
Security News
Django Joins curl in Pushing Back on AI Slop Security Reports
Django has updated its security policies to reject AI-generated vulnerability reports that include fabricated or unverifiable content.
github.com/hashicorp/go-envparse
A minimal Go environment variable parser. It's intended to be used to parse
.env
style files similar to godotenv or
rubydotenv, but perform minimal
allocations, handle more complex quoting, and be better tested.
Parsing a line does 2 allocations regardless of line length or complexity.
The parser supports JSON strings which allows for cross-language/platform encoding of arbitrarily complex data.
For example if you are parsing environment variables from a templated file, the template can JSON encode data that may contain newlines:
FOO={{ some_template_function | toJSON }}
...would be templated to:
FOO="The template value\nmay have included\nsome newlines!\n\ud83d\udd25"
...and envparse.Parse()
would return:
map[string]string{
"FOO": "The template value\nmay have included\nsome newlines!\n🔥",
}
The following common features are intentionally missing:
However, comments, unquoted, single quoted, and double quoted text may all be used within a single value:
SOME_KEY = normal unquoted \text 'plus single quoted\' "\"double quoted " # EOL
...parses to:
map[string]string{
"SOME_KEY": `normal unquoted \text plus single quoted\ "double quoted `
}
(Note the trailing space inside the double quote is kept, but the space between
the final "
and #
is trimmed.)
[A-Za-z_][A-Za-z0-9_]?
export
which will be ignoredFOO=bar baz
#
, "
, '
, or newlineFOO="bar baz"
\uXXXX
, \r
, \n
, \t
, \\
, and
\"
"
FOO='bar baz'
'
See envparse_test.go
for examples of valid and invalid data.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Django has updated its security policies to reject AI-generated vulnerability reports that include fabricated or unverifiable content.
Security News
ECMAScript 2025 introduces Iterator Helpers, Set methods, JSON modules, and more in its latest spec update approved by Ecma in June 2025.
Security News
A new Node.js homepage button linking to paid support for EOL versions has sparked a heated discussion among contributors and the wider community.