Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Hierarchical node.js configuration with files, environment variables, command-line arguments, and atomic object merging.
nconf is a hierarchical node.js configuration with support for multiple sources. It allows you to manage configuration settings for your application from various sources such as command-line arguments, environment variables, files, and even custom sources.
Loading Configuration from Command-Line Arguments
This feature allows you to load configuration settings from command-line arguments. The `argv` method parses the command-line arguments and makes them available through the `nconf` object.
const nconf = require('nconf');
nconf.argv();
console.log(nconf.get('someArg'));
Loading Configuration from Environment Variables
This feature allows you to load configuration settings from environment variables. The `env` method reads the environment variables and makes them accessible through the `nconf` object.
const nconf = require('nconf');
nconf.env();
console.log(nconf.get('NODE_ENV'));
Loading Configuration from a File
This feature allows you to load configuration settings from a file. The `file` method reads the specified file and makes its contents available through the `nconf` object.
const nconf = require('nconf');
nconf.file({ file: 'config.json' });
console.log(nconf.get('database:host'));
Setting Default Values
This feature allows you to set default configuration values. The `defaults` method sets the default values that will be used if no other source provides a value for a given key.
const nconf = require('nconf');
nconf.defaults({ 'port': 3000 });
console.log(nconf.get('port'));
Overriding Configuration Values
This feature allows you to override configuration values. The `overrides` method sets values that will take precedence over any other source.
const nconf = require('nconf');
nconf.overrides({ 'port': 8080 });
console.log(nconf.get('port'));
The `config` package provides a way to manage configuration files for your Node.js application. It supports different configurations for different deployment environments and allows for hierarchical configurations. Compared to nconf, `config` is more focused on file-based configurations and environment-specific settings.
The `dotenv` package loads environment variables from a `.env` file into `process.env`. It is simpler and more lightweight compared to nconf, focusing solely on environment variables and not supporting other sources like command-line arguments or JSON files.
The `convict` package provides a way to define a schema for your configuration and validate it. It supports multiple sources like environment variables and JSON files, similar to nconf. However, `convict` adds the ability to define a schema and validate the configuration against it, which nconf does not provide.
Hierarchical node.js configuration with files, environment variables, command-line arguments, and atomic object merging.
Using nconf is easy; it is designed to be a simple key-value store with support for both local and remote storage. Keys are namespaced and delimited by :
. Let's dive right into sample usage:
var fs = require('fs'),
nconf = require('nconf');
//
// Setup nconf to use (in-order):
// 1. Command-line arguments
// 2. Environment variables
// 3. A file located at 'path/to/config.json'
//
nconf.argv()
.env()
.file({ file: 'path/to/config.json' });
//
// Set a few variables on `nconf`.
//
nconf.set('database:host', '127.0.0.1');
nconf.set('database:port', 5984);
//
// Get the entire database object from nconf. This will output
// { host: '127.0.0.1', port: 5984 }
//
console.log('foo: ' + nconf.get('foo'));
console.log('NODE_ENV: ' + nconf.get('NODE_ENV'));
console.log('database: ' + nconf.get('database'));
//
// Save the configuration object to disk
//
nconf.save(function (err) {
fs.readFile('path/to/your/config.json', function (err, data) {
console.dir(JSON.parse(data.toString()))
});
});
If you run the above script:
$ NODE_ENV=production sample.js --foo bar
The output will be:
foo: bar
NODE_ENV: production
database: { host: '127.0.0.1', port: 5984 }
Configuration management can get complicated very quickly for even trivial applications running in production. nconf
addresses this problem by enabling you to setup a hierarchy for different sources of configuration with no defaults. The order in which you attach these configuration sources determines their priority in the hierarchy. Lets take a look at the options available to you
process.argv
using yargs. If options
is supplied it is passed along to yargs.process.env
into the hierarchy.A sane default for this could be:
var nconf = require('nconf');
//
// 1. any overrides
//
nconf.overrides({
'always': 'be this value'
});
//
// 2. `process.env`
// 3. `process.argv`
//
nconf.env().argv();
//
// 4. Values in `config.json`
//
nconf.file('/path/to/config.json');
//
// Or with a custom name
// Note: A custom key must be supplied for hierarchy to work if multiple files are used.
//
nconf.file('custom', '/path/to/config.json');
//
// Or searching from a base directory.
// Note: `name` is optional.
