fable-settings - npm Package Compare versions

Comparing version 1.0.2 to 1.0.3

package.json

 {
   "name": "fable-settings",
-  "version": "1.0.2",
+  "version": "1.0.3",
   "description": "A simple, tolerant configuration chain.",
@@ -32,4 +32,5 @@ "main": "source/Fable-Settings.js",
   "dependencies": {
+    "match-all": "^1.2.5",
     "underscore": "1.9.1"
   }
 }

source/Fable-Settings.js

@@ -10,3 +10,4 @@ /**
 // Underscore for utility
-var libUnderscore = require('underscore');
+const libUnderscore = require('underscore');
+const matchAll = require("match-all");
 
@@ -68,2 +69,34 @@ /**
 
+		// Resolve (recursive) any environment variables found in settings object.
+		var resolve_env = function(pSettings)
+		{
+			for(var k in pSettings)
+			{
+				if (typeof(pSettings[k]) === 'object')
+				{
+					resolve_env(pSettings[k]);
+				}
+				else if (typeof(pSettings[k]) === 'string')
+				{
+					if (pSettings[k].indexOf('${') >= 0)
+					{
+						//pick out and resolve env variables from the settings value.
+						var matches = matchAll(pSettings[k], /\$\{(.*?)\}/g).toArray();
+						matches.forEach((m)=>
+						{
+							//format: VAR_NAME|DEFAULT_VALUE
+							var parts = m.split('|');
+							var resolvedValue = process.env[parts[0]] || '';
+							if (!resolvedValue && parts.length>1)
+							{
+								resolvedValue = parts[1];
+							}
+							
+							pSettings[k] = pSettings[k].replace('${' + m + '}', resolvedValue);
+						});
+					}
+				}
+			}
+		}
+
 		// Merge some new object into the existing settings.
@@ -74,2 +107,3 @@ var merge = function(pSettings)
 			_Settings = libUnderscore.extend((typeof(_Settings) === 'object') ? _Settings : {}, (typeof(pSettings) === 'object') ? pSettings : {});
+			resolve_env(_Settings);
 			return _Settings;
@@ -130,2 +164,3 @@ };
 			fill: fill,
+			resolve_env: resolve_env,
 
@@ -132,0 +167,0 @@ new: createNew

test/ExampleSettings.json

@@ -18,2 +18,4 @@ {
 
+	"Environment": "${NOT_DEFAULT|default}-${USE_DEFAULT|default}",
+
 	"MySQL":
@@ -20,0 +22,0 @@ {

test/Fable-Settings_tests.js

@@ -170,2 +170,22 @@ /**
 				);
+				test
+				(
+					'resolve environment variables',
+					function()
+					{
+						process.env['NOT_DEFAULT'] = 'found_value';
+
+						var tmpFableSettings = require('../source/Fable-Settings.js').new(
+							{
+								DefaultConfigFile:__dirname+'/DefaultExampleSettings.json',
+								ConfigFile:__dirname+'/ExampleSettings.json'
+							});
+						Expect(tmpFableSettings).to.have.a.property('settings')
+							.that.is.a('object');
+						Expect(tmpFableSettings.settings).to.have.a.property('Environment')
+							.that.is.a('string');
+						Expect(tmpFableSettings.settings.Environment)
+							.to.equal('found_value-default');
+					}
+				);
 			}
@@ -172,0 +192,0 @@ );

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 2 instances in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Lines of code

397

increased by15.41%

Worsened metrics

Total package byte prevSize

16098

decreased by-12.65%

Dependency count

2

increased by100%

Number of package files

9

decreased by-43.75%

Number of low supply chain risk alerts

4

increased by100%

Number of medium supply chain risk alerts

1

increased byInfinity%

Dependency changes

• + Addedmatch-all@^1.2.5

• + Addedmatch-all@1.2.6(transitive)