Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
astro-env
This is an Astro integration that allows you to validate and type your environement variables automatically using zod.
Install the integration automatically using the Astro CLI:
pnpm astro add astro-env
npm astro add astro-env
yarn astro add astro-env
Or install it manually:
pnpm add astro-env
npm install astro-env
yarn add astro-env
+import astroEnv from "astro-env";
export default defineConfig({
integrations: [
+ astroEnv({ ... }),
],
});
Here is the TypeScript type:
export type Options = {
schema: AnyZodObject;
generateTypes?: boolean;
generateEnvTemplate?: boolean;
}
schema
Zod schema used to validate your environment variables. You can import zod from astro/zod
:
import astroEnv from "astro-env";
import { defineConfig } from "astro/config";
import { z } from "astro/zod";
// https://astro.build/config
export default defineConfig({
integrations: [
astroEnv({
schema: z.object({
ABC: z.string(),
}),
}),
],
});
When using generateTypes
, make sure that the schema doesn't contain any transform and that all values are strings (they can be z.string().url()
for example).
Interested in supporting more data types? Open an issue!
generateTypes
If set to true
, generates .astro/astro-env.d.ts
with types based on the schema and updates src/env.d.ts
. Defaults to true
.
generateEnvTemplate
If set to true
, generates a .env.template
with keys based on the schema. Defaults to false
This package is structured as a monorepo:
playground
contains code for testing the packagepackage
contains the actual packageInstall dependencies using pnpm:
pnpm i --frozen-lockfile
Start the playground:
pnpm playground:dev
You can now edit files in package
. Please note that making changes to those files may require restarting the playground dev server.
MIT Licensed. Made with ❤️ by Florian Lefebvre.
FAQs
Validate and type your environment variables automatically using zod
The npm package astro-env receives a total of 2 weekly downloads. As such, astro-env popularity was classified as not popular.
We found that astro-env demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.