Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Env is a Node and client-side ~60 LOC library to manage what environment your code is running in, and let you override the environment for parts of the system.
Env = require('enviro')
Env.get('api') # Will return local, development, or production
Env.getInternal('api') # Will return local, qa, or prod
# Gets it's env from env vars, first would look to API_ENV, then NODE_ENV
Enviro.get('usage_tracking')
# Set with window.USAGE_TRACKING_ENV or localStorage.USAGE_TRACKING_ENV
get(serviceName, [default])
- returns 'development' or 'production' to let you know which servers serviceName should
be talking to
getShort(serviceName, [default])
- returns 'local', 'qa' or 'prod', otherwise the same as get
deployed(serviceName)
- Returns boolean based on whether serviceName should be considered actually deployed
By convention, the environments defined by specific names refer to which server you should be communicating with,
not which environment this process is actually in. The special deployed
env can be used to get the actual
environment the process is running in.
Enviro also provides the deployed
function which will return true if the service is deployed.
You can override what apis your software talks to, and whether it thinks it's deployed.
API_ENV
will, for example, change what is returned by Env.get('api')
GAMERA_DEPLOYED
will, for example, change what is returned by Env.deployed('gamera')
Env.get('api.gamera')
will first look to GAMERA_ENV
, then API_ENV
FAQs
env ===
We found that enviro demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.