Security News
Input Validation Vulnerabilities Dominate MITRE's 2024 CWE Top 25 List
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
@jepz20/conman
Advanced tools
Conman is a plugabble configuration management library.
Centralize: Add as many sources in the order you prefer to your config. You can use existing sources or define your own.
Dependable: You are guaranteed the sources are built in order from first to last, overriding any overlapping key. Your configuration can be stored in a file, for persistence and audibility.
Refreshable: Based on a TTL, the config rebuilds in the background, or you can trigger a rebuild manually at any point in time.
// Require conman
const conman = require('@jepz20/conman');
// Require the sources you will need in your config
const s3 = require('@jepz20/conman-s3-source');
const memory = require('@jepz20/conman-memory-source');
// if your source requires it initialize it
const s3Source = s3({ Bucket: 'Your Bucker' });
const memorySource = memory({ key: 'value' });
conman({ ttl: 1000 * 60 * 15 }) // initialize conman with your options
.addSource(s3Source) // add all the sources you need by priority
.addSource(memorySource) // if a key exists in s3Source and memorySource, memorySource will take precedence
.build() // returns a promise that re$solves when the build process is completed
.then(config => {
const key = conman.get('key'); // retreive a key from the store
// initialize your app, for example a http server
let requestHandler = function(request, response) {
if (request.url === '/') {
conman.build(); // you can rebuild the config at demand
response.end('👋 BYE');
}
};
let server = http.createServer(requestHandler);
server.listen(3000);
});
conman(options)
initialize conman with the given options. This is required before you can build or get a value from conman
Options | Description | Type | Default |
---|---|---|---|
ttl | time in microseconds to rebuild the config. if set to 0 no rebuild is schedule | number | 60000( 10 minutes) |
logEnabled | if conman should log info and errors | boolean | false |
logger | object that contains at least a log and error function for logging | object | console |
useFile | should it write the config to file and read from it if it exists | boolean | true |
cacheFileName | name of the cache file with the built config | string | YOUR_APP_ROOT/conman.cache.json |
conman.addSource(source)
adds a source to conman. The source should at least contain a build
function and a type
.
conman.build()
builds the configuration object by calling the build
function from all the added sources and returns promise the resolves when the build is completed and schedules a new build base on the ttl
option. If ttl
is 0
a new built is NOT schedule.
If useFile
option is true, it will try to read a cache file and write the new config to the cache file.
The cache file has the following format:
{
"lastModified": 498787200000,
"data": {
"key": "value"
}
if lastModified exceeds the TTL the data will be ignored and the config will be rebuilt base on the sources
conman(key)
gets a single key, an array of keys, or the complete config from the configuration object. If you want to retrieve a nested key add a .
between each key
Examples, if your config looks like:
{
"my": {
"precious": {
"key": "value"
}
},
"another": "another value"
}
const key = conman.get('my');
// returns { "precious": "key": "value } }
const key = conman.get('my.precious.key');
// returns "value"
const key = conman.get(['my.precious.key', 'another']);
// returns ["value","another value"]
const key = conman.get();
/* returns
{
"my": {
"precious": {
"key": "value"
}
},
"another": "another value"
}
*/
conman.stop()
stops the rebuilt interval schedule base on the TTL
conman.reset()
clears all the sources, the configuration cache and resets all defaults options
conman.getObfuscate(key, options)
behaves exactly as conman.get
but returns an obfuscated version of the value.
Options | Description | Type | Default |
---|---|---|---|
percentage | percentage of the values that should be obfuscated (replaced by the character option | float | 0.5 |
separator | how to divide the value that will be obfuscated | string | '' (empty string) |
position | What part of the value to obfuscate start or end | string | end |
character | what character should be used to obfuscate the value | string | '*' |
Examples, if your config looks like:
{
"my": {
"precious": {
"key": "value"
}
},
"another": "another-value"
}
const key = conman.getObfuscated('my.precious.key');
// returns "***ue"
const key = conman.getObfuscated('my.precious');
// returns { "**y": "***ue" }
-
const key = conman.getObfuscated('another', { separator: '-' });
// returns "*******-value"
A source can be as simple as an object that contains a build
and type
properties.
type
const source = (obj, { key, name } = {}) => {
return {
build(config) { // recieves the config up until that point
if (config.extra) {
return { ...obj, extra: config.extra };
}
return obj;
},
type: 'syncSource',
key,
name
};
};
FAQs
Configuration manager that supports ttl and plugabble sources
We found that @jepz20/conman demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.