Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@creatrip/env-safe
Advanced tools
🔑 Loads environment variables from .env for nodejs projects with safe
env-safe is module that loads that loads environment variables from a .env
file into process.env
with type-safe. And can also validate the type of process.env
. env-safe is dependent on dotenv and reflect-metadata.
npm intall @creatrip/env-safe --save
Or installing with yarn? yarn add @creatrip/env-safe
Turn on emitDecoratorMetadata
, experimentalDecorators
in tsconfig.json:
{
"compilerOptions": {
"emitDecoratorMetadata": true,
"experimentalDecorators": true
...
}
...
}
Create a .env
file in the root of your project:
DATABASE_HOST="localhost"
DATABASE_PORT=3306
Use env-safe to create env config class:
import { EnvSafe, EnvKey } from '@creatrip/env-safe';
@EnvSafe()
export class Env {
@EnvKey()
static DATABASE_HOST: string;
@EnvKey()
static DATABASE_PORT: number;
}
filename: env.ts
That's it. Just use the newly created config class:
import { Env } from './env.ts';
mysql.connect({
host: Env.DATABASE_HOST, // String("localhost")
port: Env.DATABASE_PORT, // Number(3306)
});
Comments may be added to your file on their own line or inline:
# This is a comment
DATABASE_HOST="localhost" # comment
DATABASE_PASSWORD="can-define-with-#"
Comments begin where a #
exists, so if your value contains a #
please wrap it in quotes.
Set default value to env config class property:
@EnvSafe()
export class Env {
@EnvKey({ default: 'localhost' })
static DATABASE_HOST: string;
@EnvKey({ default: 3306 })
static DATABASE_PORT: number;
}
Since the provided .env
does not contain all the variables defined in env config class, an exception is thrown:
DATABASE_HOST=
DATABASE_PORT="wrong data"
@EnvSafe()
export class Env {
@EnvKey()
static DATABASE_HOST: string; // Not defined Error
@EnvKey()
static DATABASE_PORT: number; // NaN Error
@EnvKey()
static DATABASE_USER: string; // Not defined Error
}
$ node dist/index.js
ERROR: DATABASE_USER is not defined in .env
.env
pathCan change .env
path in your project:
$ ls
development.env stagging.env production.env
@EnvSafe({ path: 'development.env' })
export class Env {
...
}
Can define multiple env config class:
AWS_SECRET_KEY="secret key"
S3_BUCKET="bucket name"
@EnvSafe()
export class EnvAWS {
@EnvKey()
static AWS_SECRET_KEY: string; // String("secret key")
}
@EnvSafe()
export class EnvS3 {
@EnvKey()
static S3_BUCKET: string; // String("bucket name")
}
See CONTRIBUTING.md
FAQs
🔑 Loads environment variables from .env for nodejs projects with safe
The npm package @creatrip/env-safe receives a total of 6 weekly downloads. As such, @creatrip/env-safe popularity was classified as not popular.
We found that @creatrip/env-safe demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.