Research
Recent Trends in Malicious Packages Targeting Discord
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Readme
Effortless setup for config-management in nodejs
Easily setup config management for your node app with confn. It's designed to be a key-value store. Btw you can set strings, objects etc. as your values! Moreover it's designed to make it easy for you to switch between key, value pairs with respect to different environments (NODE_ENV=production, NODE_ENV=staging) etc.
It's very simple to setup and use confn . confn also reads from the environment by default.
Sample:
const Conf = require('confn');
Conf.set('HOST', '127.0.0.1');
Conf.set('PORT', 9337);
console.log('HOST: ', Conf.get('HOST'));
console.log('PORT: ', Conf.get('PORT'));
console.log('USER: ', Conf.get('USER'));
Now if you run the script above:
USER=root node script.js
The output will be:
HOST: 127.0.0.1
PORT: 9337
USER: root
const Conf = require('confn');
const config = {
defaults: {
HOST: '127.0.0.1',
PORT: 9337,
USER: 'root'
OBJECT: {
RANDOM: 'random'
}
},
staging: {
HOST: 'https://staging.co'
},
production: {
HOST: 'https://production.co',
PORT: 9335
}
}
Conf.init(config);
console.log(Conf.get().HOST);
NODE_ENV=staging node script.js
https://staging.co
Conf.init(config)
you can fetch the keys from any file by using const { KEY1, KEY2 } = require('confn').get()
confn reads the key-value pairs from defaults key of the config passed in Conf.init(config)
. If there is any key that is in defaults and also in the environment then the value in the enviroment is given precedence. This means that if you run the above script with HOST=localhost node script.js
then the output would be localhost
and not 127.0.0.1
.
staging
or production
key. i.e. the objects whose keys are used for a specific NODE_ENV
have precedence over both environment and defaults keys. In the above example, in the production object the host and port both will override the defaults and environment keys.const Conf = require('confn');
Conf.set('HOST', 1);
Conf.override('HOST', 12);
Conf.hardSet('HOST', 123);
Conf.override(key, value)
has been used on that specific key. However if you really want to update that key then you can use Conf.hardSet(key, value)
to update that key.Conf.init(config)
. First the environment keys are set by using the override method. And after that the keys under defaults
are set. (Which is why the environment has more precedence than defaults). After that the staging
, production
etc. NODE_ENV
key, value pairs are set with the hardSet
method hence they have the highest precedence.env
for config management. If you want to then you can also add more stores that you might want to use.Sample code:
const Conf = require('confn');
const config = {
defaults: {
HOST: '127.0.0.1',
PORT: 9337,
USER: 'root',
},
staging: {
HOST: 'https://staging.co',
},
production: {
HOST: 'https://production.co',
PORT: 9335,
},
};
Conf.addStore('memory');
Conf.init(config, 'memory');
console.log(Conf.get(null, 'memory'));
memory
where all the configuration keys will be stored. Please note that stores don't share any key, value information amongst each other apart from the environment key, value pairs. .
.
SPACESHIP_VERSION: '3.11.2',
SPACESHIP_ROOT: '/Users/root/.nvm/versions/node/v14.6.0/lib/node_modules/spaceship-prompt',
P9K_TTY: 'old',
_: '/Users/root/.nvm/versions/node/v14.6.0/bin/node',
HOST: '127.0.0.1',
PORT: 9337
}
FAQs
A simple to implement config management node js library. Setup dev, staging, production, etc. config for your node app effortlessly.
The npm package confn receives a total of 1 weekly downloads. As such, confn popularity was classified as not popular.
We found that confn demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.