@dotenvx/dotenvx
Advanced tools
@dotenvx/dotenvx - npm Package Compare versions
+1
-1
| { | ||
| "version": "1.61.6", | ||
| "version": "1.62.0", | ||
| "name": "@dotenvx/dotenvx", | ||
@@ -4,0 +4,0 @@ "description": "secrets for agents–from the creator of `dotenv`", |
@@ -11,2 +11,3 @@ const path = require('path') | ||
| const conventions = require('./../../lib/helpers/conventions') | ||
| const { determine } = require('./../../lib/helpers/envResolution') | ||
@@ -49,2 +50,3 @@ async function run () { | ||
| } | ||
| envs = determine(envs, process.env) | ||
@@ -51,0 +53,0 @@ const { |
@@ -5,2 +5,6 @@ const conventions = require('./conventions') | ||
| function buildEnvs (options) { | ||
| if (options.envs) { | ||
| return options.envs | ||
| } | ||
| // build envs using user set option.path | ||
@@ -7,0 +11,0 @@ const optionPaths = dotenvOptionPaths(options) // [ '.env' ] |
+24
-0
@@ -54,2 +54,11 @@ import type { URL } from 'url'; | ||
| /** | ||
| * Specify explicit env sources. When set, `path` and `convention` are ignored. | ||
| * | ||
| * @default undefined | ||
| * @example require('@dotenvx/dotenvx').config({ envs: [{ type: 'envFile', value: '.env' }] }) | ||
| * @example require('@dotenvx/dotenvx').config({ envs: [{ type: 'env', value: 'HELLO=World', privateKeyName: 'DOTENV_PRIVATE_KEY' }] }) | ||
| */ | ||
| envs?: DotenvConfigEnv[]; | ||
| /** | ||
| * Specify a custom path if your file containing environment variables is located elsewhere. | ||
@@ -165,2 +174,17 @@ * Can also be an array of strings, specifying multiple paths. | ||
| export type DotenvConfigEnv = | ||
| | DotenvConfigEnvFile | ||
| | DotenvConfigEnvSrc; | ||
| export interface DotenvConfigEnvFile { | ||
| type: 'envFile'; | ||
| value: string | URL; | ||
| } | ||
| export interface DotenvConfigEnvSrc { | ||
| type: 'env'; | ||
| value: string | Buffer; | ||
| privateKeyName?: string; | ||
| } | ||
| export interface DotenvConfigOutput { | ||
@@ -167,0 +191,0 @@ error?: Error; |
+5
-1
@@ -19,2 +19,3 @@ // @ts-check | ||
| const buildEnvs = require('./helpers/buildEnvs') | ||
| const { determine } = require('./helpers/envResolution') | ||
| const Parse = require('./helpers/parse') | ||
@@ -54,3 +55,6 @@ const fsx = require('./helpers/fsx') | ||
| try { | ||
| const envs = buildEnvs(options) | ||
| let envs = buildEnvs(options) | ||
| if (!options.envs) { | ||
| envs = determine(envs, processEnv) | ||
| } | ||
| const { | ||
@@ -57,0 +61,0 @@ processedEnvs, |
| const Run = require('./run') | ||
| const Errors = require('./../helpers/errors') | ||
| const { determine } = require('./../helpers/envResolution') | ||
@@ -16,3 +17,4 @@ class Get { | ||
| const processEnv = { ...process.env } | ||
| const { processedEnvs } = new Run(this.envs, this.overload, processEnv, this.envKeysFilepath, this.noOps).runSync() | ||
| const envs = determine(this.envs, processEnv) | ||
| const { processedEnvs } = new Run(envs, this.overload, processEnv, this.envKeysFilepath, this.noOps).runSync() | ||
| return this._result(processedEnvs, processEnv) | ||
@@ -23,3 +25,4 @@ } | ||
| const processEnv = { ...process.env } | ||
| const { processedEnvs } = await new Run(this.envs, this.overload, processEnv, this.envKeysFilepath, this.noOps).run() | ||
| const envs = determine(this.envs, processEnv) | ||
| const { processedEnvs } = await new Run(envs, this.overload, processEnv, this.envKeysFilepath, this.noOps).run() | ||
| return this._result(processedEnvs, processEnv) | ||
@@ -26,0 +29,0 @@ } |
@@ -18,9 +18,5 @@ const fsx = require('./../helpers/fsx') | ||
| const { | ||
| determine | ||
| } = require('./../helpers/envResolution') | ||
| class Run { | ||
| constructor (envs = [], overload = false, processEnv = process.env, envKeysFilepath = null, noOps = false) { | ||
| this.envs = determine(envs, processEnv) | ||
| this.envs = envs | ||
| this.overload = overload | ||
@@ -50,3 +46,3 @@ this.processEnv = processEnv | ||
| } else if (env.type === TYPE_ENV) { | ||
| this._injectEnv(env.value) | ||
| this._injectEnv(env.value, env.privateKeyName) | ||
| } | ||
@@ -77,3 +73,3 @@ } | ||
| } else if (env.type === TYPE_ENV) { | ||
| this._injectEnv(env.value) | ||
| this._injectEnv(env.value, env.privateKeyName) | ||
| } | ||
@@ -92,3 +88,3 @@ } | ||
| _injectEnv (env) { | ||
| _injectEnv (env, privateKeyName = null) { | ||
| const row = {} | ||
@@ -99,2 +95,4 @@ row.type = TYPE_ENV | ||
| try { | ||
| const privateKey = privateKeyName ? this.processEnv[privateKeyName] || null : null | ||
| const { | ||
@@ -105,4 +103,6 @@ parsed, | ||
| preExisted | ||
| } = new Parse(env, null, this.processEnv, this.overload).run() | ||
| } = new Parse(env, privateKey, this.processEnv, this.overload, privateKeyName).run() | ||
| row.privateKeyName = privateKeyName | ||
| row.privateKey = privateKey | ||
| row.parsed = parsed | ||
@@ -109,0 +109,0 @@ row.errors = errors |
Sorry, the diff of this file is too big to display
New alerts
Potential vulnerability
Supply chain riskInitial human review suggests the presence of a vulnerability in this package. It is pending further analysis and confirmation.
Found 1 instance in 1 package
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 10 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
AI-detected potential code anomaly
Supply chain riskAI has identified unusual behaviors that may pose a security risk.
Found 4 instances in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Fixed alerts
Potential vulnerability
Supply chain riskInitial human review suggests the presence of a vulnerability in this package. It is pending further analysis and confirmation.
Found 1 instance in 1 package
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 10 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
AI-detected potential code anomaly
Supply chain riskAI has identified unusual behaviors that may pose a security risk.
Found 4 instances in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
322281
0.56%- Lines of code
5240
0.61%Worsened metrics
- Number of low supply chain risk alerts
50
2.04%