Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
confabulous
Advanced tools
A pluggable, hierarchical, asynchronous config loader and post processor with support for environment variables, command line arguments, json, javascript, http, vault, etcd and postgres
Confabulous is a hierarchical, asynchronous config loader and post processor. It can load config from command line arguments, environment variables, files, web servers, databases, and even scm systems. It's easy to extend too. You can watch config sources for changes and apply post processors to do things like decrypt secrets or unflatten key/value pairs into structured objects.
const Confabulous = require('confabulous');
const loaders = Confabulous.loaders;
const confabulous = new Confabulous()
.add((config) => loaders.require({ path: './conf/defaults.js' }))
.add((config) => loaders.require({ path: './conf/production.js' }))
.end((err, config) => {
// Your code goes here
});
Confabulous recursively merges (and subsequently freezes) configuration from multiple sources. If you want to override the default merge behaviour you can supply your own merge function, providing it is varardic and favours the right most parameter, e.g.
function shallow(...args) {
return Object.assign({}, ...args);
}
new Confabulous({ merge: shallow })
.add((config) => loaders.require({ path: './conf/defaults.js' }))
.add((config) => loaders.require({ path: './conf/production.js' }))
.end((err, config) => {
// Your code goes here
});
Loaders are used to load config. Out of the box you can load config from command line parameters, environment variables and files.
Loads config from command line arguments
new Confabulous().add((config) => {
return loaders.args();
});
You cannot watch command line arguments
Loads config from envrionment variables
new Confabulous().add((config) => {
return loaders.env();
});
You cannot watch environment variables
Loads config from a .js or .json file
new Confabulous().add((config) => {
return loaders.require({ path: './conf/defaults.js' });
});
Option | Type | Default | Notes |
---|---|---|---|
path | string | undefined | The javascript or json config file to be required |
mandatory | boolean | true | Causes an error/reload_error to be emitted if the configuration does not exist |
watch | boolean | undefined | Watching implemented via fs.watch. Be sure to read the caveats section if you encounter problems. |
Loads config from the specified file. Files are read using the specified encoding (defaults to 'utf8'). Use a post processor if you want to convert them to json.
new Confabulous().add((config) => {
return loaders.file({ path: './conf/defaults.js' }, [processors.json()]);
});
Option | Type | Default | Notes |
---|---|---|---|
path | string | undefined | The config file to be read |
mandatory | boolean | true | Causes an error/reload_error to be emitted if the configuration does not exist |
watch | boolean | undefined | Watching implemented via fs.watch. Be sure to read the caveats section if you encounter problems. |
encoding | string | utf8 | Specified the file encoding |
The following loaders are proviced as separate modules
Post processes can be used to transform or validate your configuration after it's been loaded. Out of the box you can mount config at a specified key, unflatten key value pairs into structured documents, parse json, decrypt content and transform environment variables.
Mounts the configuration at the specified key
new Confabulous().add((config) => {
return loaders.require({ path: './extra.json' }, [processors.mount({ key: 'move.to.here' })]);
});
Unflattens config into structured documents. Useful for command line arguments and environment variables.
new Confabulous().add((config) => {
return loaders.env([processors.unflatten()]);
});
Converts environment variables in the form NODE_ENV=test
to nested properties in the form { node: { env: "test" } }
new Confabulous().add((config) => {
return loaders.env([processors.envToProp()]);
});
If you want to prefix your environment variables with an application discriminator you can also strip the prefix.
new Confabulous().add((config) => {
return loaders.env([
processors.envToProp({ prefix: 'GS_' }), // GS_SERVER_PORT => server.port
]);
});
You can also filter environment variables to include only those you want
new Confabulous().add((config) => {
return loaders.env([
processors.envToProp({ filter: /^GS_/ }), // Only include environment variables starting with GS_
]);
});
Converts environment variables in the form USER__FIRST_NAME=fred
to nested properties in the form { user: { firstName: "fred" } }
new Confabulous().add((config) => {
return loaders.env([processors.envToCamelCaseProp()]);
});
If you want to prefix your environment variables with an application discriminator you can also strip the prefix.
new Confabulous().add((config) => {
return loaders.env([
// GS_SERVER_PORT => server.port
processors.envToCamelCaseProp({ prefix: 'GS_' }),
]);
});
You can also filter environment variables to include only those you want
new Confabulous().add((config) => {
return loaders.env([
// Only include environment variables starting with GS_
processors.envToCamelCaseProp({ filter: /^GS_/ }),
]);
});
Parses text into JSON.
new Confabulous().add((config) => {
return loaders.file({ path: './config.json.encrypted' }, [processors.json()]);
});
Decrypts encrypted configuration.
new Confabulous().add((config) => {
return loaders.file({ path: './config.json.encrypted' }, [
processors.decrypt({
algorithm: 'aes-192-cbc',
key: process.env.SECRET_KEY,
iv: process.env.IV,
}),
processors.json(),
]);
});
Calling confabulous.close will emit a 'closing' event. This can be used by loaders to free up resources (e.g. close file watchers)
Deprecated. Pass a callback to the end
function instead.
Emitted when loading config for the first time.
Deprecated. Pass a callback to the end
function instead.
Emitted when an error occurs loading config for the first time.
Emitted when confabulous successfully reloads a watched config.
Emitted when confabulous encounters an error reloading a watched config
Q. Why doesn't Confabulous notice new files?
A. Because fs.watch doesn't notice them either. You can workaround by modifying some configuration watched by a different loader higher up in the confabulous stack
Q. Why does jest emit a FSEVENTWRAP error?
A. Because you have configured a loader to watch for changes, but not called confabulous.close() in your test teardown
FAQs
A pluggable, hierarchical, asynchronous config loader and post processor with support for environment variables, command line arguments, json, javascript, http, vault, etcd and postgres
The npm package confabulous receives a total of 894 weekly downloads. As such, confabulous popularity was classified as not popular.
We found that confabulous demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.