Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
@npmcli/config
Advanced tools
@npmcli/config is a configuration management library for Node.js applications, particularly designed to handle npm's configuration needs. It allows you to load, manage, and manipulate configuration settings from various sources such as environment variables, command-line arguments, and configuration files.
Loading Configuration
This feature allows you to load configuration settings from various sources. The `load` method initializes the configuration by reading from environment variables, command-line arguments, and configuration files.
const { Config } = require('@npmcli/config');
const config = new Config();
config.load().then(() => {
console.log(config.get('someKey'));
});
Setting Configuration
This feature allows you to set configuration values programmatically. The `set` method is used to assign a value to a specific configuration key.
const { Config } = require('@npmcli/config');
const config = new Config();
config.set('someKey', 'someValue');
console.log(config.get('someKey'));
Saving Configuration
This feature allows you to save the current configuration state back to the configuration file. The `save` method writes the current configuration settings to the appropriate file.
const { Config } = require('@npmcli/config');
const config = new Config();
config.set('someKey', 'someValue');
config.save().then(() => {
console.log('Configuration saved!');
});
The `config` package is a popular configuration management library for Node.js applications. It allows you to define configuration settings for different deployment environments and load them easily. Compared to @npmcli/config, it is more general-purpose and not specifically tailored for npm's configuration needs.
The `dotenv` package loads environment variables from a `.env` file into `process.env`. It is simpler and more lightweight compared to @npmcli/config, focusing solely on environment variable management rather than a comprehensive configuration management solution.
The `rc` package is a non-opinionated configuration loader for Node.js. It supports loading configuration from various sources like environment variables, command-line arguments, and configuration files. It is similar to @npmcli/config but is more general-purpose and not specifically designed for npm.
@npmcli/config
Configuration management for the npm cli.
This module is the spiritual descendant of
npmconf
, and the code that once lived in npm's
lib/config/
folder.
It does the management of configuration files that npm uses, but importantly, does not define all the configuration defaults or types, as those parts make more sense to live within the npm CLI itself.
The only exceptions:
prefix
config value has some special semantics, setting the local
prefix if specified on the CLI options and not in global mode, or the
global prefix otherwise.project
config file is loaded based on the local prefix (which can
only be set by the CLI config options, and otherwise defaults to a walk
up the folder tree to the first parent containing a node_modules
folder, package.json
file, or package-lock.json
file.)userconfig
value, as set by the environment and CLI (defaulting to
~/.npmrc
, is used to load user configs.globalconfig
value, as set by the environment, CLI, and
userconfig
file (defaulting to $PREFIX/etc/npmrc
) is used to load
global configs.builtin
config, read from a npmrc
file in the root of the npm
project itself, overrides all defaults.The resulting hierarchy of configs:
--some-key=some-value
on the command line. These are
parsed by nopt
, which is not a great choice, but
it's the one that npm has used forever, and changing it will be
difficult.npm_config_some_key=some_value
in the
environment. There is no way at this time to modify this prefix.some-key = some-value
in the
localPrefix
folder (ie, the cwd
, or its nearest parent that contains
either a node_modules
folder or package.json
file.)some-key = some-value
in ~/.npmrc
.
The userconfig
config value can be overridden by the cli
, env
, or
project
configs to change this value.some-key = some-value
in
the globalPrefix
folder, which is inferred by looking at the location
of the node executable, or the prefix
setting in the cli
, env
,
project
, or userconfig
. The globalconfig
value at any of those
levels can override this.some-key = some-value
in
/usr/local/lib/node_modules/npm/npmrc
. This is not configurable, and
is determined by looking in the npmPath
folder.const Config = require('@npmcli/config')
const { shorthands, definitions, flatten } = require('@npmcli/config/lib/definitions')
const conf = new Config({
// path to the npm module being run
npmPath: resolve(__dirname, '..'),
definitions,
shorthands,
flatten,
// optional, defaults to process.argv
// argv: [] <- if you are using this package in your own cli
// and dont want to have colliding argv
argv: process.argv,
// optional, defaults to process.env
env: process.env,
// optional, defaults to process.execPath
execPath: process.execPath,
// optional, defaults to process.platform
platform: process.platform,
// optional, defaults to process.cwd()
cwd: process.cwd(),
})
// emits log events on the process object
// see `proc-log` for more info
process.on('log', (level, ...args) => {
console.log(level, ...args)
})
// returns a promise that fails if config loading fails, and
// resolves when the config object is ready for action
conf.load().then(() => {
conf.validate()
console.log('loaded ok! some-key = ' + conf.get('some-key'))
}).catch(er => {
console.error('error loading configs!', er)
})
The Config
class is the sole export.
const Config = require('@npmcli/config')
Config.typeDefs
The type definitions passed to nopt
for CLI option parsing and known
configuration validation.
new Config(options)
Options:
types
Types of all known config values. Note that some are effectively
given semantic value in the config loading process itself.shorthands
An object mapping a shorthand value to an array of CLI
arguments that replace it.defaults
Default values for each of the known configuration keys.
