![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
config
Advanced tools
Package description
The config npm package is designed to simplify the management of configuration settings for Node.js applications. It allows developers to organize configuration variables for different deployment environments, such as development, testing, and production, in a structured and accessible manner. This package supports configuration file formats like JSON, YAML, and JavaScript, enabling easy integration into various projects.
Environment-Specific Configurations
This feature allows you to load different configurations based on the current environment (e.g., development, production). The code sample demonstrates how to access a database configuration specific to the current environment.
const config = require('config');
let dbConfig = config.get('Customer.dbConfig');
console.log(dbConfig.host);
Custom Environment Variables
Leverage custom environment variables within your configuration files. The example shows how to access a nested configuration property, such as a database password.
const config = require('config');
let dbPassword = config.get('Customer.dbConfig.password');
console.log(dbPassword);
Configuration File Formats
Supports multiple configuration file formats including JSON, YAML, and JavaScript. This example demonstrates accessing a server port setting from a JSON configuration file.
// Assuming you have a JSON config file named 'default.json' in your config directory
const config = require('config');
let serverPort = config.get('server.port');
console.log(serverPort);
Dotenv is a module that loads environment variables from a .env file into process.env. While dotenv is focused on loading environment variables, config deals with organizing and accessing hierarchical configurations.
nconf is a hierarchical node.js configuration with files, environment variables, command-line arguments, and atomic object merging. It provides a similar functionality to config but with a different approach to organizing and prioritizing configuration sources.
node-convict extends JSON configuration files with a schema definition, which allows validation, setting default values, and accessing nested properties. It compares to config by offering structured configuration management but adds schema validation and environment-specific defaults.
Readme
Node-config organizes hierarchical configurations for your app deployments.
It lets you define a set of default parameters, and extend them for different deployment environments (development, qa, staging, production, etc.).
Configurations are stored in configuration files within your application, and can be overridden and extended by environment variables, command line parameters, or external sources.
This gives your application a consistent configuration interface shared among a growing list of npm modules also using node-config.
The following examples are in JSON format, but configurations can be in other file formats.
Install in your app directory, and edit the default config file.
$ npm install config
$ mkdir config
$ vi config/default.json
{
// Customer module configs
"Customer": {
"dbConfig": {
"host": "localhost",
"port": 5984,
"dbName": "customers"
},
"credit": {
"initialLimit": 100,
// Set low for development
"initialDays": 1
}
}
}
Edit config overrides for production deployment:
$ vi config/production.json
{
"Customer": {
"dbConfig": {
"host": "prod-db-server"
},
"credit": {
"initialDays": 30
}
}
}
Use configs in your code:
var config = require('config');
//...
var dbConfig = config.get('Customer.dbConfig');
db.connect(dbConfig, ...);
if (config.has('optionalFeature.detail')) {
var detail = config.get('optionalFeature.detail');
//...
}
config.get()
will throw an exception for undefined keys to help catch typos and missing values.
Use config.has()
to test if a configuration value is defined.
Start your app server:
$ export NODE_ENV=production
$ node my-app.js
Running in this configuration, the port
and dbName
elements of dbConfig
will come from the default.json
file, and the host
element will
come from the production.json
override file.
If you still don't see what you are looking for, here more resources to check:
node-config
contributors.May be freely distributed under the MIT license.
Copyright (c) 2010-2015 Loren West and other contributors
FAQs
Unknown package
The npm package config receives a total of 786,743 weekly downloads. As such, config popularity was classified as popular.
We found that config demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.