Security News
The Unpaid Backbone of Open Source: Solo Maintainers Face Increasing Security Demands
Solo open source maintainers face burnout and security challenges, with 60% unpaid and 60% considering quitting.
It can load a yaml file based on NODE_ENV or passed env (or using development as default). It uses ursa for encryption.
It can deep merge default
section and env
section of your yaml perfectly.
You can have yaml file
default:
username: Admin
password: Password
days:
- Monday
- Tuesday
- Friday
devices:
android: true
ios: false
development:
password: local
devices:
ios: true
production:
password: decrypt(A7YzqIBjGgXWKA9yl81hgSal7djwBuXK5nBS15JswtzyxKWXilS8buiTZ2XqK9czq)
configs = Yml.load 'config.yml'
# { username: 'Admin', password: 'local', days: ['Monday', 'Tuesday', 'Friday'], devices: { android: true, ios: true } }
configs = Yml.load 'config.yml', 'production', { key: 'security.key.pem' }
# { username: 'Admin', password: 'decrypted_pass', days: ['Monday', 'Tuesday', 'Friday'], devices: { android: true, ios: false } }
If you have defined NODE_ENV in your system, you dont need to pass the env parameter.
# if NODE_ENV = 'production' is set in server, these lines have same result
configs = Yml.load 'config.yml', { key: 'security.key.pem' }
configs = Yml.load 'config.yml', 'production', { key: 'security.key.pem' }
# { username: 'Admin', password: 'decrypted_pass', days: ['Monday', 'Tuesday', 'Friday'], devices: { android: true, ios: false } }
You should create public/private keys with a command like this:
openssl rsa -in security.key.pem -pubout -out security.pub
You can store public key in the machine which responsible for generating the encrypted information. And use private key in the machine which should load the .yml
file.
You can use the helper method provided in the library to generate the encrypted phrase, instead of storing the password or critical information.
Yml = require 'yml'
Yml.encrypt 'password', 'security.pub'
# A7YzqIBjGgXWKA9yl81hgSal7djwBuXK5nBS15JswtzyxKWXilS8buiTZ2XqK9czq
# You can store this value in your .yml file
You can read more about encryption here.
FAQs
Read Yaml files based on NODE_ENV or passed env + support for encryption
The npm package yml receives a total of 1,245 weekly downloads. As such, yml popularity was classified as popular.
We found that yml demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Solo open source maintainers face burnout and security challenges, with 60% unpaid and 60% considering quitting.
Security News
License exceptions modify the terms of open source licenses, impacting how software can be used, modified, and distributed. Developers should be aware of the legal implications of these exceptions.
Security News
A developer is accusing Tencent of violating the GPL by modifying a Python utility and changing its license to BSD, highlighting the importance of copyleft compliance.