These should be defined for all configs given a type, and must be valid.npmPath
The path to the npm
module, for loading the builtin
config
file.cwd
Optional, defaults to process.cwd()
, used for inferring the
localPrefix
and loading the project
config.platform
Optional, defaults to process.platform
. Used when inferring
the globalPrefix
from the execPath
, since this is done diferently on
Windows.execPath
Optional, defaults to process.execPath
. Used to infer the
globalPrefix
.env
Optional, defaults to process.env
. Source of the environment
variables for configuration.argv
Optional, defaults to process.argv
. Source of the CLI options
used for configuration.Returns a config
object, which is not yet loaded.
Fields:
config.globalPrefix
The prefix for global
operations. Set by the
prefix
config value, or defaults based on the location of the
execPath
option.config.localPrefix
The prefix for local
operations. Set by the
prefix
config value on the CLI only, or defaults to either the cwd
or
its nearest ancestor containing a node_modules
folder or package.json
file.config.sources
A read-only Map
of the file (or a comment, if no file
found, or relevant) to the config level loaded from that source.config.data
A Map
of config level to ConfigData
objects. These
objects should not be modified directly under any circumstances.
source
The source where this data was loaded from.raw
The raw data used to generate this config data, as it was parsed
initially from the environment, config file, or CLI options.data
The data object reflecting the inheritance of configs up to this
point in the chain.loadError
Any errors encountered that prevented the loading of this
config data.config.list
A list sorted in priority of all the config data objects in
the prototype chain. config.list[0]
is the cli
level,
config.list[1]
is the env
level, and so on.cwd
The cwd
paramenv
The env
paramargv
The argv
paramexecPath
The execPath
paramplatform
The platform
paramdefaults
The defaults
paramshorthands
The shorthands
paramtypes
The types
paramnpmPath
The npmPath
paramglobalPrefix
The effective globalPrefix
localPrefix
The effective localPrefix
prefix
If config.get('global')
is true, then globalPrefix
,
otherwise localPrefix
home
The user's home directory, found by looking at env.HOME
or
calling os.homedir()
.loaded
A boolean indicating whether or not configs are loadedvalid
A getter that returns true
if all the config objects are valid.
Any data objects that have been modified with config.set(...)
will be
re-evaluated when config.valid
is read.config.load()
Load configuration from the various sources of information.
Returns a Promise
that resolves when configuration is loaded, and fails
if a fatal error is encountered.
config.find(key)
Find the effective place in the configuration levels a given key is set.
Returns one of: cli
, env
, project
, user
, global
, builtin
, or
default
.
Returns null
if the key is not set.
config.get(key, where = 'cli')
Load the given key from the config stack.
config.set(key, value, where = 'cli')
Set the key to the specified value, at the specified level in the config stack.
config.delete(key, where = 'cli')
Delete the configuration key from the specified level in the config stack.
config.validate(where)
Verify that all known configuration options are set to valid values, and log a warning if they are invalid.
Invalid auth options will cause this method to throw an error with a code
property of ERR_INVALID_AUTH
, and a problems
property listing the specific
concerns with the current configuration.
If where
is not set, then all config objects are validated.
Returns true
if all configs are valid.
Note that it's usually enough (and more efficient) to just check
config.valid
, since each data object is marked for re-evaluation on every
config.set()
operation.
config.repair(problems)
Accept an optional array of problems (as thrown by config.validate()
) and
perform the necessary steps to resolve them. If no problems are provided,
this method will call config.validate()
internally to retrieve them.
Note that you must await config.save('user')
in order to persist the changes.
config.isDefault(key)
Returns true
if the value is coming directly from the
default definitions, if the current value for the key config is
coming from any other source, returns false
.
This method can be used for avoiding or tweaking default values, e.g:
Given a global default definition of foo='foo' it's possible to read that value such as:
const save = config.get('foo')
Now in a different place of your app it's possible to avoid using the
foo
default value, by checking to see if the current config value is currently one that was defined by the default definitions:
const save = config.isDefault('foo') ? 'bar' : config.get('foo')
config.save(where)
Save the config file specified by the where
param. Must be one of
project
, user
, global
, builtin
.
FAQs
Configuration management for the npm cli
The npm package @npmcli/config receives a total of 906,397 weekly downloads. As such, @npmcli/config popularity was classified as popular.
We found that @npmcli/config demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.