Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
By Kirill Boychenko - Sep 24, 2025
@nkp/config
Advanced tools
@nkp/config
Utility for parsing environment variables and bootstrapping configuration objects.
Table of contents
Exports
@nkp/config exports both CommonJS and ES modules.
Installation
npm
npm install @nkp/config
Yarn
yarn add @nkp/config
pnpm
pnpm add @nkp/config
Usage
Parsing objects
import { parse, boolean, string, integer, key, oneOf } from '@nkp/config';
/**
* the parse function correctly sets the type of `config`
* {
* DEBUG: false;
* MAIL: string | undefined;
* HOST: string;
* PORT: number;
* env: 'development' | 'testing' | 'production';
* }
*/
const config = parse({
// coerces DEBUG is a boolean defaulting to false if not provided
DEBUG: boolean().default(false),
// coerces MAIL_HOST to string, or leaves undefined if it doesn't exist
MAIL_HOST: string().optional(),
// coerces process.env.HOST to string
HOST: string() ,
// coerces process.env.PORT to string
// if not provided, defaults to 3000
PORT: integer().default(3000),
// ensures procese.env.NODE_ENV is one of the given values
env: key('NODE_ENV')
.oneOf(['development', 'testing', 'production',] as const),
}, process.env);
Parsing values
Instead of parsing an object, a single key can be parsed.
import { key, string } from '@nkp/config';
// by key - required
const email1: string = key('EMAIL')
.string()
.parse(process.env);
// by key - optional
const email2: string | undefined = key('EMAIL')
.string()
.optional()
.parse(process.env);
// by value - with default
const email3: string = string()
.default('example@example.com')
.parse(process.env['EMAIL']);
Default values
Default values can be provided.
import { key, integer } from '@nkp/config';
const port = key('PORT').integer().default(3000).parse(process.env);
Throws on missing values
If no default value is provided and the key is not found, an error will be thrown.
import { key, string } from '@nkp/config';
const vars = {};
const value = key('MISSING_VALUE').string().parse(vars);
// throws TypeError "MISSING_VALUE is not defined"
Publishing
To a release a new version:
- Update the version number in package.json
- Push the new version to the
masterbranch on GitHub - Create a
new releaseon GitHub for the latest version
This will trigger a GitHub action that tests and publishes the npm package.
FAQs
Tools to bootstrap a configuration objects in JavaScript
We found that @nkp/config demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 04 Mar 2022
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025