Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
ngx-envconfig
Advanced tools
Configuration utility for Angular app.
npm install ngx-envconfig --save
ng build --env=dev
builds for development environment. This is the default if you don't specify env value.ng build --env=staging
builds for staging environment.ng build --env=prod
builds for production environment.ConfigModule
has forRoot()
function which accepts {state: string}
object. Based on the provided state
value, it will load the approprate *.json
config file. It assumes that configuration json files are located under ./src/assets/config
folder. Angular will bootstrap the app, only after the configuration *.json
file is loaded.
propertyName
config file.true
if environment is development, otherwhise false
"API_ENDPOINTS"
object in cofig file, which provides the list of available API endpoints and "HOST_API"
which is the API's host URL. Returns API endpoint from "API_ENDPOINTS"
by concatenating it with "HOST_API"
./config
folder under /assets
directory/assets/config
folder.// src/assets/config/development.json
{
"HOST_API": "http://development.server.com",
"API_ENDPOINTS": {
"USER": "/api/v1/user"
}
}
// src/assets/config/staging.json
{
"HOST_API": "http://staging.server.com",
"API_ENDPOINTS": {
"USER": "/api/v1/user"
}
}
// src/assets/config/production.json
{
"HOST_API": "http://production.server.com",
"API_ENDPOINTS": {
"USER": "/api/v1/user"
}
}
// src/app/app.module.ts
import { NgModule } from '@angular/core';
import { ConfigModule, ConfigService } from './config/config.service';
@NgModule({
imports: [
ConfigModule.forRoot({state: 'development'})
...
],
providers: [
...
Your Providers
...
]
})
export class AppModule { }
// src/app/app.component.ts
import { Component } from '@angular/core';
import { ConfigService } from 'ngx-envconfig';
@Component({
selector: 'app-root',
templateUrl: './app.component.html',
styleUrls: ['./app.component.css']
})
export class AppComponent {
constructor(private configService: ConfigService){
console.log(configService.get('HOST_API'))
// prints: http://development.server.com
console.log(configService.getApi('USERS'))
// prints: http://development.server.com/api/v1/users
}
}
Add the following snippet to .angular-cli.json
file.
"environmentSource": "environments/environment.ts",
"environments": {
"dev": "environments/environment.ts",
"prod": "environments/environment.prod.ts",
"staging": "environments/environment.staging.ts"
}
Create the following files under /environments
folder.
// ./environments/environment.prod.ts
export const environment = {
state: 'production'
};
// ./environments/environment.staging.ts
export const environment = {
state: 'staging'
};
// ./environments/environment.ts
export const environment = {
state: 'development'
};
Then you can add environment value to ConfigModule
like this:
// src/app/app.module.ts
import { NgModule } from '@angular/core';
import { ConfigModule, ConfigService } from 'ngx-envconfig';
import { environment } from '../src/environments/environment'; // <-- add this line
@NgModule({
imports: [
ConfigModule.forRoot(environment) // <-- pass environment variable
...
],
providers: [
...
Your Providers
...
]
})
export class AppModule { }
FAQs
Configuration utility for Angular app based on the environment variables
The npm package ngx-envconfig receives a total of 29 weekly downloads. As such, ngx-envconfig popularity was classified as not popular.
We found that ngx-envconfig demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.