Research
npm Malware Targets Telegram Bot Developers with Persistent SSH Backdoors
Malicious npm packages posing as Telegram bot libraries install SSH backdoors and exfiltrate data from Linux developer machines.
By Kush Pandya - Apr 18, 2025
You're Invited: Meet the Socket team at BSidesSF and RSAC - April 27 - May 1.RSVP →
properties-reader
Advanced tools
What is properties-reader?
The properties-reader npm package is a utility for reading and manipulating .properties files in Node.js. It allows you to load properties files, access and modify their values, and save changes back to the file.
What are properties-reader's main functionalities?
Load Properties File
This feature allows you to load a .properties file into a PropertiesReader object, making it easy to access and manipulate the properties within the file.
const PropertiesReader = require('properties-reader');
const properties = PropertiesReader('path/to/file.properties');Get Property Value
This feature allows you to retrieve the value of a specific property key from the loaded properties file.
const value = properties.get('some.property.key');
console.log(value);Set Property Value
This feature allows you to set or update the value of a specific property key in the loaded properties file.
properties.set('some.property.key', 'new value');Save Properties File
This feature allows you to save the changes made to the properties back to the file.
properties.save('path/to/file.properties');Get All Properties
This feature allows you to retrieve all properties as an object, making it easy to work with all the properties at once.
const allProperties = properties.getAllProperties();
console.log(allProperties);Other packages similar to properties-reader
dotenv
dotenv is a popular package for loading environment variables from a .env file into process.env. While it is primarily used for environment variables, it can also be used to manage configuration properties. Unlike properties-reader, dotenv focuses on environment variables and does not provide methods for manipulating the properties after loading them.
config
config is a configuration management package for Node.js that allows you to define configuration settings for your application in a variety of formats, including .json, .yaml, and .properties files. It provides a more comprehensive solution for managing application configurations compared to properties-reader, which is focused solely on .properties files.
nconf
nconf is a hierarchical configuration manager for Node.js that supports multiple configuration sources such as command-line arguments, environment variables, and files (including .json and .properties). It offers more flexibility and features compared to properties-reader, making it suitable for complex configuration management needs.
Properties-Reader
An ini file compatible properties reader for Node.JS
Installation
The easiest installation is through NPM:
npm install properties-reader
API
Read properties from a file:
var propertiesReader = require('properties-reader');
var properties = propertiesReader('/path/to/properties.file');
The properties are then accessible either by fully qualified name, or if the property names are in dot-delimited notation, they can be access as an object:
// fully qualified name
var property = properties.get('some.property.name');
// by object path
var property = properties.path().some.property.name;
To read more than one file, chain calls to the .append() method:
properties.append('/another.file').append('/yet/another.file');
To read properties from a string, use the .read() method:
properties.read('some.property = Value \n another.property = Another Value');
To set a single property into the properties object, use .set():
properties.set('property.name', 'Property Value');
When reading a .ini file, sections are created by having a line that contains just a section name in square
brackets. The section name is then prefixed to all property names that follow it until another section name is found
to replace the current section.
# contents of properties file
[main]
some.thing = foo
[blah]
some.thing = bar
// reading these back from the properties reader
properties.get('main.some.thing') == 'foo';
properties.get('blah.some.thing') == 'bar';
// looping through the properties reader
properties.each((key, value) => {
// called for each item in the reader,
// first with key=main.some.thing, value=foo
// next with key=blah.some.thing, value=bar
});
// get all properties at once
expect(properties.getAllProperties()).toEqual({
'main.some.thing': 'foo',
'blah.some.thing': 'bar',
})
Checking for the current number of properties that have been read into the reader:
var propertiesCount = properties.length;
The length is calculated on request, so if accessing this in a loop an efficiency would be achieved by caching the value.
When duplicate names are found in the properties, the first one read will be replaced with the later one.
To get the complete set of properties, either loop through them with the .each((key, value) => {}) iterator or
use the convenience method getAllProperties to return the complete set of flattened properties.
Saving changes
Once a file has been read and changes made, saving those changes to another file is as simple as running:
// async/await ES6
const propertiesReader = require('properties-reader');
const props = propertiesReader(filePath, {writer: { saveSections: true }});
await props.save(filePath);
// ES5 callback styles
props.save(filePath, function then(err, data) { ... });
// ES5 promise style
props.save(filePath).then(onSaved, onSaveError);
To output the properties without any section headings, set the saveSections option to false
Data Types
Properties will automatically be converted to their regular data types when they represent true/false or numeric
values. To get the original value without any parsing / type coercion applied, use properties.getRaw('path.to.prop').
FAQ / Breaking Changes
Duplicate Section Headings
From version 2.0.0 the default behaviour relating to multiple [section] blocks with the same name has changed
so combine the items of each same-named section into the one section. This is only visible when saving the items
(via reader.save()).
To restore the previous behaviour which would allow duplicate [...] blocks to be created, supply an appender
configuration with the property allowDuplicateSections set to true.
const propertiesReader = require('properties-reader');
const props = propertiesReader(filePath, 'utf-8', { allowDuplicateSections: true });
Contributions
If you find bugs or want to change functionality, feel free to fork and pull request.
2.3.0
Minor Changes
- c2f09ad: Fix prototype pollution when using
__proto__as a top-level property name. - b18c273: Update supported engines to drop support for legacy node versions - set support to 14+
Keywords
FAQs
Properties file reader for Node.js
The npm package properties-reader receives a total of 762,481 weekly downloads. As such, properties-reader popularity was classified as popular.
We found that properties-reader demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 23 Aug 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Python Tools Are Quickly Adopting the New pylock.toml Standard
pip, PDM, pip-audit, and the packaging library are already adding support for Python’s new lock file format.
By Sarah Gooding - Apr 18, 2025
Product
Go Support Is Now Generally Available
Socket's Go support is now generally available, bringing automatic scanning and deep code analysis to all users with Go projects.
By Peter van der Zee, Ryan Eberhardt - Apr 17, 2025