Introducing Socket Firewall: Free, Proactive Protection for Your Software Supply Chain.Learn More
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

@pantheon-systems/pantheon-secrets

Package Overview
Dependencies
Maintainers
5
Versions
2
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@pantheon-systems/pantheon-secrets

Pantheon Secrets for Node sites

latest
npmnpm
Version
0.0.2
Version published
Maintainers
5
Created
Source

pantheon-secrets

A lightweight TypeScript utility package for Node.js applications to retrieve secrets from Pantheon-style environment variables. It simplifies the process of fetching environment-specific and production secrets with full type safety.

Installation

You can install this package via npm:

npm install pantheon-secrets

Features

  • 🔐 Secure secret management - Environment-based secret resolution
  • 📦 Dual module support - Works with both ESM (import) and CommonJS (require)
  • 🎯 TypeScript native - Full type safety and IntelliSense support
  • 🚀 Zero dependencies - Lightweight with no external dependencies
  • Well tested - Comprehensive test suite included

Usage

The package exposes a single function, pantheonGetSecret, which takes the name of a secret as a string and returns the corresponding value or null if not found.

ESM (Modern JavaScript/TypeScript)

import { pantheonGetSecret } from 'pantheon-secrets';

const mySecret = pantheonGetSecret('HELLO');
console.log(`The value of HELLO is: ${mySecret}`);

const anotherSecret = pantheonGetSecret('nonexistent');
console.log(`The value of nonexistent is: ${anotherSecret}`);
// The value of nonexistent is: null

CommonJS (Traditional Node.js)

const { pantheonGetSecret } = require('pantheon-secrets');

const mySecret = pantheonGetSecret('HELLO');
console.log(`The value of HELLO is: ${mySecret}`);

How It Works

The function automatically determines which secret to use based on your application's environment variables. It first checks for a live production secret, then looks for a value specific to your current environment, and finally falls back to a default value if no other options are found. If the secret is not defined, it returns null.

Development

Building

npm run build          # Build all formats
npm run build:esm      # Build ESM only
npm run build:cjs      # Build CommonJS only

Testing

npm install    # Install dependencies
npm test       # Run test suite

Project Structure

  • src/pantheon-secrets.ts - Main TypeScript source
  • index.ts - Entry point that exports from source
  • __tests__/ - Test directory containing all test files
  • dist/esm/ - ESM build output (ESNext)
  • dist/cjs/ - CommonJS build output (ES2020)
  • TypeScript definitions included for both formats

Keywords

pantheon
secrets

FAQs

Package last updated on 05 Aug 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

131 Spamware Extensions Targeting WhatsApp Flood Chrome Web Store

Research

/

Security News

131 Spamware Extensions Targeting WhatsApp Flood Chrome Web Store

The Socket Threat Research Team uncovered a coordinated campaign that floods the Chrome Web Store with 131 rebranded clones of a WhatsApp Web automation extension to spam Brazilian users.

By Kirill Boychenko  -  Oct 18, 2025