confess - npm Package Compare versions
Comparing version 1.0.2 to 2.0.0
| { | ||
| "name": "confess", | ||
| "version": "1.0.2", | ||
| "description": "A configuration wrapper around the configuration manager `convict`", | ||
| "version": "2.0.0", | ||
| "description": "This package has changed authors and will use this name for completely different functionality.", | ||
| "main": "index.js", | ||
| "files": [ | ||
| "index.js", | ||
| "lib" | ||
| ], | ||
| "scripts": { | ||
| "jshint": "jshint --reporter node_modules/jshint-stylish index.js lib/**", | ||
| "check-cov": "istanbul check-coverage --statements 100 --functions 100 --branches 100 --lines 100", | ||
| "test": "istanbul cover _mocha", | ||
| "posttest": " npm run check-cov; npm run jshint;", | ||
| "codeclimate": "cat ./coverage/lcov.info | codeclimate-test-reporter" | ||
| "test": "echo \"Error: no test specified\" && exit 1" | ||
| }, | ||
| "repository": { | ||
| "type": "git", | ||
| "url": "https://github.com/ksmithut/confess.git" | ||
| "url": "git+ssh://git@gitlab.com/harth/confess.git" | ||
| }, | ||
| "keywords": [ | ||
| "config", | ||
| "convict", | ||
| "configuration" | ||
| ], | ||
| "author": "ksmithut", | ||
| "license": "MIT", | ||
| "author": "", | ||
| "license": "ISC", | ||
| "bugs": { | ||
| "url": "https://github.com/ksmithut/confess/issues" | ||
| "url": "https://gitlab.com/harth/confess/issues" | ||
| }, | ||
| "homepage": "https://github.com/ksmithut/confess", | ||
| "dependencies": { | ||
| "cjson": "^0.4.0", | ||
| "convict": "^1.3.0", | ||
| "minimatch": "^3.0.0", | ||
| "object-assign": "^4.0.1", | ||
| "rc": "^1.1.6" | ||
| }, | ||
| "devDependencies": { | ||
| "chai": "^3.5.0", | ||
| "clear-require": "^1.0.1", | ||
| "codeclimate-test-reporter": "^0.3.1", | ||
| "istanbul": "^0.4.3", | ||
| "jshint": "^2.9.1", | ||
| "jshint-stylish": "^2.1.0", | ||
| "mocha": "^2.4.5", | ||
| "mocha-lcov-reporter": "^1.2.0" | ||
| } | ||
| "homepage": "https://gitlab.com/harth/confess#readme" | ||
| } |
104
README.md
@@ -1,103 +0,5 @@ | ||
| # confess | ||
| # Confess | ||
| [](https://iojs.org/) | ||
| [](https://nodejs.org/) | ||
| This package has changed authors and will use this name for completely different functionality. | ||
| [](https://www.npmjs.org/package/confess) | ||
| [](https://david-dm.org/ksmithut/confess) | ||
| [](https://david-dm.org/ksmithut/confess#info=devDependencies&view=table) | ||
| [](https://codeclimate.com/github/ksmithut/confess) | ||
| [](https://travis-ci.org/ksmithut/confess) | ||
| [](https://codeclimate.com/github/ksmithut/confess) | ||
| `confess` is a configuration wrapper around | ||
| [`convict`](https://github.com/mozilla/node-convict). | ||
| ### Deprecated: Opt to use [`convict`](https://github.com/mozilla/node-convict) | ||
| ### directly. If you would like this project to remain, I can transfer rights | ||
| ### over to someone who wishes to maintain it, otherwise, I will unpublish it. | ||
| ## The problem | ||
| Setting up configuration and using configuration seem to be two different | ||
| concerns approached by other configuration modules. Convict is a module that has | ||
| (in my opinion) done a really good job at setting up configuration. It's | ||
| extensible, easy to integrate with in any system, and can be customized to do | ||
| just about anything the other configuration loaders can do. Using it, though, | ||
| can be a pain. You create a `config.js` or `config/index.js` or something that | ||
| loads convict and configures your configuration. That's the good part. But when | ||
| you want to use your configuration, it's only available if you `require()` it | ||
| from wherever you are in your file system, which could requires a lot of `../`. | ||
| This module makes abstracts my most common use cases of setting up configuration | ||
| with convict, with the convenience of use a require without paths. | ||
| # Installation | ||
| ```bash | ||
| npm install --save confess | ||
| ``` | ||
| # Usage | ||
| In the root of your project create a folder called `config/`. | ||
| In this folder, there will be 3 classes of files: | ||
| * **Schema definition file** - This is the file that defines the schema of the | ||
| main configuration options. This file should export an object that you would use | ||
| to define your `convict` configuration. Documentation on how to set up the | ||
| schema can be found [here](https://github.com/mozilla/node-convict#the-schema). | ||
| The default name for this file is `index.js`. | ||
