Security News
The Dark Side of Open Source
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
node-sp-auth-config-docx
Advanced tools
Readme
node-sp-auth-config
provides wizard-like approach for building and managing config files for node-sp-auth (Node.js to SharePoint unattended http authentication). Includes CLI for generating config files from a command prompt.
Versions supported:
Authentication options:
Config layer and auth support Office 365 Dedicated (SPO on a custom domain) as well.
npm install node-sp-auth-config --save
or install globally to use as CLI:
npm install node-sp-auth-config -g
sp-auth init --path ./config/private.config.json
sp-auth --help # for help about parameters
import { AuthConfig } from 'node-sp-auth-config';
const authConfig = new AuthConfig({
configPath: './config/private.json',
encryptPassword: true,
saveConfigOnDisk: true
});
authConfig.getContext()
.then((context) => {
console.log(JSON.stringify(context, null, 2));
// context.authOptions - node-sp-auth authentication options
})
.catch(console.warn);
const AuthConfig = require('node-sp-auth-config').AuthConfig;
const authConfig = new AuthConfig({
configPath: './config/private.json',
encryptPassword: true,
saveConfigOnDisk: true
});
authConfig.getContext()
.then((context) => {
console.log(JSON.stringify(context, null, 2));
// context.authOptions - node-sp-auth authentication options
})
.catch(console.warn);
Parameter | Default value | Description |
---|---|---|
configPath | './config/private.json ' | Path to auth config .json |
encryptPassword | true | Encrypt password to a machine-bind hash |
saveConfigOnDisk | true | Save config .json to disk |
forcePrompts | false | Force parameters prompts |
headlessMode | false | Prevents interactive prompts - for headless, CI/CD processes |
defaultConfigPath | empty | Path to .json config, parameters from which are placed as defaults |
authOptions | empty | Any valid node-sp-auth options |
When using in a headless mode, in case of missing parameters, one can expect non-interactive behavior with no prompts but graceful exit with corresponding error output.
This can be achieved by providing headlessMode
settings property is equal to true
.
The headless mode also automatically configured when NODE_ENV
(or SPAUTH_ENV
) environment variable is equal to production
.
All the parameters which are usually stored in private.json
can be defined also using environment variables. Environment variables started with SPAUTH_
prefix are recognized with the library. The second part of the name is an actual name of the node-sp-auth
credentials property yet in uppercase (e.g. SPAUTH_SITEURL
, SPAUTH_USERNAME
, SPAUTH_PASSWORD
).
Along with credentials props these service variables are used:
Variable | Description |
---|---|
NODE_ENV | When equal to production forces headlessMode . |
SPAUTH_ENV | When equal to production forces headlessMode . Overwrites NODE_ENV . |
SPAUTH_FORCE | Makes SPAUTH_{CREDENTIALS} variables take precedence over those possibly stored in private.json . |
Checkout this end-to-end sample.
FAQs
Config options builder for node-sp-auth (SharePoint Authentication in Node.js)
The npm package node-sp-auth-config-docx receives a total of 2 weekly downloads. As such, node-sp-auth-config-docx popularity was classified as not popular.
We found that node-sp-auth-config-docx demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
Research
Security News
The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.
Security News
OpenJS is warning of social engineering takeovers targeting open source projects after receiving a credible attempt on the foundation.