cross-env-file
Advanced tools
Run scripts that set environment across platforms via JSON file.
This is a fork of cross-env that uses a JSON file to read the environment variables.
This module is distributed via [npm][npm] which is bundled with [node][node] and
should be installed as one of your project's devDependencies:
npm install --save-dev cross-env-file
I use this in your npm scripts:
{
"scripts": {
"build": "cross-env-file -p ./.my-env.json webpack --config build/webpack.config.js"
}
}
Ultimately, the command that is executed (using [cross-spawn][cross-spawn])
is:
webpack --config build/webpack.config.js
If no path is
specified with -p the default name .env is used.
This is how a JSON environment file could look like:
{
"base_url": "https://example.com",
"aws": {
"my_secret": "my-nested-secret"
}
}
This will add the following environment variables to process.env:
base_url=https://example.com
aws_my_secret=my-nested-secret
cross-env-file vs cross-env-file-shellThe cross-env-file module exposes two bins: cross-env-file and cross-env-file-shell. The
first one executes commands using [cross-spawn][cross-spawn], while the
second one uses the shell option from Node's spawn.
The main use case for cross-env-file-shell is when you need an environment
variable to be set across an entire inline shell script, rather than just one
command.
For example, if you want to have the environment variable apply to several
commands in series then you will need to wrap those in quotes and use
cross-env-file-shell instead of cross-env-file.
MIT
FAQs
Run scripts that set environment across platforms via JSON file
The npm package cross-env-file receives a total of 1,874 weekly downloads. As such, cross-env-file popularity was classified as popular.
We found that cross-env-file demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Malicious npm packages posing as developer tools target macOS Cursor IDE users, stealing credentials and modifying files to gain persistent backdoor access.
Security News
AI-generated slop reports are making bug bounty triage harder, wasting maintainer time, and straining trust in vulnerability disclosure programs.
Research
Security News
The Socket Research team investigates a malicious Python package disguised as a Discord error logger that executes remote commands and exfiltrates data via a covert C2 channel.