npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@strong-config/node

v1.3.1

Published

Simple & Secure Config Management for Node.js

Downloads

1,102

Readme

💪 Strong Config

https://strong-config.dev

Continuous Integration Coverage Status

Have you ever...

❓ ...struggled with config drift between local, staging, prod?

❓ ...forgot to update the production config after updating the development config?

❓ ...forgot to tell your teammates to update their local .env files after you made a change?

❓ ...worried about leaking secrets by accidentally pushing your .env files to GitHub?

❓ ...wished you could nest config values in your .env just like in a JavaScript object?

❓...had a CI build fail due to environment variable issues?

Strong Config is here to help!

Commit your configs to version-control safely and easily, for all your environments

Define your config in JSON or YAML instead of .env files

Nest your values for clearly structured config files

Validate your config against a JSON Schema to catch config errors early

Encrypt your secrets with strong cryptography. Fully encrypted at rest and only decrypted in-memory at runtime.

Safeguard your config through git hooks. Ensure config is both valid and encrypted before committing and pushing.

Easy integration with the most popular cloud key management services AWS KMSGoogle Cloud KMS, and Azure Key Vault. Powered by Mozilla's SOPS.

Enforce environment-specific permissions via your KMS. Decide who can encrypt and decrypt configs for which environments. For example, you could allow all engineers to decrypt your staging config, but restrict the production config to fewer people.

Auto-generate TypeScript types for your config (requires a JSON Schema)

Example config before encryption

# A top-level config value which will be available to your application as `config.logger`
logger:
  # A nested value which will be available as `config.logger.level`
  level: DEBUG

auth:
  apiClientId: non-secret-client-id
  # A secret. Every key with a 'Secret' suffix will be encrypted by Strong Config (e.g. 'encryptMeSecret')
  apiSecret: top-secret-api-credential

# A dynamic value that will be substituted at runtime with the value of the environment variable $SHELL
shell: ${SHELL}

Example config after encryption

logger:
  # This value remains as is because it doesn't have a 'Secret' suffix
  level: DEBUG

auth:
  apiClientId: non-secret-client-id
  # This is now encrypted and safe to commit into version control :)
  apiSecret: ENC[AES256_GCM,data:aeQ+hlVIah7WyJoVR/Jbkb6GLH7ihsV0D81+U++pkiWD0zeoRL/Oe9Q3Tz6j/TNvKKVDnohIMyw3UVjELOuSY+A==,iv:nVRZWogV4B7o=,tag:KrE2jssfP4uCvqq+pc/JyQ==,type:str]

# Also still the same value which will be substituted only at runtime
shell: ${SHELL}

# The below section is auto-generated by sops and contains important metadata to
# decrypt the config at runtime. Do not manually edit or delete this section.
sops:
  gcp_kms:
    - resource_id: projects/my-project/locations/europe-west2/keyRings/my-project-key-ring/cryptoKeys/my-strong-config-key
      created_at: '2020-01-07T10:11:12Z'
      enc: AiAAmdAgj1dw1XdD2MsVpvmA4Deo867hmcX2B3NDhe9BCF2axuZ18hJJFK9oBlE1BrD70djwqi+L8T+NRNVnGUP+1//w8cJATAfJ8W/cQZFcdFTqjezC+VYv9xYI8i1bRna4xfFo/INIJtFDR38ZH1nrQg==
  lastmodified: '2020-01-07T10:11:12Z'
  mac: ENC[AES256_GCM,data:ABcd1EF2gh3IJKl4MNOpQr5stuvWXYz6sBCDEfGhIjK=,iv:A1AaAAAaa111a1Aa111AA/aaaAaaAAaa+aAaAaAAAaA=,tag:AAaaA1a1aaaAa/aa11AaaA==,type:str]
  encrypted_suffix: Secret
  version: 3.5.0

Quickstart

For the full documentation, check https://strong-config.dev. Here's a short teaser:

  1. Install @strong-config/node and the SOPS binary.

    npm install @strong-config/node
    # or
    yarn add @strong-config/node

    Sidenote: The Sops Binary After package installation, Strong Config automatically runs a postinstall script that checks for availability of the sops binary on your system. If it can't find the sops binary, it will try to download it to node_modules/.bin/sops which is always part of $PATH when you yarn run or npm run scripts. Alternatively, you can also install sops globally via brew install sops (macOS). For other systems check the official sops releases on GitHub.

  2. Create a config file

    # By default, strong-config uses the ./config folder.
    # You can configure this to be a different folder via the options
    mkdir config
    
    # We'll use YAML here, but this could also JSON
    echo "myFirstConfig: strong" > config/development.yml
    echo "myFirstSecret: a development secret" >> config/development.yml
  3. Load config in your application code

    /* src/config.js */
    
    const StrongConfig = require('@strong-config/node')
    
    // Instantiate StrongConfig, then decrypt and load config file
    const config = new StrongConfig().getConfig()
    
    // This will print "{ myFirstConfig: 'strong' }" to the console
    console.log(config)
    
    /*
     * OPTIONAL (but recommended)
     * Call `new StrongConfig()` just once in your application, then export the memoized config for other files to use.
     * If you call `new StrongConfig()` again from another file, it would still work, but would re-instantiate a new
     * StrongConfig instance and load the config file from disk again which is slower than loading it from memory.
     */
    module.exports = config
  4. Run your app

    strong-config relies on the NODE_ENV environment variable to determine which config file to load. For example, setting NODE_ENV=development will load ./config/development.yaml

    # Set the environment variable
    NODE_ENV=development yarn start # or `NODE_ENV=development npm start

    If you used our example code from the previous step, the config should now be printed to the terminal 💪.

  5. Check the Strong Config website for more documentation

    Check out the full documentation on https://strong-config.dev to learn how to:

    • Encrypt your config
    • Validate your config against a schema
    • Generate TypeScript types for your config

    ...and more :)