Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

@adonisjs/env

Package Overview
Dependencies
Maintainers
3
Versions
58
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@adonisjs/env

Environment variable manager for Node.js

  • 4.0.1-0
  • Source
  • npm
  • Socket score
Version published
Weekly downloads
31K
decreased by-2.07%
Maintainers
3
Weekly downloads
 
Created
Source

@adonisjs/env

Environment variables parser and validator used by the AdonisJS.

gh-workflow-image typescript-image npm-image license-image synk-image

Note: This package is framework agnostic and can also be used outside of AdonisJS.

The @adonisjs/env package encapsulates the workflow around loading, parsing, and validating environment variables.

Setup

Install the package from the npm packages registry as follows.

npm i @adonisjs/env

yarn add @adonisjs/env

EnvLoader

The EnvLoader class is responsible for loading the environment variable files from the disk and returning their contents as a string.

import { EnvLoader } from '@adonisjs/env'

const lookupPath = new URL('./', import.meta.url)
const loader = new EnvLoader(lookupPath)

const envFiles = await loader.load()

The return value is an array of objects with following properties.

  • path: The path to the loaded dot-env file.
  • contents: The contents of the file.

Following is the list of loaded files. The array is ordered by the priority of the files. The first file has the highest priority and must override the variables from the last file.

PriorityFile nameEnvironmentShould I .gitignore itNotes
1st.env.[NODE_ENV].localCurrent environmentYesLoaded when NODE_ENV is set
2nd.env.localAllYesLoaded in all the environments except test or testing environments
3rd.env.[NODE_ENV]Current environmentNoLoaded when NODE_ENV is set
4th.envAllDependsLoaded in all the environments. You should .gitignore it when storing secrets in this file

EnvParser

The EnvParser class is responsible for parsing the contents of the .env file(s) and converting them into an object.

import { EnvLoader, EnvParser } from '@adonisjs/env'

const lookupPath = new URL('./', import.meta.url)
const loader = new EnvLoader(lookupPath)
const envFiles = await loader.load()

const envParser = new EnvParser(`
  PORT=3000
  HOST=localhost
`)

console.log(envParser.parse()) // { PORT: '3000', HOST: 'localhost' }

The return value of parser.parse is an object with key-value pair. The parser also has support for interpolation.

By default, the parser prefers existing process.env values when they exist. However, you can instruct the parser to ignore existing process.env files as follows.

new EnvParser(envContents, { ignoreProcessEnv: true })

Validating environment variables

Once you have the parsed objects, you can optionally validate them against a pre-defined schema. We recommend validation for the following reasons.

  • Fail early if one or more environment variables are missing.
  • Cast values to specific data types.
  • Have type safety alongside runtime safety.
import { Env } from '@adonisjs/env'

const validate = Env.rules({
  PORT: Env.schema.number(),
  HOST: Env.schema.string({ format: 'host' })
})

The Env.schema is a reference to the @poppinss/validator-lite schema object. Make sure to go through the package README to view all the available methods and options.

The Env.rules method returns a function to validate the environment variables. The return value is the validated object with type information inferred from the schema.

validate(process.env)

Following is a complete example of using the EnvLoader, EnvParser, and the validator to set up environment variables.

Note: Existing process.env variables have the top most priority over the variables defined in any of the files.

import { EnvLoader, EnvParser, Env } from '@adonisjs/env'

const lookupPath = new URL('./', import.meta.url)
const loader = new EnvLoader(lookupPath)
const envFiles = await loader.load()

let envValues = {}

envFiles.forEach(({ contents }) => {
  if (!contents.trim()) {
    return
  }

  const values = new EnvParser(contents).parse()
  Object.keys(values).forEach((key) => {
    let value = process.env[key]

    if (!value) {
      value = values[key]
      process.env[key] = values[key]
    }

    if (!envValues[key]) {
      envValues[key] = value
    }
  })
})

// Now perform the validation
const validate = Env.rules({
  PORT: Env.schema.number(),
  HOST: Env.schema.string({ format: 'host' })
})

const validated = validate(envValues)
const env = new Env(validated)

env.get('PORT') // is a number
env.get('HOST') // is a string
env.get('NODE_ENV') // is unknown, hence a string or undefined

The above code may seem like a lot of work to set up environment variables. However, you have fine-grained control over each step. In the case of AdonisJS, all this boilerplate is hidden inside the framework's application bootstrapping logic.

Keywords

FAQs

Package last updated on 02 Nov 2022

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets

Research

Security News

Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets

A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.

By Kirill Boychenko  -  Nov 19, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc