
Security News
/Research
Wallet-Draining npm Package Impersonates Nodemailer to Hijack Crypto Transactions
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
config-dug
Advanced tools
Config management library for Node.js with support for multiple environments, config files, environment variables and plugins
Config Management library for Node.js
string
, number
, boolean
, array
, object
, enum
, date
and morenpm install config-dug
import { ConfigDug, z } from 'config-dug';
const schema = {
logLevel: z.string().default('info'),
};
const config = await ConfigDug.getConfig(schema);
import { ConfigDug, z } from 'config-dug';
import { AWSSecretsManagerPlugin } from '@config-dug/plugin-aws-secrets-manager';
const schema = {
logLevel: z.string().default('info'),
apiToken: {
schema: z.string(),
sensitive: true,
},
};
const awsSecretsManagerPlugin = new AWSSecretsManagerPlugin({
secrets: [
{
name: 'config-dug-test/config',
region: 'ca-central-1',
reloadInterval: '1m',
},
],
});
const configDug = new ConfigDug(schema, { plugins: [awsSecretsManagerPlugin] });
configDug.on('config-loaded', (config) => {
console.log('config-loaded event received', config);
});
configDug.on('config-reloaded', (config) => {
console.log('config-reloaded event received', config);
});
await configDug.load();
const getConfig = () => {
return configDug.getConfig();
};
export { getConfig };
Name | Type | Default | Description |
---|---|---|---|
basePath | string | process.cwd() | The directory to load config files from |
envKey | string | APP_ENV | The environment variable specifying the application environment |
loadConfigFiles | boolean | true | Load config values from `config.*.{js |
loadEnvironment | boolean | true | Load config values from the environment |
plugins | [] | An array of plugins to load. Plugins are evaluated in order so config values that come from a plugin that is specified later will override config values from plugins specified earlier | |
printConfig | boolean | false | Print the resolved config when loaded |
strict | boolean | false | When false config values are preprocessed first to coerce them to the specified type |
warnOnLocalConfigFile | boolean | true | Print a warning when a local config file `config.*.local.{js |
Create a plugin by extending the BaseConfigDugPlugin
class. The type argument specifies the particular options your plugin accepts, which itself must extend ConfigDugPluginOptions
.
interface MyPluginOptions extends ConfigDugPluginOptions {
// ...
}
class MyPlugin extends BaseConfigDugPlugin<MyPluginOptions> {
// ...
}
{
values: UntypedConfig, // Record<string, unknown>
valueOrigins: ValueOrigins, // Record<string, string[]>
nextReloadIn: number | undefined
}
flowchart TB
A[Initialize] --> B
B[onBeforeLoadConfigFiles] --> C
C[loadConfigFiles] --> D
D[onAfterLoadConfigFiles] --> E
E[onBeforeLoadPlugins] --> F
F[loadPlugins] --> G
G[onAfterLoadPlugins] --> H
H[onBeforeLoadLocalConfigFiles] --> I
I[loadLocalConfigFiles] --> J
J[onAfterLoadLocalConfigFiles] --> K
K[onBeforeLoadEnvironment] --> L
L[loadEnvironment] --> M
M[onAfterLoadEnvironment]
TODO: Add CONTRIBUTING.md
v2 was inspired by Zod and znv
v1 was inspired by config3 and config4
MIT
FAQs
Config management library for Node.js with support for multiple environments, config files, environment variables and plugins
The npm package config-dug receives a total of 6,917 weekly downloads. As such, config-dug popularity was classified as popular.
We found that config-dug demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 127 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
/Research
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
Security News
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
Security News
/Research
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.