		@@ -5,4 +5,10 @@ # Changelog

		[Unreleased](https://github.com/dotenvx/dotenvx/compare/v1.57.3...main)
		[Unreleased](https://github.com/dotenvx/dotenvx/compare/v1.57.4...main)

		## [1.57.4](https://github.com/dotenvx/dotenvx/compare/v1.57.3...v1.57.4) (2026-03-26)

		### Changes

		* Use `curl` example for install [dotenvx.com/ops](https://dotenvx.com/ops) ([#767](https://github.com/dotenvx/dotenvx/pull/766))

		## [1.57.3](https://github.com/dotenvx/dotenvx/compare/v1.57.2...v1.57.3) (2026-03-26)
		@@ -62,3 +68,3 @@

		* Add 'KEYS OFF COMPUTER' security feature when [dotenvx-ops](https://dotenvx.com/ops) installed ([#746](https://github.com/dotenvx/dotenvx/pull/746))
		* Add '⛨ ARMORED KEYS: Harden your private keys.' security feature when [dotenvx-ops](https://dotenvx.com/ops) installed ([#746](https://github.com/dotenvx/dotenvx/pull/746))

		@@ -65,0 +71,0 @@ ### Removed

+1

-1

package.json

		{
		"version": "1.57.3",
		"version": "1.57.4",
		"name": "@dotenvx/dotenvx",
		@@ -4,0 +4,0 @@ "description": "a secure dotenv–from the creator of `dotenv`",

+5

-5

src/lib/helpers/executeDynamic.js

		@@ -6,3 +6,3 @@ const path = require('path')
		function installCommandForOps () {
		return 'npm i -g @dotenvx/dotenvx-ops'
		return 'curl -sfS https://dotenvx.sh/ops \| sh'
		}
		@@ -16,9 +16,9 @@
		' ██║ ██║██████╔╝███████╗',
		' ██║ ██║██╔═══╝ ╚════██║',
		' ██║ ██║██╔═══╝ ╚════██║ [www.dotenvx.com/ops]',
		' ╚██████╔╝██║ ███████║',
		' ╚═════╝ ╚═╝ ╚══════╝',
		'',
		' KEYS OFF COMPUTER: Add hardened key protection with dotenvx-ops.',
		` Install now: [${installCommand}]`,
		' Learn more: [https://dotenvx.com/ops]'
		' ⛨ ARMORED KEYS: Harden your private keys.',
		` ⮕ install [${installCommand}]`,
		' ⮕ and then run [dotenvx-ops login]'
		]
		@@ -25,0 +25,0 @@

README.md

Sorry, the diff of this file is too big to display

New alerts

Potential vulnerability

Supply chain risk

Initial human review suggests the presence of a vulnerability in this package. It is pending further analysis and confirmation.

Found 1 instance in 1 package

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 10 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Fixed alerts

Potential vulnerability

Supply chain risk

Initial human review suggests the presence of a vulnerability in this package. It is pending further analysis and confirmation.

Found 1 instance in 1 package

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 10 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

@dotenvx/dotenvx - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics