Product
Introducing Webhook Events for Alert Changes
Add real-time Socket webhook events to your workflows to automatically receive software supply chain alert changes in real time.
By Phil Gates-Idem -  Nov 21, 2025
🚀 DAY 5 OF LAUNCH WEEK:Introducing Webhook Events for Alert Changes.Learn more →
@heroku/env-as-html-data
Advanced tools
Inject Environment Variables as HTML Data Attributes
Supports runtime config var changes and pipeline promotions on Heroku
This module will inject the current environment variables as HTML data-* global attributes into the app's HTML files. These variables can be updated everytime the app starts. Rebuild of the javascript app is not required to pick-up Heroku config var changes.
Using this Module
- install to the Javascript project:
npm install @heroku/env-as-html-data - set web process start-up to occur after this module:
npx env-as-html-data && bin/start-nginx-static
Configuration options (set as shell/environment variables):
ENV_AS_HTML_DATA_DIR(defaultpublic) the directory to search for HTML files to process.ENV_AS_HTML_DATA_FILE_EXT(default.html) the file extension to match for files to process.
Using Runtime Environment Variables
Do not set secret values into these environment variables. They will be injected into the website, where anyone on the internet can see the values. As a precaution, only environment variables prefixed with PUBLIC_ prefix will be exposed.
The variable names are case-insensitive, accessed as lowercase. Although enviroment variables are colloquially uppercased, the resulting HTML Data Attributes are set & accessed lowercased, because they are case-insensitive XML names.
For example, if this app is started:
export PUBLIC_API_URL=https://localhost:3001
export PUBLIC_RELEASE_VERSION=v42
export PORT=3000
npm start
When the app is loaded in the web browser's javascript environment, these can be accessed using the HTML Data Attribtes:
const body = document.querySelector("body")
// These contain the env vars' values
body.dataset.public_api_url
body.dataset.public_release_version
// PORT is not set, because it isn't prefixed with PUBLIC_
body.dataset.port == null
Using Build-time Variables
Environment variables used to configure the build, such as Webpack configuration, should be accessed using the normal Node.js process.env object.
How does the runtime variable injection work?
When this module runs during app start-up, it:
- reads all
PUBLIC_*environment variables - updates each
public/*.htmlfile, writing these env vars as<body data-*>attributes - serves the
public/directory as static files - the body data attributes are available within javascript & CSS running in the pages.
Keywords
FAQs
Inject environment variables into HTML pages as data-* attributes.
We found that @heroku/env-as-html-data demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 187 open source maintainers collaborating on the project.
Package last updated on 08 Oct 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
ENISA Becomes a CVE Root, Expanding Its Role in Europe’s Vulnerability Ecosystem
ENISA has become a CVE Program Root, giving the EU a central authority for coordinating vulnerability reporting, disclosure, and cross-border response.
By Sarah Gooding -  Nov 21, 2025
Product
Introducing Socket Scanning for OpenVSX Extensions
Socket now scans OpenVSX extensions, giving teams early detection of risky behaviors, hidden capabilities, and supply chain threats in developer tools.
By Mix Irving, Ryan Eberhardt -  Nov 20, 2025