Security News
Supply Chain Attack Detected in @solana/web3.js Library
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
@kofile/config-factory
Advanced tools
ConfigFactory is a small helper function that helps you to safely and easily create configuration objects from an externally injected source. You can also pass-in default values and Joi validation schemas, and you'll get easy-to-handle errors if your config object doesn't pass validation.
The default export is a curried function that expects a map object that translates the from the data you have to the shape you want. Here's a simple example:
// assuming `process.env.SOME_EXISTING_VAR === 'hello world'`
const map = { myCoolNewKey: 'SOME_EXISTING_VAR' }
const configFactory = makeConfigFactory(map)
const config = configFactory(process.env)
config.get(['myCoolNewKey']) === 'hello world'
In your tests, you might not want to muck around with process.env
. Define an object to use instead:
const map = { myCoolNewKey: 'SOME_EXISTING_VAR' }
const configFactory = makeConfigFactory(map)
const config = configFactory({ SOME_EXISTING_VAR: 'hello world' })
config.get(['myCoolNewKey']) === 'hello world'
You can provide a default value as the third value in a tuple:
const map = { myCoolNewKey: ['SOME_EXISTING_VAR', null, 'banans'] }
const configFactory = makeConfigFactory(map)
const config = configFactory({})
config.get(['myCoolNewKey']) === 'bananas'
Also, you can pass in Joi schemas per-key as the second value in a tuple:
const map = { myCoolNewKey: ['SOME_EXISTING_VAR', joi.string().required()] }
const configFactory = makeConfigFactory(map)
const config = configFactory({})
try {
config.get(['myCoolNewKey'])
} catch (error) {
error.message === 'Invalid config for myCoolNewKey!'
}
You can validate your entire config by running the validate()
method:
const map = { myCoolNewKey: ['SOME_EXISTING_VAR', joi.string().required()] }
const configFactory = makeConfigFactory(map)
const config = configFactory({})
config.validate()
This will appear to do nothing, and that's because when called this way, you need to subscribe to the invalid
event handler like so:
config.on('invalid', error => {
console.error(error)
process.exit(1)
})
config.validate()
The event listener will receive error
from the validation result. Get the message of the failure with error.message
.
Subscribing an event handler and invoking config.validate()
is the preferred way of handling configuration validation. The previous method (throwing an error on a property-by-property basis) is only there as a fail-safe against forgetting to invoke validate()
.
Additionally, calling validate()
will skip future checks when calling get
on a keypath.
NOTE: Incomplete or invalid configurations can lead a service to not start at all or start in a thoroughly broken state; therefor it's advisable to bail hard, fast, and noisily with process.exit(1)
if validate()
fails.
env
without having to fuss with globals. This is a nice side effect of the point above.require
/import
statements. This is a good thing!Node 7+
Run tests with yarn test
FAQs
Config client with optional validation
We found that @kofile/config-factory demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 35 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.