Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
The npm-conf package is a Node.js library for managing configuration options. It allows you to define, retrieve, and manipulate configuration settings in a structured and consistent manner. This package is particularly useful for applications that require a robust configuration management system.
Define Configuration Defaults
This feature allows you to define default configuration settings. The defaults can be overridden by user-defined settings.
const Conf = require('npm-conf');
const conf = new Conf();
conf.defaults = { foo: 'bar', baz: 42 };
console.log(conf.get('foo')); // Output: 'bar'
Get and Set Configuration Values
You can easily set and retrieve configuration values using the set and get methods.
const Conf = require('npm-conf');
const conf = new Conf();
conf.set('foo', 'bar');
console.log(conf.get('foo')); // Output: 'bar'
Load Configuration from File
This feature allows you to load configuration settings from a JSON file, making it easy to manage configurations in a file-based format.
const Conf = require('npm-conf');
const conf = new Conf();
conf.loadFile('path/to/config.json');
console.log(conf.get('foo')); // Output depends on the content of config.json
Environment Variable Overrides
Configuration values can be overridden by environment variables, providing flexibility for different deployment environments.
const Conf = require('npm-conf');
const conf = new Conf();
process.env.npm_config_foo = 'baz';
console.log(conf.get('foo')); // Output: 'baz'
The 'config' package provides a more extensive configuration management system, supporting multiple configuration files for different environments, and allowing for hierarchical configurations. It is more feature-rich compared to npm-conf.
The 'rc' package is a simple configuration loader that supports configuration through command-line arguments, environment variables, and configuration files. It is more lightweight but less structured compared to npm-conf.
The 'dotenv' package loads environment variables from a .env file into process.env. It is focused on managing environment variables rather than a full configuration management system like npm-conf.
Get the npm config
$ npm install npm-conf
const npmConf = require('npm-conf');
const conf = npmConf();
conf.get('prefix')
//=> //=> /Users/unicorn/.npm-packages
conf.get('registry')
//=> https://registry.npmjs.org/
To get a list of all available npm
config options:
$ npm config list --long
Returns the npm
config.
Returns the default npm
config.
MIT © Kevin Mårtensson
FAQs
Get the npm config
We found that npm-conf demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.