Sign inDemoInstall


Package Overview
File Explorer

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies



Unruly configuration management for nodejs

Version published
Install size
3.64 MB




Build status Dependency Status devDependency Status Coverage Status

Convict expands on the standard pattern of configuring node.js applications in a way that is more robust and accessible to collaborators, who may have less interest in digging through imperative code in order to inspect or modify settings. By introducting a configuration schema, convict gives project collaborators more context on each setting and enables validation and early failures for when configuration goes wrong.


  • Loading and merging: configurations are loaded from disk or inline and merged. JSON files are loaded with cjson so comments are welcome.
  • Environmental variables: values can be derived from environmental variables
  • Command-line arguments: values can also be derived from command-line arguments
  • Validation: configurations are validated against your schema, generating an error report with all errors that are found


npm install convict


An example config.js:

var convict = require('convict');

// define a schema

var conf = convict({
  env: {
    doc: "The applicaton environment.",
    format: ["production", "development", "test"],
    default: "development",
    env: "NODE_ENV"
  ip: {
    doc: "The IP address to bind.",
    format: "ipaddress",
    default: "",
    env: "IP_ADDRESS",
  port: {
    doc: "The port to bind.",
    format: "port",
    default: 0,
    env: "PORT"

// load environment dependent configuration

var env = conf.get('env');
conf.loadFile('./config/' + env + '.json');

// perform validation


module.exports = conf;


var http = require('http');
var conf = require('./config.js');

var server = http.createServer(function (req, res) {
  res.writeHead(200, {'Content-Type': 'text/plain'});
  res.end('Hello World\n');

// consume
server.listen(conf.get('port'), conf.get('ip'), function(x) {
  var addy = server.address();
  console.log('running on http://' + addy.address + ":" + addy.port);

The Schema

A configuration module could look like this:


var config = module.exports = convict({
  env: {
    doc: "The application environment.",
    format: ["production", "development", "test"],
    default: "development",
    env: "NODE_ENV",
    arg: "node-env",

config.loadFile(['./prod.json', './config.json']);

Each setting in the schema has four possible properties, each aiding in convict's goal of being more robust and collaborator friendly.

  • Type information: the format property specifies either a built-in convict format (ipaddress, port, int, etc.), or it can be a function to check a custom format. During validation, if a format check fails it will be added to the error report.
  • Default values: Every setting must have a default value.
  • Environmental variables: If the variable specified by env has a value, it will overwrite the setting's default value.
  • Command-line arguments: If the command-line argument specified by arg is supplied, it will overwrite the setting's default value or the value derived from env.
  • Documentation: The doc property is pretty self-explanatory. The nice part about having it in the schema rather than as a comment is that we can call conf.toSchemaString() and have it displayed in the output.


In order to help detect misconfigurations, convict allows you to define a format for each setting. By defualt, convict checks if the value of the property has the same type (according to as the default value specified in the schema. You can define a custom format checking function in the schema by setting the format property.

convict provides serveral predefined formats for validation that you can use (using node-validator and moment.js). Most of them are self-explanatory:

  • * - any value is valid
  • int
  • port
  • url
  • email
  • ipaddress - IPv4 and IPv6 addresses
  • duration - milliseconds or a human readable string (e.g. "3000", "5 days")
  • timestamp - Unix timestamps or date strings recognized by moment.js
  • nat - positive integer (natural number)

If format is set to one of the built-in JavaScript constructors, Object, Array, String, Number, or Boolean, validation will use to check that the setting is the proper type.

You can also provide your own format checking function. For example:

var check = require('validator').check;

var conf = convict({
    key: {
      doc: "API key",
      format: function (val) {
        check(val, 'should be a 64 character hex key').regex(/^[a-fA-F0-9]{64}$/);
      default: '3cec609c9bc601c047af917a544645c50caf8cd606806b4e0a23312441014deb'


Convict will automatically coerce environmental variables from strings to their proper types when importing them. For instance, values with the format int, nat, port, or Number will become numbers after a straight forward parseInt or parseFloat. duration and timestamp are also parse and converted into numbers, though they utilize moment.js for date parsing.


var config = convict(schema)

convict() takes a schema object and returns a convict configuration object. The configuration object has an API for getting and setting values, described below.


Returns the current value of the name property. name can use dot notation to reference nested values. E.g.:


// or



Returns the default value of the name property. name can use dot notation to reference nested values. E.g.:



Returns true if the property name is defined, or false otherwise. E.g.:

if (config.has('')) {
  // do something

config.set(name, value)

Sets the value of name to value. name can use dot notation to reference nested values, e.g. "database.port". If objects in the chain don't yet exist, they will be initialized to empty objects. E.g.:

config.set('property.that.may.not.exist.yet', 'some value');
// returns "some value"


This will load and merge a JavaScript object into config. E.g.:

  "env": "test",
  "ip": "",
  "port": 80

config.loadFile(file or [file1, file2, ...])

This will load and merge one or multiple JSON configuration files into config. JSON files are loaded using cjson, so they can contain comments. E.g.:

conf.loadFile('./config/' + conf.get('env') + '.json');

Or, loading multiple files at once:

// CONFIG_FILES=/path/to/production.json,/path/to/secrets.json,/path/to/sitespecific.json


Validates config against the schema used to initialize it. All errors are collected and thrown at once.


How can I define a configuration property as "required" without providing a default value?

The philosophy was to have production values be the default values. Usually you only want to change defaults for deploy or instance (in aws speak) specific tweaks. However, you can set a default value to null and if your format doesn't accept null it will throw an error.

How can I use convict in a (browserify-based) browser context?

Thanks to browserify, convict can be used for web applications too. To do so,

  • Ignore the system and file modules (in Gulp, add .ignore('system').ignore('file') to your browserify pipe).
  • Use brfs to ensure the fs.loadFileSync schema-loading calls are inlined at build time rather than resolved at runtime (in Gulp, add .transform(brfs) to your browserify pipe).
  • To support "loading configuration from a URL", build a thin wrapper around convict using your favorite http package (e.g. superagent). Typically, in the success callback, call convict's load() on the body of the response.


Last updated on 12 Jan 2015

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.


Related posts

SocketSocket SOC 2 Logo


  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc