New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details
Socket
Book a DemoSign in
Socket
Book a DemoSign in

reverse-config

Package Overview
Dependencies
Maintainers
1
Versions
4
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

reverse-config

Reverse npm package config environment variables into an object.

latest
Source
npmnpm
Version
0.1.0
Version published
Maintainers
1
Created
Source

reverse-config npm version build status code climate

Reverse npm package config environment variables into an object.

Installation

$ npm install reverse-config

reverse-config, What is it Good For?

  • use built in npm functionality instead of homegrown configuration formats and parsers
  • selectively override configuration for local development in your ~/.npmrc

Essentially, this package is just syntactic sugar for reading npm_package_config_* properties from process.env.

Usage

var reverseConfig = require('reverse-config');
reverseConfig.get({string} [key])
  • if key is undefined, the entire configuration object is returned
  • if key is alphanumeric, it is used as property accessor for the configuration object
  • otherwise
    • all non-alphanumeric characters are replaced by underscores
    • consecutive underscores are collapsed to a single one
    • leading and trailing underscores are stripped
    • the remaining value is split with the underscore and used as a 'deep' property accessor
      • example: .get('@my.scoped/package') would try to access .my.scoped.message in the configuration object

Gotchas

The npm transformation of the package.json config object to environment variables is a destructive process.

Given either

{
  "config": {
    "foo": [
      42
    ]
  }
}

or

{
  "config": {
    "foo": {
      "0": 42
    }
  }
}

or

{
  "config": {
    "foo_0": "42"
  }
}

the resulting environment variable name is npm_package_config_foo_0, and its value the string '42'.

Rule of thumb: only use alphanumeric property names.

The useful exception would be package names used as config sections, e.g.

{
  "config": {
    "my_package": {},
    "@my.scope/my-package": {},
  }
}

Use with moderation and pretend to be a responsible adult.

Values

During reversion values are coerced with good faith as follows:

  • numeric string => {number}
  • 'true' => {boolean} true
  • 'false' => {boolean} false
  • 'null' => {null} null

In other words, you might face surprises if you use strings like "42", "true", "false" or "null" as property values in your package.json config object. Don't do that then!.

License

MIT

Keywords

build
config
env
npm

FAQs

Package last updated on 29 Sep 2015

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

NIST Officially Stops Enriching Most CVEs as Vulnerability Volume Skyrockets

Security News

NIST Officially Stops Enriching Most CVEs as Vulnerability Volume Skyrockets

NIST will stop enriching most CVEs under a new risk-based model, narrowing the NVD's scope as vulnerability submissions continue to surge.

By Sarah Gooding  -  Apr 17, 2026
Socket Selected for OpenAI's Cybersecurity Grant Program

Company News

/

Security News

Socket Selected for OpenAI's Cybersecurity Grant Program

Socket is an initial recipient of OpenAI's Cybersecurity Grant Program, which commits $10M in API credits to defenders securing open source software.

By Sarah Gooding  -  Apr 16, 2026