@heroku/env-as-html-data
Advanced tools
This module will inject the current environment variables as HTML data-* global attributes into the app's HTML files. These variables can be updated everytime the app starts. Rebuild of the javascript app is not required to pick-up Heroku config var changes.
npm install @heroku/env-as-html-datanpx env-as-html-data && bin/start-nginx-staticConfiguration options (set as shell/environment variables):
ENV_AS_HTML_DATA_DIR (default public) the directory to search for HTML files to process.ENV_AS_HTML_DATA_FILE_EXT (default .html) the file extension to match for files to process.Do not set secret values into these environment variables. They will be injected into the website, where anyone on the internet can see the values. As a precaution, only environment variables prefixed with PUBLIC_ prefix will be exposed.
The variable names are case-insensitive, accessed as lowercase. Although enviroment variables are colloquially uppercased, the resulting HTML Data Attributes are set & accessed lowercased, because they are case-insensitive XML names.
For example, if this app is started:
export PUBLIC_API_URL=https://localhost:3001
export PUBLIC_RELEASE_VERSION=v42
export PORT=3000
npm start
When the app is loaded in the web browser's javascript environment, these can be accessed using the HTML Data Attribtes:
const body = document.querySelector("body")
// These contain the env vars' values
body.dataset.public_api_url
body.dataset.public_release_version
// PORT is not set, because it isn't prefixed with PUBLIC_
body.dataset.port == null
Environment variables used to configure the build, such as Webpack configuration, should be accessed using the normal Node.js process.env object.
When this module runs during app start-up, it:
PUBLIC_* environment variablespublic/*.html file, writing these env vars as <body data-*> attributespublic/ directory as static filesFAQs
Inject environment variables into HTML pages as data-* attributes.
The npm package @heroku/env-as-html-data receives a total of 61 weekly downloads. As such, @heroku/env-as-html-data popularity was classified as not popular.
We found that @heroku/env-as-html-data demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago.Ā It has 187 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Five malicious NuGet packages impersonate Chinese .NET libraries to deploy a stealer targeting browser credentials, crypto wallets, SSH keys, and local files.
Security News
pnpm 11 turns on a 1-day Minimum Release Age and blocks exotic subdeps by default, adding safeguards against fast-moving supply chain attacks.
Security News
The remediated findings include organization permission bugs, stale project access after transfers, OIDC replay edge cases, audit logging gaps, and an IDOR in API token deletion.