Gathering detailed insights and metrics for conf
Installations
npm install confDeveloper Guide
BETA
Typescript
No
Module System
ESM
Min. Node Version
>=18
Node Version
23.3.0
NPM Version
10.9.0
Releases
38
Contributors
48
Unable to fetch Contributors
Languages
1
TypeScript
TypeScript (100%)
Developer
sindresorhus
Download Statistics
Total Downloads
147,520,908
Last Day
64,218
Last Week
395,281
Last Month
3,144,386
Last Year
42,666,749
GitHub Statistics
1,247 Stars
190 Commits
127 Forks
12 Watching
1 Branches
48 Contributors
Sponsor this package
Maintainers
1
Package Meta Information
Latest Version
13.1.0
Package Id
conf@13.1.0
Unpacked Size
46.34 kB
Size
11.72 kB
File Count
7
NPM Version
10.9.0
Node Version
23.3.0
Publised On
07 Dec 2024
Total Downloads
Cumulative downloads
Total Downloads
147,520,908
Last day
-13.6%
64,218
Compared to previous day
Last week
-43.9%
395,281
Compared to previous week
Last month
-34%
3,144,386
Compared to previous month
Last year
45.2%
42,666,749
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Versions
conf
Simple config handling for your app or module
All you have to care about is what to persist. This module will handle all the dull details like where and how.
It does not support multiple processes writing to the same store.
I initially made this tool to let command-line tools persist some data.
If you need this for Electron, check out electron-store instead.
Install
1npm install conf
Usage
1import Conf from 'conf'; 2 3const config = new Conf({projectName: 'foo'}); 4 5config.set('unicorn', '🦄'); 6console.log(config.get('unicorn')); 7//=> '🦄' 8 9// Use dot-notation to access nested properties 10config.set('foo.bar', true); 11console.log(config.get('foo')); 12//=> {bar: true} 13 14config.delete('unicorn'); 15console.log(config.get('unicorn')); 16//=> undefined
API
Changes are written to disk atomically, so if the process crashes during a write, it will not corrupt the existing config.
Conf(options?)
Returns a new instance.
options
Type: object
defaults
Type: object
Default values for the config items.
Note: The values in defaults will overwrite the default key in the schema option.
schema
Type: object
JSON Schema to validate your config data.
This will be the properties object of the JSON schema. That is, define schema as an object where each key is the name of your data's property and each value is a JSON schema used to validate that property.
Example:
1import Conf from 'conf'; 2 3const schema = { 4 foo: { 5 type: 'number', 6 maximum: 100, 7 minimum: 1, 8 default: 50 9 }, 10 bar: { 11 type: 'string', 12 format: 'url' 13 } 14}; 15 16const config = new Conf({ 17 projectName: 'foo', 18 schema 19}); 20 21console.log(config.get('foo')); 22//=> 50 23 24config.set('foo', '1'); 25// [Error: Config schema violation: `foo` should be number]
Note: The default value will be overwritten by the defaults option if set.
rootSchema
Type: object
Top-level properties for the schema, excluding properties field.
Example:
1import Conf from 'conf'; 2 3const store = new Conf({ 4 projectName: 'foo', 5 schema: { /* … */ }, 6 rootSchema: { 7 additionalProperties: false 8 } 9});
ajvOptions
Type: object
Under the hood, the JSON Schema validator ajv is used to validate your config. We use JSON Schema draft-2020-12 and support all validation keywords and formats.
Note: By default, allErrors and useDefaults are both set to true, but can be overridden.
Example:
1import Conf from 'conf'; 2 3const store = new Conf({ 4 projectName: 'foo', 5 schema: { /* … */ }, 6 rootSchema: { 7 additionalProperties: false 8 }, 9 ajvOptions: { 10 removeAdditional: true 11 } 12});
migrations
Type: object
Important: I cannot provide support for this feature. It has some known bugs. I have no plans to work on it, but pull requests are welcome.
You can use migrations to perform operations to the store whenever a project version is upgraded.
The migrations object should consist of a key-value pair of 'version': handler. The version can also be a semver range.
