Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
By Kush Pandya - Jun 06, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
Deep-conf
Configuration library for Node.js application server deployments. It lets you define a set of configs with inheritance.
Quick Start
Install it with NPM or add it to your package.json:
$ npm install deep-conf
Then:
// Create instance by factory
var configBuilder = require('deep-conf')();
// Register new config with name "sampleConfig"
configBuilder.register({
name: 'sampleConfig',
config: {
host: 'localhost',
port: 80,
fullName: function(config) {
return 'http://' + config.host + ':' + config.port;
}
}
});
// Get registered config by name
var config = configBuilder.get('sampleConfig');
console.log(config.host, config.port, config.fullName);
// localhost 80 http://localhost:80
API
register: create new config with name and optional parent. NOTE: field info, that contains name and parentName, will be added to config, so do not add to your config field with this name, because it will be overrided.
// Register new config with name "development"
configBuilder.register({
name: 'development',
config: {
host: 'localhost',
port: 80
}
});
// Register new config with name "production",
// inherite it from "development"
// and replace field "host" with new value
configBuilder.register({
name: 'production',
parent: 'development',
config: {
host: 'example.com'
}
});
update: update existing config
// Update fields of existing config "development"
configBuilder.update({
name: 'development',
config: {
protocol: 'https'
}
});
get: get registered config
// Get config "production"
var config = configBuilder.get('production');
console.log(config.host, config.port);
// example.com 80
func: define in config functional field
// Register config with functional field
configBuilder.register({
name: 'funcConfig',
config: {
f: configBuilder.func(function(a, b) {
return a + b;
})
}
});
var config = configBuilder.get('funcConfig');
console.log(config.f(1, 2));
// 3
stringify: get registered config as string with optional space count (like JSON.stringify)
// Register config "stringConfig"
configBuilder.register({
name: 'stringConfig',
config: {
host: 'localhost',
port: 80,
fullName: function(config) {
return 'http://' + config.host + ':' + config.port;
},
sum: configBuilder.func(function(a, b) {
var sum = a + b;
return sum;
})
}
});
// Stringify config "stringConfig"
var str = configBuilder.stringify('stringConfig', 2);
console.log(str);
// {
// "host": "localhost",
// "port": 80,
// "fullName": "http://localhost:80",
// "sum": function (a, b) {var sum = a + b;return sum;}
// }
ConfigBuilder: create instance with constructor
var configBuilder = new (require('deep-conf').ConfigBuilder)();
FAQs
node.js configuration libruary
The npm package deep-conf receives a total of 2 weekly downloads. As such, deep-conf popularity was classified as not popular.
We found that deep-conf demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 27 Jan 2017
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Socket Now Supports pylock.toml Files
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
By Trevor Norris - Jun 05, 2025
Security News
Research
Destructive npm Packages Disguised as Utilities Enable Remote System Wipe
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.
By Kush Pandya - Jun 05, 2025