Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Gofigure is a configuration tool for node to help in the gathering and monitoring of configuration files in node.
npm install gofigure
Gofigure currently handles the loading of JSON files for configurations.
To Get an instance of a configuration object use the gofigure
method. The gofigure
method takes an object that accepts the following options
ignoreMissing
: By default gofigure
will ignore missing directories. Set this to false to precent the ignoring of missing configuration directories.process.env.NODE_ENV
if this is not set then gofigure will read all properties. If you wish to explicity set the environment then set this property.defaultEnvironment
[*
]: The key that represents default values to be set when an environment is used.const gofigure = require('gofigure');
Load configurations from a directory
//Loader for directory of configurations
const loader = gofigure({
locations : [path.resolve(__dirname, 'configs')]
});
Load configurations from a files.
const loader = gofigure({
locations : [path.resolve(process.env.HOME, 'configs/config1.json'), path.resolve(__dirname, 'config1.json')]
});
You can load configurations asynchronously
loader.load().then((config) => {
const { PORT, HOST } = config;
});
or synchronously
const loader = gofigure({locations : [path.resolve(__dirname, 'configs')]});
const config = loader.loadSync();
To load directories that contain configuration files in the options object provide locations property that is an array of directories than contain your configurations.
const gofigure = require('gofigure');
const loader = gofigure({ locations : [ path.resolve(__dirname, 'configs') ] });
loader.load().then((config) => {
const { PORT, HOST } = config;
});
The order of the locations matter as it defines a precedence for files. For example suppose you have a directory of default configuration files, and on production you want to override those configuration with environment specific configurations with out changing your module or source controlled files.
const gofigure = require('gofigure');
const loader = gofigure({ locations : [ '/prod/confgis', path.resolve(__dirname, 'configs') ] });
loader.load().then((config) => {
const { PORT, HOST } = config;
});
Here any production configuration files found in /prod/configs
will override the properties in path.resolve(__dirname, 'configs')
.
Another use case might be in development where you have default properties and instead of altering the source controlled files the developer can override them by putting them in their home directory.
const gofigure = require('gofigure');
const HOME = process.env.HOME;
const loader = gofigure({ locations : [ path.resolve(HOME, 'yourApp/configs'), path.resolve(__dirname, 'configs') ] });
loader.load().then((config) => {
const { PORT, HOST } = config;
});
You may also load specific files rather than entire directories.
const gofigure = require('gofigure');
const loader = gofigure({ locations : [ '/prod/configs/config1.json', path.resolve(__dirname, 'config1.json') ] });
loader.load().then((config) => {
const { PORT, HOST } = config;
});
Again order matters /prod/configs/config1.json
will override path.resolve(__dirname, '/config.json')
Gofigure supports the monitoring of changes to configuration files.
To enable monitoring you can specify monitor to true in the options.
const gofigure = require('gofigure');
const loader = gofigure({
monitor : true,
locations : [
'/prod/configs/config1.json',
path.resolve(__dirname , '/config.json'),
],
});
const config = loader.loadSync();
loader.on('my.cool.property', (newValue) => {
//the property has changed do something with it
});
To monitor certain files you can use the files property and with object that have a monitor : true
KV pair.
const path = require('path');
const gofigure = require('gofigure');
const loader = gofigure({locations : [
{
file : '/prod/configs/config1.json',
monitor : true
},
path.resolve(__dirname, 'config.json')
]});
const config = loader.loadSync();
loader.on('my.cool.property', (newValue) => {
//...do something
});
Just config1.json
will be monitored for changes.
To listen to all properties
loader.on((config) => {
//...do something
});
loader.on((nameOfPropertyChanged, config) => {
//...do something
});
loader.on((nameOfPropertyChanged, value, config) => {
//...do something
});
To listen to specific properties
loader.on('my.cool.property', (newValue) => {
//...do something
});
loader.on('my.cool.property', (newValue, config) => {
//...do something
});
loader.on('my.cool.property', (nameOfPropertyChanged, value, config) => {
//...do something
});
Wild cards
//listen to any property changed on the my.cool object
loader.on("my.cool.*", (propName, newValue) => {
//...do something
});
//listen to the change of a property named 'property' on any object
//that is a member of my
loader.on("my.*.property", (propName, newValue) => {
//...do something
});
//listen to the change of a property named 'property' that is
//a member of a property called cool
loader.on("*.cool.property", (propName, newValue) => {
//...do something
});
//listen to the change of property or otherProperty on the my.cool object.
loader.on("my.cool.{property|otherProperty}", (propName, newValue) => {
//...do something
});
//listen to the change of property or otherProperty on the my cool or
//notCool object.
loader.on("my.{cool|notCool}.{property|otherProperty}", (propName, newValue) => {
//...do something
});
The property change callback will pass in the following values depending on the arity of the callback.
If 1 argument is expected then just the callback invoked with the new value is a.
loader.on('my.cool.property', (newValue) => {
//...do something
});
If two arguments are expected then it is invoked with the property name and the new value.
loader.on('my.cool.property', (propName, newValue) => {
//...do something
});
Other wise the callback is invoked with the propertyName, newValue and the configuration object.
loader.on('my.cool.property', (propName, newValue, configObject) => {
//...do something
});
gofigure
supports the replacement of environment variables in the configurations usings the following syntax.
