Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
node-environment-flags
Advanced tools
The node-environment-flags npm package is designed to manage and parse environment flags in Node.js applications. It provides a straightforward way to handle environment-specific configurations and settings, making it easier to manage development, testing, and production environments.
Parsing Environment Flags
This feature allows developers to parse environment flags easily. The code sample demonstrates how to retrieve the value of the 'NODE_ENV' environment variable using the node-environment-flags package.
const flags = require('node-environment-flags');
console.log(flags.get('NODE_ENV'));
Setting Environment Flags
This feature enables developers to set environment flags programmatically. The code sample shows how to set the 'DEBUG' environment variable to true.
const flags = require('node-environment-flags');
flags.set('DEBUG', true);
Dotenv is a popular npm package that loads environment variables from a .env file into process.env. It is similar to node-environment-flags in managing environment-specific settings but differs as it focuses on loading variables from files rather than parsing or setting them programmatically.
Cross-env allows you to set and use environment variables across platforms. It is similar to node-environment-flags in that it helps manage environment settings, but it is specifically designed to handle cross-platform differences in setting environment variables.
Polyfill/shim for
process.allowedNodeEnvironmentFlags
node-environment-flags is a rough polyfill and shim for process.allowedNodeEnvironmentFlags, which was introduced in Node.js v10.10.0.
Requires Node.js v6.0.0 or newer.
$ npm i node-environment-flags
If the current Node.js version is v10.10.0 or newer, the native implementation will be provided instead.
const nodeEnvironmentFlags = require('node-environment-flags');
nodeEnvironmentFlags.has('--require'); // true
require('node-environment-flags/shim')();
process.allowedNodeEnvironmentFlags.has('--require'); // true
process.allowedNodeEnvironmentFlags
provides in versions of Node.js prior to v10.10.0. Since process.allowedNodeEnvironmentFlags
is based on NODE_OPTIONS
(introduced in v8.0.0), the set of supported flags for versions older than v8.0.0 is highly theoretical.Copyright © 2018 Christopher Hiller. Licensed Apache-2.0.
FAQs
> Polyfill/shim for `process.allowedNodeEnvironmentFlags`
The npm package node-environment-flags receives a total of 1,249,198 weekly downloads. As such, node-environment-flags popularity was classified as popular.
We found that node-environment-flags demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.