Security News
OpenJS: “XZ Utils Cyberattack Likely Not an Isolated Incident”
OpenJS is warning of social engineering takeovers targeting open source projects after receiving a credible attempt on the foundation.
@socketsecurity/config
Advanced tools
Weekly downloads
Readme
Reader/parser/validator tool for Socket.dev's socket.yml
configuration files
npm install @socketsecurity/config
import { readSocketConfig } from '@socketsecurity/config'
const config = await readSocketConfig('socket.yml')
readSocketConfig(<path-to-config-file>)
Returns a Promise
that resolves to the parsed config file or, if no such file was found, it fails silently and returns undefined
.
If the config file can't be read, then the Promise
will be rejected with an error.
The read file is parsed using parseSocketConfig
and the Promise
from there is what is ultimately returned when no rejection or resolve has been made already.
parseSocketConfig(<content-of-config-file>)
Returns a Promise
that resolves to the parsed config.
If the config content can't be parsed or it is invalid, then the Promise
will be rejected with an error.
Any additional parameters that does not conform to the schema will be silently dropped. Also: Input data will be coerced into its intended shape when possible.
socketYmlSchema
A JSON Schema object typed with JSONSchemaType<SocketYml>
from Ajv
SocketValidationError
Error thrown when the parsed data doesn't conform to the JSON Schema definition.
Extends Error
and adds these additional properties:
data
– the data that's found to be invalidschema
– the schema used to validate the contentvalidationErrors
– an array of Ajv's ErrorObject
This module has full type coverage through a types in js where TypeScript validates JSDoc annotated javascript and exports it as standard type definition files.
SocketYml
A TypeScript type representing the shape of the parsed socket.yml
config
@socketsecurity/cli
- our CLI uses this to parse the Socket configFAQs
Config parser for Socket.dev
The npm package @socketsecurity/config receives a total of 201 weekly downloads. As such, @socketsecurity/config popularity was classified as not popular.
We found that @socketsecurity/config demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
OpenJS is warning of social engineering takeovers targeting open source projects after receiving a credible attempt on the foundation.
Company News
Come meet the Socket team at BSidesSF and RSA! We're sponsoring several fun networking events and we would love to see you there.
Security News
OSI is starting a conversation aimed at removing the excuse of the SaaS loophole for companies navigating licensing and the complexities of doing business with open source.