| * **Default configuration file** - This file gets loaded and merged into the | ||
| config object using `convict`'s | ||
| [`.load()`](https://github.com/mozilla/node-convict#configloadobject) method. | ||
| The default name for this file is `default.js`. | ||
| * **Environment configuration files** - The default schema that gets loaded | ||
| includes and environment configuration that you can set with an environment | ||
| variable (`NODE_ENV`) or with a flag (`--env`). The default environment is | ||
| `development` so it loads `development.js`. It is recommended that you create | ||
| multiple environment configuration files, such as `test` and `production`. Any | ||
| configuration options set in these files with override those in default and the | ||
| schema defaults. | ||
| The object that gets returned is the `convict` config object. So to get a config | ||
| value, just use it like you would in `convict`. | ||
| ```js | ||
| 'use strict'; | ||
| var config = require('confess'); | ||
| config.get('port'); | ||
| config.get('session.secret'); | ||
| ``` | ||
| For more documentation on things you can do with the `convict` config object, | ||
| see [their documentation](https://github.com/mozilla/node-convict); | ||
| # Configuration | ||
| You can override things like the folder and schema filename by putting a | ||
| `.confessrc` file in the root of your project. | ||
| ```json | ||
| { | ||
| "extension": "js", // can be js or json | ||
| "schemaPrefix": "index", | ||
| "defaultPrefix": "default", | ||
| "defaultEnv": "development", | ||
| "configDir": "config", // relative dir to cwd | ||
| "cwd": "" // This defaults to what process.cwd() is | ||
| } | ||
| ``` | ||
| If anyone would like to add more file extension support, submit an issue or pull request. I stuck with just `js` and `json` because this is nodejs/iojs. | ||
| # Examples | ||
| To view example folder/file structures, view the | ||
| [examples directory](https://github.com/ksmithut/confess/tree/master/examples). | ||
| To access the original package checlout the original author's github repo https://github.com/ksmithut/confess |
New alerts
Empty package
Supply chain riskPackage does not contain any code. It may be removed, is name squatting, or the result of a faulty package publish.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
No contributors or author data
MaintenancePackage does not specify a list of contributors or an author in package.json.
Found 1 instance in 1 package
No tests
QualityPackage does not have any tests. This is a strong signal of a poorly maintained or low quality package.
Found 1 instance in 1 package
Fixed alerts
Deprecated
MaintenanceThe maintainer of the package marked it as deprecated. This could indicate that a single version should not be used, or that the package is no longer maintained and any new vulnerabilities will not be fixed.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Improved metrics
- Dependency count
- decreased by-100%
0
- Dev dependency count
- decreased by-100%
0
- Number of medium maintenance alerts
- decreased by-100%
0
- Number of low supply chain risk alerts
- decreased by-100%
0
Worsened metrics
- Total package byte prevSize
- decreased by-92.07%
741
- Number of package files
- decreased by-50%
3
- Lines of code
- decreased by-100%
0
- Number of low maintenance alerts
- increased by100%
2
- Number of low quality alerts
- increased byInfinity%
1
- Number of lines in readme file
- decreased by-94.23%
6
- Number of medium supply chain risk alerts
- increased byInfinity%
2
Dependency changes
- Removedcjson@^0.4.0
- Removedconvict@^1.3.0
- Removedminimatch@^3.0.0
- Removedobject-assign@^4.0.1
- Removedrc@^1.1.6
- Removedbalanced-match@1.0.2(transitive)
- Removedbrace-expansion@1.1.11(transitive)
- Removedcjson@0.4.0(transitive)
- Removedconcat-map@0.0.1(transitive)
- Removedconvict@1.5.0(transitive)
- Removeddeep-extend@0.6.0(transitive)
- Removeddepd@1.1.0(transitive)
- Removedesprima@1.0.4(transitive)
- Removedini@1.3.8(transitive)
- Removedjju@1.4.0(transitive)
- Removedjson-parse-helpfulerror@1.0.3(transitive)
- Removedjson5@0.5.0(transitive)
- Removedlodash@4.16.2(transitive)
- Removedminimatch@3.1.2(transitive)
- Removedminimist@1.2.0(transitive)
- Removedmoment@2.12.0(transitive)
- Removedobject-assign@4.1.1(transitive)
- Removedrc@1.2.8(transitive)
- Removedredeyed@0.4.4(transitive)
- Removedstrip-json-comments@2.0.1(transitive)
- Removedthrough@2.3.8(transitive)
- Removedvalidator@4.6.1(transitive)
- Removedvarify@0.1.1(transitive)