@lcdev/app-config
Advanced tools
Easy Configuration Loader with Strict Validation
Read the Introduction or Quick Start guides on our website.
Or, start by installing through your package manager:
yarn add @lcdev/app-config@2
Or, if you use NPM.
npm i @lcdev/app-config@2
Version 2 (v2.0.0)
This new major version is effectively a rewrite, with some powerful constructs being added internally. Much of this is does not change the external semantics of the package, but internally it makes a huge difference.
The selling point for this upgrade is secret encryption. This means that a built-in solution for storing your secrets in a safe, encrypted form.
Previous to v2, secrets were a complimentary feature. This meant it was left to the user how and where secret values were stored.
In general, it's nice to store configuration in version control if possible. This is, of course, impractical for values that should never be public. Having these secrets in plaintext is just asking for trouble.
Solutions have come out to do this - git-secret, git-crypt and blackbox to name a few. We have built a similar solution, but highly integrated. At Launchcode, we tried these solutions, but felt that they were clunky to use for users who weren't very familiar with GPG.
So, we set course on designing an interface that combined the security of these tools with the ergonomics that developers expect. There were many dead ends, actually. It became increasing obvious that such a feature could not be easily added to app-config without a fairly major change in architecture.
FAQs
Alias for @app-config/main
The npm package @lcdev/app-config receives a total of 115 weekly downloads. As such, @lcdev/app-config popularity was classified as not popular.
We found that @lcdev/app-config demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Socket CEO Feross Aboukhadijeh discusses the recent npm supply chain attacks on PodRocket, covering novel attack vectors and how developers can protect themselves.
Security News
Maintainers back GitHub’s npm security overhaul but raise concerns about CI/CD workflows, enterprise support, and token management.
Product
Socket Firewall is a free tool that blocks malicious packages at install time, giving developers proactive protection against rising supply chain attacks.