Example:
1import Conf from 'conf'; 2 3const store = new Conf({ 4 projectName: 'foo', 5 projectVersion: …, 6 migrations: { 7 '0.0.1': store => { 8 store.set('debugPhase', true); 9 }, 10 '1.0.0': store => { 11 store.delete('debugPhase'); 12 store.set('phase', '1.0.0'); 13 }, 14 '1.0.2': store => { 15 store.set('phase', '1.0.2'); 16 }, 17 '>=2.0.0': store => { 18 store.set('phase', '>=2.0.0'); 19 } 20 } 21});
Note: The version the migrations use refers to the project version by default. If you want to change this behavior, specify the
projectVersionoption.
beforeEachMigration
Type: Function
Default: undefined
The given callback function will be called before each migration step.
The function receives the store as the first argument and a context object as the second argument with the following properties:
fromVersion- The version the migration step is being migrated from.toVersion- The version the migration step is being migrated to.finalVersion- The final version after all the migrations are applied.versions- All the versions with a migration step.
This can be useful for logging purposes, preparing migration data, etc.
Example:
1import Conf from 'conf'; 2 3console.log = someLogger.log; 4 5const mainConfig = new Conf({ 6 projectName: 'foo1', 7 beforeEachMigration: (store, context) => { 8 console.log(`[main-config] migrate from ${context.fromVersion} → ${context.toVersion}`); 9 }, 10 migrations: { 11 '0.4.0': store => { 12 store.set('debugPhase', true); 13 }, 14 } 15}); 16 17const secondConfig = new Conf({ 18 projectName: 'foo2', 19 beforeEachMigration: (store, context) => { 20 console.log(`[second-config] migrate from ${context.fromVersion} → ${context.toVersion}`); 21 }, 22 migrations: { 23 '1.0.1': store => { 24 store.set('debugPhase', true); 25 }, 26 } 27});
configName
Type: string
Default: 'config'
Name of the config file (without extension).
Useful if you need multiple config files for your app or module. For example, different config files between two major versions.
projectName
Type: string
Required unless you specify the cwd option.
You can fetch the name field from package.json.
projectVersion
Type: string
Required if you specify the migration option.
You can fetch the version field from package.json.
cwd
Type: string
Default: System default user config directory
You most likely don't need this. Please don't use it unless you really have to. By default, it will pick the optimal location by adhering to system conventions. You are very likely to get this wrong and annoy users.
Overrides projectName.
The only use-case I can think of is having the config located in the app directory or on some external storage.
encryptionKey
Type: string | Uint8Array | TypedArray | DataView
Default: undefined
Note that this is not intended for security purposes, since the encryption key would be easily found inside a plain-text Node.js app.
Its main use is for obscurity. If a user looks through the config directory and finds the config file, since it's just a JSON file, they may be tempted to modify it. By providing an encryption key, the file will be obfuscated, which should hopefully deter any users from doing so.
When specified, the store will be encrypted using the aes-256-cbc encryption algorithm.
fileExtension
Type: string
Default: 'json'
Extension of the config file.
You would usually not need this, but could be useful if you want to interact with a file with a custom file extension that can be associated with your app. These might be simple save/export/preference files that are intended to be shareable or saved outside of the app.
clearInvalidConfig
Type: boolean
Default: false
The config is cleared if reading the config file causes a SyntaxError. This is a good behavior for unimportant data, as the config file is not intended to be hand-edited, so it usually means the config is corrupt and there's nothing the user can do about it anyway. However, if you let the user edit the config file directly, mistakes might happen and it could be more useful to throw an error when the config is invalid instead of clearing.
serialize
Type: Function
Default: value => JSON.stringify(value, null, '\t')
Function to serialize the config object to a UTF-8 string when writing the config file.
You would usually not need this, but it could be useful if you want to use a format other than JSON.
deserialize
Type: Function
Default: JSON.parse
Function to deserialize the config object from a UTF-8 string when reading the config file.
You would usually not need this, but it could be useful if you want to use a format other than JSON.
projectSuffix
Type: string
Default: 'nodejs'
You most likely don't need this. Please don't use it unless you really have to.
Suffix appended to projectName during config file creation to avoid name conflicts with native apps.
You can pass an empty string to remove the suffix.
