New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

valid-config

Package Overview
Dependencies
Maintainers
1
Versions
3
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

valid-config

Define and validate configuration with json schema

latest
npmnpm
Version
1.0.2
Version published
Weekly downloads
3
-40%
Maintainers
1
Weekly downloads
 
Created
Source

valid-config

Define and validate configuration with an extended json schema.

Install

npm install --save valid-config

Usage

Inject env

const validConfig = require('valid-config');
process.env.FOO = 'bar';

const config = validConfig({
  type: 'object',
  properties: {
    foo: {
      type: 'string',
      env: 'FOO'
    }
  }
});

deepEqual(config, {
  foo: 'bar'
});

Load and merge

const validConfig = require('valid-config');
process.env.FOO = 'bar';

const configFile1 = {
  baz: 'xyz'
};

const configFile2 = {
  baz: 'jkw'
};

const config = validConfig({
  type: 'object',
  properties: {
    foo: {
      type: 'string',
      env: 'FOO'
    }
  }
}, configFile1, configFile2);

deepEqual(config, {
  foo: 'bar',
  baz: 'jkw'
});

Defaults

const validConfig = require('valid-config');
const config = validConfig({
  type: 'object',
  properties: {
    port: {
      type: 'number',
      env: 'PORT',
      default: 3000
    }
  }
});

deepEqual(config, {
  port: 3000
});

Env always takes precedence over the rest

process.env.PORT = '3001';

const configFile1 = {
  port: 8000
};

const validConfig = require('valid-config');
const config = validConfig({
  type: 'object',
  properties: {
    port: {
      type: 'number',
      env: 'PORT',
      default: 3000
    }
  }
});

deepEqual(config, {
  port: 3001
});

Normalize types

const validConfig = require('valid-config');
process.env.PORT = '3000';

const config = validConfig({
  type: 'object',
  properties: {
    port: {
      type: 'number',
      env: 'PORT'
    }
  }
});

deepEqual(config, {
  port: 3000
});

Load arrays from env

process.env.FOO = 'bar,baz';

const config = validConfig({
  type: 'object',
  properties: {
    foo: {
      type: 'array',
      items: {
        type: 'string'
      },
      env: 'FOO'
    }
  }
});

deepEqual(config, {
  foo: ['bar', 'baz']
});

Load arrays from env (specify the separator)

process.env.FOO = 'bar::baz';

const config = validConfig({
  type: 'object',
  properties: {
    foo: {
      type: 'array',
      items: {
        type: 'string'
      },
      env: 'FOO'
      envSeparator: '::'
    }
  }
});

deepEqual(config, {
  foo: ['bar', 'baz']
});

Validating required properties

throws(function() {
  validConfig({
    type: 'object',
    properties: {
      foo: {
        type: 'string',
        env: 'FOO'
      }
    },
    required: [
      'foo'
    ]
  });
});

Validating arrays

throws(function() {
  const configFile = {};

  validConfig({
    type: 'object',
    properties: {
      foo: {
        type: 'array',
        items: {
          type: 'string'
        },
        minItems: 1
      }
    }
  }, configFile);
});

FAQs

Package last updated on 23 May 2018

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign

Security News

Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign

Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.

By Sarah Gooding  -  Apr 03, 2026