${ENV_VARIABLE_NAME}
- Sets the value to process.env.ENV_VARIABLE_NAME
or ''
if it is unset${ENV_VARIABLE_NAME:-default}
- Evaluates to the default value if the ENV_VARIABLE_NAME
is unset or empty${ENV_VARIABLE_NAME-default}
- Evaluates to the default value if the ENV_VARIABLE_NAME
is unset${ENV_VARIABLE_NAME:?err}
- Throws an error with the message if ENV_VARIABLE_NAME
is unset or empty${ENV_VARIABLE_NAME?err}
- Throws an error with the message if ENV_VARIABLE_NAME
is unsetYou can use $$
if you want to ignore a substitution $${SOME_VALUE}
.
Given the following config
{
"a": "${ENV_VAR_A}",
"b" : {
"c": "${ENV_VAR_B:-b.c}"
},
"arr": ["${ARR_INDEX_0}", "${ARR_INDEX_1}"],
"arrWithObjects": [
{ "value": "${ARR_INDEX_0}" },
{ "value": "${ARR_INDEX_1}" }
]
}
And the following environemnt
ENV_VAR_A=a
ENV_VAR_B=
ARR_INDEX_0=zero
ARR_INDEX_1=one
Would produce
{
"a": "a",
"b" : {
"c": "b.c"
},
"arr": ["zero", "one"],
"arrWithObjects": [
{ "value": "zero" },
{ "value": "one" }
]
}
Reserved Property Names
The following environment names are reserved and not be used when process.env.NODE_ENV or environment
is set.
*
type
gofigure
also supports environments, by default it will look for NODE_ENV
and if it is set then it will use it.
The following is an example configuration file
{
"development": {
"logging":{
"level": "DEBUG"
},
"app" : {
"host" : "localhost",
"port" : "8088"
},
"MYSQL_DB" : "mysql://test:testpass@localhost:3306/db",
"MONGO_DB" : "mongodb://test:testpass@localhost:27017/db"
},
"production": {
"logging":{
"level": "ERROR"
},
"app" : {
"host" : "prod.mydomain.com",
"port" : "80"
},
"MYSQL_DB" : "mysql://test:testpass@prod.mydomain.com:3306/prod_db",
"MONGO_DB" : "mongodb://test:testpass@prod.mydomain.com:27017/prd_db"
},
"test": {
"logging":{
"level": "WARN"
},
"app" : {
"host" : "test.mydomain.com",
"port" : "80"
},
"MYSQL_DB" : "mysql://test:testpass@test.mydomain.com:3306/test_db",
"MONGO_DB" : "mongodb://test:testpass@test.mydomain.com:27017/test_db"
}
}
To load just the development properties set the environment
to development.
const gofigure = require('gofigure');
const loader = gofigure({
files : [__dirname + "/config-env.json"],
environment : "development"
});
loader.on("MYSQL_DB", (uri) => {
//connect to database
});
loader.on("MONGO_DB", (uri) => {
//connect to mongo
})
loader.on("logging", (logging) => {
//set up logging
})
loader.on("app", (app) => {
//set up your app
});
loader.load.then((config) => {
//use your config
});
You may also share properties across environments by using *
or overriding defaultEnvironment
when initializing.
{
"*": {
"logging": {
"level": "DEBUG"
},
"app" : {
"host" : "0.0.0.0",
"port" : "8088"
},
"MYSQL_DB" : "mysql://test:testpass@localhost:3306/db",
"MONGO_DB" : "mongodb://test:testpass@localhost:27017/db"
},
"production": {
"app" : {
"port" : "80"
},
"MYSQL_DB" : "mysql://test:testpass@prod.mydomain.com:3306/prod_db",
"MONGO_DB" : "mongodb://test:testpass@prod.mydomain.com:27017/prd_db"
},
"test": {
"app" : {
"port" : "80"
},
"MYSQL_DB" : "mysql://test:testpass@test.mydomain.com:3306/test_db",
"MONGO_DB" : "mongodb://test:testpass@test.mydomain.com:27017/test_db"
}
}
Now each environment only has to override properties specific to that env.
NOTE This is to used with NODE_ENV
.
NODE_TYPE
allows you to change configurations based on the type of app instance (node).
For example in production you could put your common configurations in the production
section of the config. And then add
additional configurations under a webapp
and workerQueue
config.
For example you could have have a config that looks like the following.
{
"production": {
"dbHost": "prod-db"
},
"development": {
"dbHost": "localhost"
},
"type":{
"production": {
"webapp": {
"port": 80
},
"workerQueue": {
"amqpHost": "msgs",
"numberOfWorkers": 8
}
},
"development": {
"webapp": {
"port": 8080
},
"workerQueue": {
"amqpHost": "localhost",
"numberOfWorkers": 1
}
}
}
}
If NODE_ENV=production
and NODE_TYPE=webapp
your config would
const loader = gofigure({ locations : [ 'path/to/config' ] });
const config = loader.loadSync();
console.log(config);
Your config would look like the following.
{
"dbHost": "prod-db",
"port": 80
}
Alternatively if NODE_ENV=production
and NODE_TYPE=workerQueue
your config would be.
{
"dbHost": "prod-db",
"amqpHost": "msgs",
"numberOfWorkers": 8
}
NODE_ENV=development
and NODE_TYPE=webapp
your config would be.
{
"dbHost": "localhost",
"port": 8080
}
NODE_ENV=development
and NODE_TYPE=workerQueue
your config would be.
{
"dbHost": "localhost",
"amqpHost": "localhost",
"numberOfWorkers": 1
}
MIT https://github.com/C2FO/gofigure/raw/master/LICENSE
git clone git://github.com/c2fo/gofigure.git
FAQs
Configuration library for node
The npm package gofigure receives a total of 112 weekly downloads. As such, gofigure popularity was classified as not popular.
We found that gofigure demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.