Security News
Maven Central Adds Sigstore Signature Validation
Maven Central now validates Sigstore signatures, making it easier for developers to verify the provenance of Java packages.
By Sarah Gooding - Feb 06, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
What is config?
The config npm package is designed to simplify the management of configuration settings for Node.js applications. It allows developers to organize configuration variables for different deployment environments, such as development, testing, and production, in a structured and accessible manner. This package supports configuration file formats like JSON, YAML, and JavaScript, enabling easy integration into various projects.
What are config's main functionalities?
Environment-Specific Configurations
This feature allows you to load different configurations based on the current environment (e.g., development, production). The code sample demonstrates how to access a database configuration specific to the current environment.
const config = require('config');
let dbConfig = config.get('Customer.dbConfig');
console.log(dbConfig.host);Custom Environment Variables
Leverage custom environment variables within your configuration files. The example shows how to access a nested configuration property, such as a database password.
const config = require('config');
let dbPassword = config.get('Customer.dbConfig.password');
console.log(dbPassword);Configuration File Formats
Supports multiple configuration file formats including JSON, YAML, and JavaScript. This example demonstrates accessing a server port setting from a JSON configuration file.
// Assuming you have a JSON config file named 'default.json' in your config directory
const config = require('config');
let serverPort = config.get('server.port');
console.log(serverPort);Other packages similar to config
dotenv
Dotenv is a module that loads environment variables from a .env file into process.env. While dotenv is focused on loading environment variables, config deals with organizing and accessing hierarchical configurations.
nconf
nconf is a hierarchical node.js configuration with files, environment variables, command-line arguments, and atomic object merging. It provides a similar functionality to config but with a different approach to organizing and prioritizing configuration sources.
Configure your Node.js Applications
Introduction
Node-config organizes hierarchical configurations for your app deployments.
It lets you define a set of default parameters, and extend them for different deployment environments (development, qa, staging, production, etc.).
Configurations are stored in configuration files within your application, and can be overridden and extended by environment variables, command line parameters, or external sources.
This gives your application a consistent configuration interface shared among a growing list of npm modules also using node-config.
Project Guidelines
- Simple - Get started fast
- Powerful - For multi-node enterprise deployment
- Flexible - Supporting multiple config file formats
- Lightweight - Small file and memory footprint
- Predictable - Well tested foundation for module and app developers
Quick Start
The following examples are in JSON format, but configurations can be in other file formats.
Install in your app directory, and edit the default config file.
$ npm install config
$ mkdir config
$ vi config/default.json
{
// Customer module configs
"Customer": {
"dbConfig": {
"host": "localhost",
"port": 5984,
"dbName": "customers"
},
"credit": {
"initialLimit": 100,
// Set low for development
"initialDays": 1
}
}
}
Edit config overrides for production deployment:
$ vi config/production.json
{
"Customer": {
"dbConfig": {
"host": "prod-db-server"
},
"credit": {
"initialDays": 30
}
}
}
Use configs in your code:
const config = require('config');
//...
const dbConfig = config.get('Customer.dbConfig');
db.connect(dbConfig, ...);
if (config.has('optionalFeature.detail')) {
const detail = config.get('optionalFeature.detail');
//...
}
config.get() will throw an exception for undefined keys to help catch typos and missing values.
Use config.has() to test if a configuration value is defined.
Start your app server:
$ export NODE_ENV=production
$ node my-app.js
Running in this configuration, the port and dbName elements of dbConfig
will come from the default.json file, and the host element will
come from the production.json override file.
Articles
- Configuration Files
- Common Usage
- Environment Variables
- Reserved Words
- Command Line Overrides
- Multiple Node Instances
- Sub-Module Configuration
- Configuring from a DB / External Source
- Securing Production Config Files
- External Configuration Management Tools
- Examining Configuration Sources
- Using Config Utilities
- Upgrading from Config 0.x
- Webpack usage
Further Information
If you still don't see what you are looking for, here are some more resources to check:
- The wiki may have more pages which are not directly linked from here.
- Review questions tagged with node-config on StackExchange. These are monitored by
node-configcontributors. - Search the issue tracker. Hundreds of issues have already been discussed and resolved there.
Contributors
License
May be freely distributed under the MIT license.
Copyright (c) 2010-2022 Loren West and other contributors
FAQs
Configuration control for production node deployments
The npm package config receives a total of 851,952 weekly downloads. As such, config popularity was classified as popular.
We found that config demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Package last updated on 25 Jun 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
38% of CISOs Fear They’re Not Moving Fast Enough on AI
CISOs are racing to adopt AI for cybersecurity, but hurdles in budgets and governance may leave some falling behind in the fight against cyber threats.
By Sarah Gooding - Feb 04, 2025
Research
Security News
Go Supply Chain Attack: Malicious Package Exploits Go Module Proxy Caching for Persistence
Socket researchers uncovered a backdoored typosquat of BoltDB in the Go ecosystem, exploiting Go Module Proxy caching to persist undetected for years.
By Kirill Boychenko - Feb 04, 2025