Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
By Socket Research Team - Dec 02, 2024
Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
envcfg
envcfg is an environment aware configuration module. It is inspired by settings and cfg.
It can load configurations from json files, modules or just plain objects. Do note that when loading from disk readFileSync or require will be used.
Install
npm install envcfg
Usage
The configuration can be broken down by environment, with the special * key which can be used to share common settings across all environments.
Files
Files can be loaded by passing the path to file that follows the structure above. If the file ends in .json it will be assumed it is a JSON file and will be parsed accordingly.
var envcfg = require('envcfg');
var config = envcfg(__dirname + '/path/to/config.json');
{
"*": {
"foo": "foo-*",
"buz": "buzz-*"
},
"development": {
"bar": "bar-development"
},
"test": {
"foo": "foo-test",
"bar": "bar-test"
}
}
Modules
Loading modules by path is not different than loading JSON besides the naming convention. Just be sure the module sets it's module.exports to the configuration.
var envcfg = require('envcfg');
var config = envcfg(__dirname + '/path/to/config_module');
module.exports = exports = {
"*": {
"foo": "foo-*",
"buz": "buzz-*"
},
"development": {
"bar": "bar-development"
},
"test": {
"foo": "foo-test",
"bar": "bar-test"
}
}
Programmatically
It is also possible to pass in a plain object.
var config = require('envcfg')({
"*": {
"foo": "foo-*",
"buz": "buzz-*"
},
"development": {
"bar": "bar-development"
},
"test": {
"foo": "foo-test",
"bar": "bar-test"
}
});
Mutability
Ever have anyone muck around with your configuration settings? No worries, the object returned from envcfg cannot be tampered with. In strict mode exceptions will be thrown and in none-strict mode, they will be ignored.
'use strict';
var config = require('envcfg')({
"*": {
"foo": "foo-*",
"buz": "buzz-*"
},
"development": {
"bar": "bar-development"
},
"test": {
"foo": "foo-test",
"bar": "bar-test"
}
});
// throws on re-setting
config.buzz = "buzz off"; // throws TypeError
// throws on setting new values
config.something_new = 'wtf'; // throws TypeError
FAQs
stupid simple environment aware configuration
The npm package envcfg receives a total of 7 weekly downloads. As such, envcfg popularity was classified as not popular.
We found that envcfg demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 03 Mar 2014
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Research
Typosquatting Cryptographic Libraries: Malicious npm Packages Threaten Crypto Developers with Keylogging and Wallet Theft
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
By Kirill Boychenko - Nov 27, 2024
Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
By Sarah Gooding - Nov 26, 2024