Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@browserify/envify

Package Overview
Dependencies
Maintainers
39
Versions
1
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@browserify/envify

Selectively replace Node-style environment variables with plain strings.

  • 6.0.0
  • latest
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
2.7K
decreased by-18.44%
Maintainers
39
Weekly downloads
 
Created
Source

@browserify/envify Build status stable

Selectively replace Node-style environment variables with plain strings. Available as a standalone CLI tool and a Browserify transform.

Works best in combination with @browserify/uglifyify.

Installation

If you're using the module with Browserify:

npm install @browserify/envify browserify

Or, for the CLI:

sudo npm install -g @browserify/envify

Usage

envify will replace your environment variable checks with ordinary strings - only the variables you use will be included, so you don't have to worry about, say, AWS_SECRET_KEY leaking through either. Take this example script:

if (process.env.NODE_ENV === "development") {
  console.log('development only')
}

After running it through envify with NODE_ENV set to production, you'll get this:

if ("production" === "development") {
  console.log('development only')
}

By running this through a good minifier (e.g. terser), the above code would be stripped out completely.

However, if you bundled the same script with NODE_ENV set to development:

if ("development" === "development") {
  console.log('development only')
}

The if statement will evaluate to true, so the code won't be removed.

CLI Usage

With browserify:

browserify index.js -t @browserify/envify > bundle.js

Or standalone:

envify index.js > bundle.js

You can also specify additional custom environment variables using browserify's subarg syntax, which is available in versions 3.25.0 and above:

browserify index.js -t [ @browserify/envify --NODE_ENV development ] > bundle.js
browserify index.js -t [ @browserify/envify --NODE_ENV production  ] > bundle.js

Module Usage

require('@browserify/envify')

Returns a transform stream that updates based on the Node process' process.env object.

require('@browserify/envify/custom')([environment])

If you want to stay away from your environment variables, you can supply your own object to use in its place:

var browserify = require('browserify')
  , envify = require('@browserify/envify/custom')
  , fs = require('fs')

var b = browserify('main.js')
  , output = fs.createWriteStream('bundle.js')

b.transform(envify({
  NODE_ENV: 'development'
}))
b.bundle().pipe(output)

Purging process.env

By default, environment variables that are not defined will be left untouched. This is because in some cases, you might want to run an envify transform over your source more than once, and removing these values would make that impossible.

However, if any references to process.env are remaining after transforming your source with envify, browserify will automatically insert its shim for Node's process object, which will increase the size of your bundle. This weighs in at around 2KB, so if you're trying to be conservative with your bundle size you can "purge" these remaining variables such that any missing ones are simply replaced with undefined.

To do so through the command-line, simply use the subarg syntax and include purge after envify, e.g.:

browserify index.js -t [ @browserify/envify purge --NODE_ENV development ]

Or if you're using the module API, you can pass _: "purge" into your arguments like so:

b.transform(envify({
    _: 'purge'
  , NODE_ENV: 'development'
}))

Contributors

Keywords

FAQs

Package last updated on 16 Oct 2022

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc