Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
By Kirill Boychenko - Sep 24, 2025
Confi
Confi loads configuration data from yaml, json or from a package.json with support for NODE_ENV overrides.
Installation
npm install confi
or
yarn add confi
Usage
Note: confi() is an async method.
Note: Default configuration directory is ./conf/
Configuration files that start with default are loaded and merged together. This allows you to split up configuration logic into smaller files.
You can create a file that matches NODE_ENV which will apply it's values on top of anything set in default. This allows you to create configuration for production and development environments.
User specific configuration can be created as well by placing config files in a users directory inside of the config directory.
./conf/default.yaml
title: 'Example Site'
site:
name: '{{ title }} - DEV'
updateEvery: '{{ ms("1h") }}
appId: '{{ getEnv("APP_ID", '09830948029384') }}'
shot: false
./conf/users/han.json
{
"shot": true
}
./conf/production.yaml
site:
name: '{{ title }}'
updateEvery: '{{ getEnv("UPDATE_EVERY", ms("1h")) }}'
Basic
const confi = require('confi');
async function startApp() {
const config = await confi();
console.log(config.site.name); // Example Site - DEV
console.log(config.appId); // 09830948029384
console.log(config.updateEvery); // 3600000
console.log(config.shot); // false
}
startApp();
User
const confi = require('confi');
async function startApp() {
const config = await confi({
user: 'han'
});
console.log(config.site.name); // Example Site - DEV
console.log(config.appId); // 09830948029384
console.log(config.updateEvery); // 3600000
console.log(config.shot); // true
}
startApp();
Environment
// imagine process.env.UPDATE_EVERY is 10000
const confi = require('confi');
async function startApp() {
const config = await confi({
env: 'production'
});
console.log(config.site.name); // Example Site
console.log(config.appId); // 09830948029384
console.log(config.updateEvery); // 10000
console.log(config.shot); // true
}
startApp();
For more examples, see the test directory.
Options
confi([options])
path- Supply an alternate path to load config from. Default:process.env.CONFI_PATHor./confenv- Manually set the envitonment. Default:devuserPath- Path for user overrides. Default:./conf/userscontext- Advanced option to pass additional information tovarsonfor parsing configs.helpers- Additional helper methods to expose.user- Which user shall the user config be loaded for.
Helpers
Confi comes with a set of helper methods. You can find documentation for them here.
A First + Third Project
FAQs
a simple configuration library
The npm package confi receives a total of 38 weekly downloads. As such, confi popularity was classified as not popular.
We found that confi demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Package last updated on 19 Feb 2021
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025