

The Hidden Blast Radius of the Axios Compromise

The Axios compromise shows how time-dependent dependency resolution makes exposure harder to detect and contain.

By Ahmad Nassri  -  Apr 01, 2026