My suggestion is do NOT store tokens, auth, sensitive info in config files, even if they are in .gitignore. Switch to env variables, it's better from many perspectives.
Sorry, my bad. I thought the app is nodejs web based.
When you start using hosting services, and your team is getting bigger, project grow, I always hit the config files problem.
You can also fix some of the "cons" of ENV vars by using a stub file with all the ENV vars, that can also be used as local DEV env. Some hostings also allows keeping ENV vars in files, but beats the purpose.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
My suggestion is do NOT store tokens, auth, sensitive info in config files, even if they are in .gitignore. Switch to env variables, it's better from many perspectives.
Keep in your config files the things that do not change between your environments (staging, production, dev). See the 12factor for some Pro reasons and here are some against reasons
I think JSON is better for JS projects, the main reason: is simpler. You don't need a parser and simple is better.
All good advice, and the link about pros and cons about environment variables is very interesting.
But note that the context is a bit different: the 12 factor app is a software as a service, and my article is about a command-line tool.
Also, you're right, if you're using Javascript already, having config files in json (or even in javascript code!) is certainly a good idea.
Sorry, my bad. I thought the app is nodejs web based.
When you start using hosting services, and your team is getting bigger, project grow, I always hit the config files problem.
You can also fix some of the "cons" of ENV vars by using a stub file with all the ENV vars, that can also be used as local DEV env. Some hostings also allows keeping ENV vars in files, but beats the purpose.