Security News
PyPI Introduces Digital Attestations to Strengthen Python Package Security
PyPI now supports digital attestations, enhancing security and trust by allowing package maintainers to verify the authenticity of Python packages.
<app_root>/config.default.js
config.default.json
, which should be a JSON file.config.js
or config.json
<app_root>/config.local.js
config.local.json
or config.local.js
will both work.gitignore
as these are by definition specific to a particular developer or environment and should not be tracked in source control./etc/<package_name>/config.js
<package_name>
is your npm package name from your project's package.json
file/etc/<package_name>/config.json
will also workvar config = require("config3");
require
which looks for .js
first and falls back to .json
otherwise.
config.default.js
OR config.default.json
(NOT both)config.js
OR config.json
(NOT both)config.local.js
OR config.local.json
(NOT both)/etc/<package_name>/config.js
OR /etc/<package_name>/config.json
(NOT both)<app_root>/config.json
{"port": 3000, "dbUrl": "mongodb://localhost/myapp", "fbAppId": "12345"}
<app_root>/config.local.json
{"port": 4500}
/etc/myapp/config.json
{"dbUrl": "mongodb://192.168.1.17/myapp-production", "fbAppId": "REAL_FB_APP_ID"}
This module comes with a command line program also called config3
that takes a property path as the only argument and prints out the corresponding value from your application's configuration. This supports property path notation al la db.connection.poolSize
via the pathval
npm package.
This comes in handy for automating stuff during builds and deployments.
./node_modules/.bin/config3 'emails.admins[0]'
Prints out "one@example.com" given a config of {emails: {admins: ["one@example.com"]}}
#Motivation and Philosophy
There are many similar modules already written and published to the npm registry. Why yet another? I find problems with most of the existing ones as follows:
RAILS_ENV=production
(NODE_ENV for us)
NODE_ENV
. Typically this might be something like enabling a cache in production
but disabling it otherwise.NODE_ENV=staging
on your staging system and use one of the npm config packages that loads a staging.yaml
file. Now your staging server is way out of alignment with production.NODE_ENV
should be removed in favor of explicit options. Packages in npm should assume production-type configuration by default and should allow appropriate changes for development when passed explicit granular options to do development things like enabling source maps, disabling caches, printing debug output, etc.config3
config3 uses the debug package by TJ Holowaychuk. Normally, no debug information is output. To have debug statements written to stdout, set the DEBUG environment variable to config3
or a colon-delimited string containing config3 like express:config3:socket.io
.
DEBUG=config3 node myapp.js
require
can load JSON files directly. Throws exceptions.process.cwd()
.NODE_ENV
FAQs
Cascade config files with sensible default, local, deployed files
The npm package config3 receives a total of 4 weekly downloads. As such, config3 popularity was classified as not popular.
We found that config3 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PyPI now supports digital attestations, enhancing security and trust by allowing package maintainers to verify the authenticity of Python packages.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.