Security News
Crates.io Users Targeted by Phishing Emails
The Rust Security Response WG is warning of phishing emails from rustfoundation.dev targeting crates.io users.
By Sarah Gooding - Sep 12, 2025
env-lift
env-lift provides a NodeJS module to easily read configurations from environment variables. The module makes it super easy to abstract configuration loading from environment in an organised and namespaced manner.
Installing env-lift
The easiest way to install env-lift is from the NPM registry. Switch to your project directory and run the following command. Once installation completes, refer to the usage guidelines or the examples directory to use it in your project.
npm install env-lift --save
Usage
The best way to understand how to use this module is to refer to examples. A couple of them is located within the /examples directory and here we would elaborate on a few use cases.
A simple use case where config is stored in an external JSON file
In this use-case, let us assume that you are storing your config in a simple javascript variable. For your production server, you are possibly modifying the variables and running your application. In reality, the use-case could be that you are fetching the configuration from a separate JSON file. But for all practical purposes, the example here could be morphed to meet those scenarios.
Original Code:
var config = {
port: 80,
environment: 'development',
db: {
host: 'localhost',
user: 'root',
password: ''
}
};
Updated code using env-lift:
var config = require('env-lift').load('my-app', {
port: 80,
environment: 'development',
db: {
host: 'localhost',
user: 'root',
password: ''
}
});
At this stage, if you can override the values of the configuration using environment variables.
export MY_APP_PORT=8080;
export MY_APP_DB_HOST="example.com";
Executing the above terminal exports before running your app would return port as 8080 and also return db host as example.com.
Some gotchas
- The keys are expected to be all uppercase alphanumeric.
- The first letter of the environment variable cannot be a number.
- If your key has non-alphanumeric characters, they are replaced by underscore character
Contributing
Contribution is accepted in form of Pull Requests that passes Travis CI tests. You should install this repository using
npm install -d and run npm test locally before sending Pull Request.
FAQs
Simple namespaced environment variable configuration management solution
We found that env-lift demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Package last updated on 08 Apr 2015
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Introducing Custom Pull Request Alert Comment Headers
Socket now lets you customize pull request alert headers, helping security teams share clear guidance right in PRs to speed reviews and reduce back-and-forth.
By André Staltz - Sep 12, 2025
Product
Rust Support Now in Beta
Socket's Rust support is moving to Beta: all users can scan Cargo projects and generate SBOMs, including Cargo.toml-only crates, with Rust-aware supply chain checks.
By Mikola Lysenko, Trevor Norris - Sep 11, 2025