Security News
Introducing the Socket Python SDK
The initial version of the Socket Python SDK is now on PyPI, enabling developers to more easily interact with the Socket REST API in Python projects.
@npmcli/config
Advanced tools
@npmcli/config is a configuration management library for Node.js applications, particularly designed to handle npm's configuration needs. It allows you to load, manage, and manipulate configuration settings from various sources such as environment variables, command-line arguments, and configuration files.
Loading Configuration
This feature allows you to load configuration settings from various sources. The `load` method initializes the configuration by reading from environment variables, command-line arguments, and configuration files.
const { Config } = require('@npmcli/config');
const config = new Config();
config.load().then(() => {
console.log(config.get('someKey'));
});
Setting Configuration
This feature allows you to set configuration values programmatically. The `set` method is used to assign a value to a specific configuration key.
const { Config } = require('@npmcli/config');
const config = new Config();
config.set('someKey', 'someValue');
console.log(config.get('someKey'));
Saving Configuration
This feature allows you to save the current configuration state back to the configuration file. The `save` method writes the current configuration settings to the appropriate file.
const { Config } = require('@npmcli/config');
const config = new Config();
config.set('someKey', 'someValue');
config.save().then(() => {
console.log('Configuration saved!');
});
The `config` package is a popular configuration management library for Node.js applications. It allows you to define configuration settings for different deployment environments and load them easily. Compared to @npmcli/config, it is more general-purpose and not specifically tailored for npm's configuration needs.
The `dotenv` package loads environment variables from a `.env` file into `process.env`. It is simpler and more lightweight compared to @npmcli/config, focusing solely on environment variable management rather than a comprehensive configuration management solution.
The `rc` package is a non-opinionated configuration loader for Node.js. It supports loading configuration from various sources like environment variables, command-line arguments, and configuration files. It is similar to @npmcli/config but is more general-purpose and not specifically designed for npm.
@npmcli/config
Configuration management for the npm cli.
This module is the spiritual decendant of
npmconf
, and the code that once lived in npm's
lib/config/
folder.
It does the management of configuration files that npm uses, but importantly, does not define all the configuration defaults or types, as those parts make more sense to live within npm itself.
The only exceptions:
prefix
config value has some special semantics, setting the local
prefix if specified on the CLI options and not in global mode, or the
global prefix otherwise.project
config file is loaded based on the local prefix (which can
only be set by the CLI config options, and otherwise defaults to a walk
up the folder tree to the first parent containing a node_modules
folder, package.json
file, or package-lock.json
file.)userconfig
value, as set by the environment and CLI (defaulting to
~/.npmrc
, is used to load user configs.globalconfig
value, as set by the environment, CLI, and
userconfig
file (defaulting to $PREFIX/etc/npmrc
) is used to load
global configs.builtin
config, read from a npmrc
file in the root of the npm
project itself, overrides all defaults.The resulting heirarchy of configs:
--some-key=some-value
on the command line.npm_config_some_key=some_value
in the
environment.some-key = some-value
in ./.npmrc
some-key = some-value
in ~/.npmrc
some-key = some-value
in
/usr/local/etc/npmrc
some-key = some-value
in
/usr/local/lib/node_modules/npm/npmrc
.const Config = require('@npmcli/config')
// the types of all the configs we know about
const types = require('./config/types.js')
// nopt type config definitions
const typeDefs = require('./config/type-defs.js')
// default values for all the configs we know about
const defaults = require('./config/defaults.js')
// if you want -c to be short for --call, define it here
