Security News
The Changelog Podcast: Practical Steps to Stay Safe on npm
Learn the essential steps every developer should take to stay secure on npm and reduce exposure to supply chain attacks.
By Sarah Gooding -  Oct 31, 2025
🚀 DAY 5 OF LAUNCH WEEK: Introducing Socket Firewall Enterprise.Learn more →
configuration-helper
Advanced tools
Package was removed
Sorry, it seems this package was removed from the registry
Configuration utils
Library contains utils to work with configuration providers.
Provides convenience methods for layered loading of configuration parameters. After loading is completed, they can be accessed using standard nconf means.
Here is the list of supported configuration layers: (note that their priority depends on the order in which they are called in consuming application - those that are called first have higher priority):
SERVICE_CONFIG_FILE SERVICE_OVERRIDE_CONFIG_FILE SERVICE_ENCRYPTED_CONFIG_FILE
If SERVICE_ENCRYPTED_CONFIG_FILE is specified, DECRYPTION_KEY that should be used for decryption should also be provided.
Example
Here is how configuration loading code inside the consuming application should look like:
let nconf = require('nconf'); let configurationHelper = require('configuration-helper');
nconf.argv(); let SERVICE_CONFIG_FILE = nconf.get('SERVICE_CONFIG_FILE'); let SERVICE_OVERRIDE_CONFIG_FILE = nconf.get('SERVICE_OVERRIDE_CONFIG_FILE'); let SERVICE_ENCRYPTED_CONFIG_FILE = nconf.get('SERVICE_ENCRYPTED_CONFIG_FILE'); let DECRYPTION_KEY = nconf.get('DECRYPTION_KEY') || process.env.DECRYPTION_KEY;
configurationHelper.loadOverrides(nconf, SERVICE_OVERRIDE_CONFIG_FILE); configurationHelper.loadEncryptedConfiguration(nconf, SERVICE_ENCRYPTED_CONFIG_FILE, DECRYPTION_KEY); configurationHelper.loadConfiguration(nconf, SERVICE_CONFIG_FILE); configurationHelper.loadDefaultConfiguration(nconf, 'config/service.default.conf.json'); nconf.env();
module.exports = nconf;
Usage recommendations
In order to supply decryption key in a secure way, use the decryption key retrieval code from the example and then start service using the following command structure:
" DECRYPTION_KEY=dummyKey pm2 start src/server.js --name=dummy-service -- --SERVICE_CONFIG_FILE=config/overrides/service.profileName.public.conf.json --SERVICE_ENCRYPTED_CONFIG_FILE=config/overrides/service.profileName.restricted.conf.encrypted.json"
Note that space in the beginning will prevent bash from storing command in history, while setting DECRYPTION_KEY as an environment variable prevents process managers (e. g. pm2) from displaying it next to other launch parameters It still works fine with automatic pm2 restarts on crashes.
FAQs
Service configuration utils
We found that configuration-helper demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 30 Jun 2017
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Security Community Slams MIT-linked Report Claiming AI Powers 80% of Ransomware
Experts push back on new claims about AI-driven ransomware, warning that hype and sponsored research are distorting how the threat is understood.
By Sarah Gooding -  Oct 30, 2025
Security News
Ruby Core Team Assumes Stewardship of RubyGems and Bundler, Former Maintainers Offer to Transfer All Rights to Matz
Ruby's creator Matz assumes control of RubyGems and Bundler repositories while former maintainers agree to step back and transfer all rights to end the dispute.
By Sarah Gooding -  Oct 29, 2025