Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
@adonisjs/env
Advanced tools
Environment variables parser and validator used by the AdonisJS.
Note: This package is framework agnostic and can also be used outside of AdonisJS.
The @adonisjs/env
package encapsulates the workflow around loading, parsing, and validating environment variables.
Install the package from the npm packages registry as follows.
npm i @adonisjs/env
yarn add @adonisjs/env
The EnvLoader
class is responsible for loading the environment variable files from the disk and returning their contents as a string.
import { EnvLoader } from '@adonisjs/env'
const lookupPath = new URL('./', import.meta.url)
const loader = new EnvLoader(lookupPath)
const envFiles = await loader.load()
The return value is an array of objects with following properties.
path
: The path to the loaded dot-env file.contents
: The contents of the file.Following is the list of loaded files. The array is ordered by the priority of the files. The first file has the highest priority and must override the variables from the last file.
Priority | File name | Environment | Should I .gitignore it | Notes |
---|---|---|---|---|
1st | .env.[NODE_ENV].local | Current environment | Yes | Loaded when NODE_ENV is set |
2nd | .env.local | All | Yes | Loaded in all the environments except test or testing environments |
3rd | .env.[NODE_ENV] | Current environment | No | Loaded when NODE_ENV is set |
4th | .env | All | Depends | Loaded in all the environments. You should .gitignore it when storing secrets in this file |
The EnvParser
class is responsible for parsing the contents of the .env
file(s) and converting them into an object.
import { EnvParser } from '@adonisjs/env'
const envParser = new EnvParser(`
PORT=3000
HOST=localhost
`)
console.log(envParser.parse()) // { PORT: '3000', HOST: 'localhost' }
The return value of parser.parse
is an object with key-value pair. The parser also has support for interpolation.
By default, the parser prefers existing process.env
values when they exist. However, you can instruct the parser to ignore existing process.env
files as follows.
new EnvParser(envContents, { ignoreProcessEnv: true })
Once you have the parsed objects, you can optionally validate them against a pre-defined schema. We recommend validation for the following reasons.
import { Env } from '@adonisjs/env'
const validator = Env.rules({
PORT: Env.schema.number(),
HOST: Env.schema.string({ format: 'host' })
})
The Env.schema
is a reference to the @poppinss/validator-lite schema
object. Make sure to go through the package README to view all the available methods and options.
The Env.rules
method returns an instance of the validator to validate the environment variables. The return value is the validated object with type information inferred from the schema.
validator.validate(process.env)
Following is a complete example of loading dot-env files and validating them in one go.
Note: Existing
process.env
variables have the top most priority over the variables defined in any of the files.
import { Env } from '@adonisjs/env'
const env = await Env.create(new URL('./', import.meta.url), {
PORT: Env.schema.number(),
HOST: Env.schema.string({ format: 'host' })
})
env.get('PORT') // is a number
env.get('HOST') // is a string
env.get('NODE_ENV') // is unknown, hence a string or undefined
The Env editor can be used to edit dot-env files and persist changes on disk. Only the .env
and .env.example
files are updated (if exists).
import { EnvEditor } from '@adonisjs/env/editor'
const editor = await EnvEditor.create(new URL('./', import.meta.url))
editor.add('PORT', 3000)
editor.add('HOST', 'localhost')
// Write changes on disk
await editor.save()
The exception is raised during environment variables validation exception. The exception is raised with Validation failed for one or more environment variables
message.
You can access the detailed error messages using the error.cause
property.
try {
validate(envValues)
} catch (error) {
console.log(error.cause)
}
FAQs
Environment variable manager for Node.js
The npm package @adonisjs/env receives a total of 25,894 weekly downloads. As such, @adonisjs/env popularity was classified as popular.
We found that @adonisjs/env demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.