@dotenvx/dotenvx - npm Package Compare versions

Comparing version 1.15.0 to 1.16.0

CHANGELOG.md

@@ -5,4 +5,10 @@ # Changelog
 
-## [Unreleased](https://github.com/dotenvx/dotenvx/compare/v1.15.0...main)
+## [Unreleased](https://github.com/dotenvx/dotenvx/compare/v1.16.0...main)
 
+## 1.16.0
+
+### Changed
+
+* for `dotenvx keypair` call out to `dotenvx pro keypair` if [pro](https://github.com/dotenvx/dotenvx/issues/259) installed ([#390](https://github.com/dotenvx/dotenvx/pull/390))
+
 ## 1.15.0
@@ -9,0 +15,0 @@

package.json

 {
-  "version": "1.15.0",
+  "version": "1.16.0",
   "name": "@dotenvx/dotenvx",
@@ -4,0 +4,0 @@ "description": "a better dotenv–from the creator of `dotenv`",

README.md

@@ -1323,3 +1323,3 @@ [![dotenvx](https://dotenvx.com/better-banner.png)](https://dotenvx.com)
 
-  Print a shell formatted response of keypair(s).
+  Print a shell formatted reponse of public/private keys.
 
@@ -1326,0 +1326,0 @@ ```sh

src/lib/services/run.js

 const fs = require('fs')
 const path = require('path')
 const dotenv = require('dotenv')
+const childProcess = require('child_process')
 
@@ -16,6 +17,8 @@ const ENCODING = 'utf8'
 const parseEnvironmentFromDotenvKey = require('./../helpers/parseEnvironmentFromDotenvKey')
-const smartDotenvPrivateKey = require('./../helpers/smartDotenvPrivateKey')
 const guessPrivateKeyFilename = require('./../helpers/guessPrivateKeyFilename')
+const guessPrivateKeyName = require('./../helpers/guessPrivateKeyName')
 const detectEncoding = require('./../helpers/detectEncoding')
 
+const Keypair = require('./../services/keypair')
+
 class Run {
@@ -98,4 +101,3 @@ constructor (envs = [], overload = false, DOTENV_KEY = '', processEnv = process.env) {
 
-      // if DOTENV_PRIVATE_KEY_* already set in process.env then use it
-      const privateKey = smartDotenvPrivateKey(envFilepath)
+      const privateKey = this._determinePrivateKey(envFilepath)
       const { parsed, processEnv, warnings } = parseDecryptEvalExpand(src, privateKey, this.processEnv)
@@ -275,4 +277,27 @@ row.parsed = parsed
   }
+
+  _determinePrivateKey (envFilepath) {
+    const privateKeyName = guessPrivateKeyName(envFilepath)
+
+    let privateKey
+    try {
+      // if installed as sibling module
+      const projectRoot = path.resolve(process.cwd())
+      const dotenvxProPath = require.resolve('@dotenvx/dotenvx-pro', { paths: [projectRoot] })
+      const { keypair } = require(dotenvxProPath)
+      privateKey = keypair(envFilepath, privateKeyName)
+    } catch (_e) {
+      try {
+        // if installed as binary cli
+        privateKey = childProcess.execSync(`dotenvx-pro keypair ${privateKeyName} -f ${envFilepath} 2>/dev/null`).toString().trim()
+      } catch (_e) {
+        // fallback to local KeyPair - smart enough to handle process.env, .env.keys, etc
+        privateKey = new Keypair(envFilepath, privateKeyName).run()
+      }
+    }
+
+    return privateKey
+  }
 }
 
 module.exports = Run

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

201752

increased by0.54%

Lines of code

3472

increased by0.61%

Worsened metrics

Number of low supply chain risk alerts

44

increased by2.33%

Number of medium supply chain risk alerts

6

increased by20%

No dependency changes