New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details
Socket
Book a DemoSign in
Socket
Book a DemoSign in

@dotenvx/dotenvx

Package Overview
Dependencies
Maintainers
2
Versions
256
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@dotenvx/dotenvx - npm Package Compare versions

Comparing version
1.14.0
 to
1.14.1
+7
-1
CHANGELOG.md

@@ -5,4 +5,10 @@ # Changelog

## [Unreleased](https://github.com/dotenvx/dotenvx/compare/v1.14.0...main)
## [Unreleased](https://github.com/dotenvx/dotenvx/compare/v1.14.1...main)
## 1.14.1
### Changed
* run precommit hook only on staged files ([#380](https://github.com/dotenvx/dotenvx/pull/380))
## 1.14.0

@@ -9,0 +15,0 @@ 

+1
-1
package.json
{
"version": "1.14.0",
"version": "1.14.1",
"name": "@dotenvx/dotenvx",

@@ -4,0 +4,0 @@ "description": "a better dotenv–from the creator of `dotenv`",

+32
-16
src/lib/services/precommit.js

@@ -10,2 +10,3 @@ /* istanbul ignore file */

const InstallPrecommitHook = require('./../helpers/installPrecommitHook')
const childProcess = require('child_process')
const MISSING_GITIGNORE = '.env.keys' // by default only ignore .env.keys. all other .env* files COULD be included - as long as they are encrypted

@@ -48,19 +49,22 @@

dotenvFiles.forEach(file => {
// check if that file is being ignored
if (ig.ignores(file)) {
if (file === '.env.example' || file === '.env.vault') {
const warning = new Error(`${file} (currently ignored but should not be)`)
warning.help = `? add !${file} to .gitignore with [echo "!${file}" >> .gitignore]`
warnings.push(warning)
}
} else {
if (file !== '.env.example' && file !== '.env.vault') {
const src = fs.readFileSync(file).toString()
const encrypted = isFullyEncrypted(src)
// check if file is going to be commited
if (this._isFileToBeCommitted(file)) {
// check if that file is being ignored
if (ig.ignores(file)) {
if (file === '.env.example' || file === '.env.vault') {
const warning = new Error(`${file} (currently ignored but should not be)`)
warning.help = `? add !${file} to .gitignore with [echo "!${file}" >> .gitignore]`
warnings.push(warning)
}
} else {
if (file !== '.env.example' && file !== '.env.vault') {
const src = fs.readFileSync(file).toString()
const encrypted = isFullyEncrypted(src)
// if contents are encrypted don't raise an error
if (!encrypted) {
const error = new Error(`${file} not encrypted (or not gitignored)`)
error.help = `? encrypt it with [dotenvx encrypt -f ${file}] or add ${file} to .gitignore with [echo ".env*" >> .gitignore]`
throw error
// if contents are encrypted don't raise an error
if (!encrypted) {
const error = new Error(`${file} not encrypted (or not gitignored)`)
error.help = `? encrypt it with [dotenvx encrypt -f ${file}] or add ${file} to .gitignore with [echo ".env*" >> .gitignore]`
throw error
}
}

@@ -82,2 +86,14 @@ }

_isFileToBeCommitted (filePath) {
try {
const output = childProcess.execSync('git diff --cached --name-only').toString()
const files = output.split('\n')
return files.includes(filePath)
} catch (error) {
// consider file to be committed if there is an error (not using git)
return true
}
}
_installPrecommitHook () {

@@ -84,0 +100,0 @@ return new InstallPrecommitHook().run()