//
nconf.file(name, {
file: 'config.json',
dir: 'search/from/here',
search: true
});
//
// 5. Any default values
//
nconf.defaults({
'if nothing else': 'use this value'
});
The top-level of nconf
is an instance of the nconf.Provider
abstracts this all for you into a simple API.
Adds a new store with the specified name
and options
. If options.type
is not set, then name
will be used instead:
nconf.add('supplied', { type: 'literal', store: { 'some': 'config' });
nconf.add('user', { type: 'file', file: '/path/to/userconf.json' });
nconf.add('global', { type: 'file', file: '/path/to/globalconf.json' });
Similar to nconf.add
, except that it can replace an existing store if new options are provided
//
// Load a file store onto nconf with the specified settings
//
nconf.use('file', { file: '/path/to/some/config-file.json' });
//
// Replace the file store with new settings
//
nconf.use('file', { file: 'path/to/a-new/config-file.json' });
Removes the store with the specified name.
The configuration stored at that level will no longer be used for lookup(s).
nconf.remove('file');
A simple in-memory storage engine that stores a nested JSON representation of the configuration. To use this engine, just call .use()
with the appropriate arguments. All calls to .get()
, .set()
, .clear()
, .reset()
methods are synchronous since we are only dealing with an in-memory object.
nconf.use('memory');
Responsible for loading the values parsed from process.argv
by yargs
into the configuration hierarchy. See the yargs option docs for more on the option format.
//
// Can optionally also be an object literal to pass to `yargs`.
//
nconf.argv({
"x": {
alias: 'example',
describe: 'Example description for usage generation',
demand: true,
default: 'some-value'
}
});
Responsible for loading the values parsed from process.env
into the configuration hierarchy.
//
// Can optionally also be an Array of values to limit process.env to.
//
nconf.env(['only', 'load', 'these', 'values', 'from', 'process.env']);
//
// Can also specify a separator for nested keys (instead of the default ':')
//
nconf.env('__');
// Get the value of the env variable 'database__host'
var dbHost = nconf.get('database:host');
//
// Or use all options
//
nconf.env({
separator: '__',
match: /^whatever_matches_this_will_be_whitelisted/
whitelist: ['database__host', 'only', 'load', 'these', 'values', 'if', 'whatever_doesnt_match_but_is_whitelisted_gets_loaded_too']
});
var dbHost = nconf.get('database:host');
Loads a given object literal into the configuration hierarchy. Both nconf.defaults()
and nconf.overrides()
use the Literal store.
nconf.defaults({
'some': 'default value'
});
Based on the Memory store, but provides additional methods .save()
and .load()
which allow you to read your configuration to and from file. As with the Memory store, all method calls are synchronous with the exception of .save()
and .load()
which take callback functions. It is important to note that setting keys in the File engine will not be persisted to disk until a call to .save()
is made. Note a custom key must be supplied as the first parameter for hierarchy to work if multiple files are used.
nconf.file('path/to/your/config.json');
// add multiple files, hierarchically. notice the unique key for each file
nconf.file('user', 'path/to/your/user.json');
nconf.file('global', 'path/to/your/global.json');
The file store is also extensible for multiple file formats, defaulting to JSON
. To use a custom format, simply pass a format object to the .use()
method. This object must have .parse()
and .stringify()
methods just like the native JSON
object.
If the file does not exist at the provided path, the store will simply be empty.
There is a separate Redis-based store available through nconf-redis. To install and use this store simply:
$ npm install nconf
$ npm install nconf-redis
Once installing both nconf
and nconf-redis
, you must require both modules to use the Redis store:
var nconf = require('nconf');
//
// Requiring `nconf-redis` will extend the `nconf`
// module.
//
require('nconf-redis');
nconf.use('redis', { host: 'localhost', port: 6379, ttl: 60 * 60 * 1000 });
curl http://npmjs.org/install.sh | sh
[sudo] npm install nconf
There is more documentation available through docco. I haven't gotten around to making a gh-pages branch so in the meantime if you clone the repository you can view the docs:
open docs/nconf.html
Tests are written in vows and give complete coverage of all APIs and storage engines.
$ npm test
FAQs
Hierarchical node.js configuration with files, environment variables, command-line arguments, and atomic object merging.
The npm package nconf receives a total of 792,534 weekly downloads. As such, nconf popularity was classified as popular.
We found that nconf demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.