const shorthands = require('./config/shorthands.js')
const conf = new Config({
npmPath: resolve(__dirname, '..'),
types,
typeDefs,
shorthands,
defaults,
// optional, defaults to process.argv
argv: process.argv,
// optional, defaults to process.env
env: process.env,
// optional, defaults to process.execPath
execPath: process.execPath,
// optional, defaults to process.platform
platform: process.platform,
// optional, defaults to process.cwd()
cwd: process.cwd(),
// optional, defaults to emitting 'log' events on process object
log: require('npmlog')
})
conf.load().then(() => {
console.log('loaded ok! some-key = ' + conf.get('some-key'))
}).catch(er => {
console.error('error loading configs!', er)
})
10.0.0-pre.1 (2023-08-31)
b34ee65
#6706 set objectMode for search filter stream (@lukekarrys)6b251b1
#6706 drop node 16.13.x support (@lukekarrys)d857c4a
#6706 drop node14 support (@lukekarrys)37a99eb
#6706 drop node14 support (@lukekarrys)ee7292e
#6706 drop node14 support (@lukekarrys)8b0e755
#6706 drop node14 support (@lukekarrys)5c8c6cc
#6706 drop node14 support (@lukekarrys)d431647
#6706 drop node14 support (@lukekarrys)b6f2205
#6706 drop node14 support (@lukekarrys)4caedd0
#6706 drop node14 support (@lukekarrys)355bac8
#6706 drop node14 support (@lukekarrys)e3a377d
#6706 drop node14 support (@lukekarrys)f916d33
#6715 allow searching packages with no description (@lukekarrys)c736b62
#6686 add missing bugs key in package-json.md (#6686) (@airscripts)c1e01d9
#6680 Update package-json.md (#6680) (@p-chan, @ljharb)5ab3f7e
#6706 @npmcli/git@5.0.3
eb41977
#6706 @npmcli/run-script@7.0.1
f30c9e3
#6706 @npmcli/git@5.0.2
f334466
#6706 pacote@17.0.4
bb63bf9
#6706 @npmcli/run-script@7.0.0
75642c6
#6706 @npmcli/promise-spawn@7.0.0
dbb18f4
#6706 @npmcli/agent@2.1.0
812aa6d
#6706 sigstore@2.1.0
7fab9d3
#6706 @sigstore/tuf@2.1.0
12337cc
#6706 which@4.0.0
b1ad3ad
#6706 npm-packlist@8.0.0
43831d0
#6706 pacote@17.0.3
44e8fec
#6706 pacote@17.0.2
0d2e2c9
#6706 bump sigstore from 1.7.0 to 2.0.0dbd5885
#6706 npm-profile@9.0.0
2ee0fb3
#6706 npm-registry-fetch@16.0.0
81ff4df
#6706 pacote@17.0.1
2b23d44
#6706 hoist read-package-json@7.0.0
325ed05
#6706 hoist normalize-package-data@6.0.0
c3a1a02
#6706 @npmcli/metavuln-calculator@7.0.0
f1dd130
#6706 @npmcli/git@5.0.1
10792ea
#6706 init-package-json@6.0.0
cac0725
#6706 pacote@17.0.0
fd8beaf
#6706 npm-pick-manifest@9.0.0
65f435e
#6706 hoist lru-cache@10.0.1
c784b57
#6706 npm-package-arg@11.0.0
d6b1790
#6706 normalize-package-data@6.0.0
2f03fb9
#6706 make-fetch-happen@13.0.0
729e893
#6706 hosted-git-info@7.0.0
7af81c7
#6706 cacache@18.0.0
b0849ab
#6706 @npmcli/package-json@5.0.0
c9587d7
#6706 @npmcli/git@5.0.0
e28d426
#6706 minipass-fetch@3.0.4
61e9b00
#6706 @npmcli/metavuln-calculator@6.0.1
2c5542d
#6706 minipass@7.0.3
ede7f5e
#6706 glob@10.3.3
4c9eb17
#6706 npm-install-checks@6.2.0
88ece81
#6706 npm-pick-manifest@8.0.2
9117a4f
#6706 ssri@10.0.5
45f8d6f
#6706 make-fetch-happen@12.0.0
f6f6a18
#6706 fs-minipass@3.0.3
5eea975
#6706 cacache@17.1.4
ca33c98
#6706 @npmcli/metavuln-calculator@6.0.0
7be541a
#6706 npm-profile@8.0.0
edbc25a
#6706 pacote@16.0.0
5d0d859
#6706 npm-registry-fetch@15.0.0
@npmcli/arborist@7.0.0-pre.0
@npmcli/config@7.0.1
libnpmaccess@8.0.0-pre.0
libnpmdiff@6.0.0-pre.0
libnpmexec@7.0.0-pre.0
libnpmfund@4.0.20
libnpmhook@10.0.0-pre.0
libnpmorg@6.0.0-pre.0
libnpmpack@6.0.0-pre.0
libnpmpublish@9.0.0-pre.0
libnpmsearch@7.0.0-pre.0
libnpmteam@6.0.0-pre.0
libnpmversion@5.0.0-pre.0
FAQs
Configuration management for the npm cli
The npm package @npmcli/config receives a total of 925,947 weekly downloads. As such, @npmcli/config popularity was classified as popular.
We found that @npmcli/config demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
The initial version of the Socket Python SDK is now on PyPI, enabling developers to more easily interact with the Socket REST API in Python projects.
Security News
Floating dependency ranges in npm can introduce instability and security risks into your project by allowing unverified or incompatible versions to be installed automatically, leading to unpredictable behavior and potential conflicts.
Security News
A new Rust RFC proposes "Trusted Publishing" for Crates.io, introducing short-lived access tokens via OIDC to improve security and reduce risks associated with long-lived API tokens.