For example, on macOS, the config file will be stored in the ~/Library/Preferences/foo-nodejs directory, where foo is the projectName.
accessPropertiesByDotNotation
Type: boolean
Default: true
Accessing nested properties by dot notation. For example:
1import Conf from 'conf'; 2 3const config = new Conf({projectName: 'foo'}); 4 5config.set({ 6 foo: { 7 bar: { 8 foobar: '🦄' 9 } 10 } 11}); 12 13console.log(config.get('foo.bar.foobar')); 14//=> '🦄'
Alternatively, you can set this option to false so the whole string would be treated as one key.
1import Conf from 'conf'; 2 3const config = new Conf({ 4 projectName: 'foo', 5 accessPropertiesByDotNotation: false 6}); 7 8config.set({ 9 `foo.bar.foobar`: '🦄' 10}); 11 12console.log(config.get('foo.bar.foobar')); 13//=> '🦄'
watch
type: boolean
Default: false
Watch for any changes in the config file and call the callback for onDidChange or onDidAnyChange if set. This is useful if there are multiple processes changing the same config file.
configFileMode
Type: number
Default: 0o666
The mode that will be used for the config file.
You would usually not need this, but it could be useful if you want to restrict the permissions of the config file. Setting a permission such as 0o600 would result in a config file that can only be accessed by the user running the program.
Note that setting restrictive permissions can cause problems if different users need to read the file. A common problem is a user running your tool with and without sudo and then not being able to access the config the second time.
Instance
You can use dot-notation in a key to access nested properties.
The instance is iterable so you can use it directly in a for…of loop.
.set(key, value)
Set an item.
The value must be JSON serializable. Trying to set the type undefined, function, or symbol will result in a TypeError.
.set(object)
Set multiple items at once.
.get(key, defaultValue?)
Get an item or defaultValue if the item does not exist.
.reset(...keys)
Reset items to their default values, as defined by the defaults or schema option.
Use .clear() to reset all items.
.has(key)
Check if an item exists.
.delete(key)
Delete an item.
.clear()
Delete all items.
This resets known items to their default values, if defined by the defaults or schema option.
.onDidChange(key, callback)
callback: (newValue, oldValue) => {}
Watches the given key, calling callback on any changes.
When a key is first set oldValue will be undefined, and when a key is deleted newValue will be undefined.
Returns a function which you can use to unsubscribe:
1const unsubscribe = conf.onDidChange(key, callback); 2 3unsubscribe();
.onDidAnyChange(callback)
callback: (newValue, oldValue) => {}
Watches the whole config object, calling callback on any changes.
oldValue and newValue will be the config object before and after the change, respectively. You must compare oldValue to newValue to find out what changed.
Returns a function which you can use to unsubscribe:
1const unsubscribe = conf.onDidAnyChange(callback); 2 3unsubscribe();
.size
Get the item count.
.store
Get all the config as an object or replace the current config with an object:
1conf.store = { 2 hello: 'world' 3};
.path
Get the path to the config file.
FAQ
How is this different from configstore?
I'm also the author of configstore. While it's pretty good, I did make some mistakes early on that are hard to change at this point. This module is the result of everything I learned from making configstore. Mainly where the config is stored. In configstore, the config is stored in ~/.config (which is mainly a Linux convention) on all systems, while conf stores config in the system default user config directory. The ~/.config directory, it turns out, often have an incorrect permission on macOS and Windows, which has caused a lot of grief for users.
Can I use YAML or another serialization format?
The serialize and deserialize options can be used to customize the format of the config file, as long as the representation is compatible with utf8 encoding.
Example using YAML:
1import Conf from 'conf';
2import yaml from 'js-yaml';
3
4const config = new Conf({
5 projectName: 'foo',
6 fileExtension: 'yaml',
7 serialize: yaml.safeDump,
8 deserialize: yaml.safeLoad
9});Related
- electron-store - Simple data persistence for your Electron app or module
- cache-conf - Simple cache config handling for your app or module
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
security policy file detected
Details
- Info: security policy file detected: .github/security.md:1
- Info: Found linked content: .github/security.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: .github/security.md:1
- Info: Found text in security policy: .github/security.md:1
Reason
no dangerous workflow patterns detected
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: license:0
- Info: FSF or OSI recognized license: MIT License: license:0
Reason
Found 10/30 approved changesets -- score normalized to 3
Reason
4 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 3
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/sindresorhus/conf/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/sindresorhus/conf/main.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/main.yml:23
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/main.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 10 are checked with a SAST tool
Score
4.6
/10
Last Scanned on 2025-01-06
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More