Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Utility for mananging node development environments.
npm i nenv --save
var env = require('nenv')();
if(!env.defined) {
// do something when no environment was specified
// maybe: env.set(env.DEVEL) or whichever default you want
}else if(!env.valid) {
// do something when the specified environment is invalid
}else if(env.test) {
// do something for test environment
}
function nenv([environments, get, set])
environments
: Array or object of custom environments, if not specified the defaults
are used.get
: A custom function for getting the environment value (optional).set
: A custom function for setting the environment value (optional).Determines if an environment value is valid. Returns false
if the supplied value is invalid or the string key for the environment if the value is a known environment alias.
If no value is supplied then env.value
is used which allows testing whether the default value is valid by calling with no arguments.
The value returned from get()
when nenv()
was called, the initial environment value.
Boolean that determines whether env.value
is a recognised environment.
Determines whether an initial value (env.value
) was defined.
Get the current value of the environment, the default implementation returns process.env.NODE_ENV
.
Set the current value of the environment, the default implementation returns false
if the supplied value is not a known environment alias otherwise a function that may be called to revert to the previous value.
Array of environment keys.
Map of environment keys to arrays of string aliases for the environment.
Return an object suitable for passing to JSON.stringify
.
Default values to use.
['test', 'devel', 'stage', 'production'];
A cache created the first time nenv()
was invoked. Typically you would always want to share the same environment query:
var nenv = require('nenv')
, env = nenv()
, newenv = nenv()
// bypass cache and get a new query function using defaults
, altenv = nenv(true);
console.log(env === newenv);
console.log(env === altenv);
You can bypass the cached instance by passing arguments to nenv()
or alternatively you could delete nenv.cache
to force a new query to be created.
Default get
function.
Default set
function.
Pass an object or array to define your available environments. Passing an object allows specifying multiple keys as aliases for the environment, useful to alias shortcuts for longer environment identifiers.
var nenv = require('nenv');
console.dir(nenv(['test', 'dev', 'stage']));
console.dir(nenv({production: ['production', 'pro'], dev: 'dev', test: 'test'}));
Use a fallback value by supplying a get
function:
var nenv = require('nenv');
function fallback() {
return process.env.NODE_ENV || this.PRODUCTION;
}
var env = nenv(fallback);
console.dir(env);
Or apply override logic to prefer another variable:
var nenv = require('nenv');
function override() {
return process.env.ENV || process.env.NODE_ENV;
}
var env = nenv(override);
console.dir(env);
See defaults.js.
var env = require('./')()
, str = JSON.stringify(env.jsonify(), undefined, 2);
process.stdout.write(str);
Executed with NODE_ENV=devel
, yields:
{
"TEST": "test",
"DEVEL": "devel",
"STAGE": "stage",
"PRODUCTION": "production",
"value": "devel",
"valid": true,
"defined": true,
"map": {
"test": [
"test"
],
"devel": [
"devel"
],
"stage": [
"stage"
],
"production": [
"production"
]
},
"keys": [
"test",
"devel",
"stage",
"production"
],
"test": false,
"devel": true,
"stage": false,
"production": false
}
Run the test specifications:
npm test
Generate the project readme file (requires mdp):
npm run readme
Everything is MIT. Read the license if you feel inclined.
Generated by mdp(1).
FAQs
Node development environment manager
The npm package nenv receives a total of 0 weekly downloads. As such, nenv popularity was classified as not popular.
We found that nenv demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.