Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
This module is inspired by and borrows much of its behaviour from the excellent Konfiga module. This module removes the commandline parsing abilities of its ancestor, adds required variables, and simplifies some internal logic around custom parsers by slightly altering that part of the options API.
configeur reads in the environment and uses a spec to parse and the values found to appropriate types. It supports:
Configeur accepts an object which defines config variables names and how to derive them from the environment (or a default).
For example:
// Module config.js
const configeur = require('configeur');
const config = configeur({
PORT: {
defaultValue: '8000',
type: 'number'
}
});
module.exports = config; // An instance of Map.
The above, assuming no values are read from the environment, will assign to config.js:
{
PORT: 8000
}
Fields used to configure a config variable are:
field | required | description |
---|---|---|
'defaultValue' | false | The value used when the variable is not found in the environment. Must always be a string, as if it has come from the environment. |
'required' | false | Defaults to false. When true, a corresponding environment variable is required. A default will be ignored and an error thrown when the environment variable is not found. |
'type' | false | The type to cast to. Defaults to 'string' . |
Default types are:
'string'
'number'
'boolean'
Additional types can be specified as parsers.
configeur accepts a second parameter consisting of an options object.
parsers
configeur comes with default parsers. To add more parsers, or override
existing parsers, this array can be used. For example, to add an 'integer'
type:
const config = configeur(schema, {
parsers: [
['integer', value => parseInt(value, 10)]
]
});
FAQs
Extensible parsing of environment variables into config.
The npm package configeur receives a total of 0 weekly downloads. As such, configeur popularity was classified as not popular.
We found that configeur demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.