@heroku/env-as-html-data
Advanced tools
This module will inject the current environment variables as HTML data-* global attributes into the app's HTML files. These variables can be updated everytime the app starts. Rebuild of the javascript app is not required to pick-up Heroku config var changes.
npm install @heroku/env-as-html-datanpx env-as-html-data && bin/start-nginx-staticConfiguration options (set as shell/environment variables):
ENV_AS_HTML_DATA_DIR (default public) the directory to search for HTML files to process.ENV_AS_HTML_DATA_FILE_EXT (default .html) the file extension to match for files to process.Do not set secret values into these environment variables. They will be injected into the website, where anyone on the internet can see the values. As a precaution, only environment variables prefixed with PUBLIC_ prefix will be exposed.
The variable names are case-insensitive, accessed as lowercase. Although enviroment variables are colloquially uppercased, the resulting HTML Data Attributes are set & accessed lowercased, because they are case-insensitive XML names.
For example, if this app is started:
export PUBLIC_API_URL=https://localhost:3001
export PUBLIC_RELEASE_VERSION=v42
export PORT=3000
npm start
When the app is loaded in the web browser's javascript environment, these can be accessed using the HTML Data Attribtes:
const body = document.querySelector("body")
// These contain the env vars' values
body.dataset.public_api_url
body.dataset.public_release_version
// PORT is not set, because it isn't prefixed with PUBLIC_
body.dataset.port == null
Environment variables used to configure the build, such as Webpack configuration, should be accessed using the normal Node.js process.env object.
When this module runs during app start-up, it:
PUBLIC_* environment variablespublic/*.html file, writing these env vars as <body data-*> attributespublic/ directory as static filesFAQs
Inject environment variables into HTML pages as data-* attributes.
We found that @heroku/env-as-html-data demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 187 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
Socket researchers found 10 typosquatted npm packages that auto-run on install, show fake CAPTCHAs, fingerprint by IP, and deploy a credential stealer.
Product
Socket Firewall Enterprise is now available with flexible deployment, configurable policies, and expanded language support.
Security News
Open source dashboard CNAPulse tracks CVE Numbering Authorities’ publishing activity, highlighting trends and transparency across the CVE ecosystem.