Security News
Introducing the Socket Python SDK
The initial version of the Socket Python SDK is now on PyPI, enabling developers to more easily interact with the Socket REST API in Python projects.
@endo/env-options
Advanced tools
JavaScript module semantics resist attempts to parameterize a module's initialization behavior. A module initializes in order according to the path by which it is first imported, and then the initialized module is reused by all the other times it is imported. Compartments give us the opportunity to bind the same import name to different imported modules, depending on the package/compartment doing the import. Compartments also address the difficulty of parameterizing a module's initialization logic, but not in a pleasant manner.
A pleasant parameterization would be for a static module to be function-like with explicit parameters, and for the parameterization to be like calling the static module with parameters in order to derive from it a module instance. Compartments instead lets us parameterize the meaning of a module instance derived from a static module according to the three namespaces provided by the JavaScript semantics, affecting the meaning of a module instance.
This @endo/env-options
package follows the Node precedent for
finding Unix environment variable settings: looking for a
global process
object holding an env
object,
optionally holding a property with the same name as the option,
whose value is the configuration setting of that option.
import { makeEnvironmentCaptor } from '@endo/env-options';
const { getEnvironmentOption } = makeEnvironmentCaptor(globalThis);
const FooBarOption = getEnvironmentOption('FOO_BAR', 'absent');
The first argument to getEnvironmentOption
is the name of the option.
The value of FooBarOption
would then be the value of
globalThis.process.env.FOO_BAR
, if present.
If setting is either absent or undefined
, the default 'absent'
would be used instead.
In either case, reflecting Unix environment variable expectations, the resulting setting must be a string. This restriction also helps ensure that this channel is used only to pass data, not authority beyond the ability to read this global state.
The makeEnvironmentCaptor
function also returns a
getCapturedEnvironmentOptionNames
function for use to give feedback about
which environment variables were actually read, for diagnostic purposes.
For example, the
ses-shim lockdown
once contained code such as the following, to explain which
environment variables were read to provide lockdown
settings.
import { makeEnvironmentCaptor } from '@endo/env-options';
const {
getEnvironmentOption,
getCapturedEnvironmentOptionNames,
} = makeEnvironmentCaptor(globalThis);
...
const capturedEnvironmentOptionNames = getCapturedEnvironmentOptionNames();
if (capturedEnvironmentOptionNames.length > 0) {
console.warn(
`SES Lockdown using options from environment variables ${enJoin(
arrayMap(capturedEnvironmentOptionNames, q),
'and',
)}`,
);
}
FAQs
Reading environment options.
The npm package @endo/env-options receives a total of 21,689 weekly downloads. As such, @endo/env-options popularity was classified as popular.
We found that @endo/env-options demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
The initial version of the Socket Python SDK is now on PyPI, enabling developers to more easily interact with the Socket REST API in Python projects.
Security News
Floating dependency ranges in npm can introduce instability and security risks into your project by allowing unverified or incompatible versions to be installed automatically, leading to unpredictable behavior and potential conflicts.
Security News
A new Rust RFC proposes "Trusted Publishing" for Crates.io, introducing short-lived access tokens via OIDC to improve security and reduce risks associated with long-lived API tokens.