cryptoenv - npm Package Compare versions

Comparing version 0.1.0 to 0.1.1

package.json

 {
   "name": "cryptoenv",
-  "version": "0.1.0",
+  "version": "0.1.1",
   "description": "Manage encrypted env variables",
@@ -25,3 +25,3 @@ "homepage": "https://github.com/secrez/cryptoenv#readme",
     "test": "cross-env NODE_ENV=test nyc --reporter=lcov --reporter=text ./node_modules/.bin/_mocha test/*.test.js --exit",
-    "posttest": "nyc check-coverage --statements 90 --branches 80 --functions 85 --lines 90",
+    "posttest": "nyc check-coverage --statements 55 --branches 45 --functions 55 --lines 55",
     "postinstall": "./post-install.sh",
@@ -28,0 +28,0 @@ "prepare": "husky install",

README.md

@@ -116,4 +116,4 @@ # CryptoEnv
 
-~~~~MIT — enjoy it :-)
+~~~~~~~~MIT — enjoy it :-)
 
 

src/CryptoEnv.js

@@ -148,2 +148,21 @@ const path = require("path");
   ) {
+    this.keys = {};
+    for (let key in process.env) {
+      if (
+        RegExp(`^${this.prefix}`).test(key) &&
+        this.isBase64(process.env[key])
+      ) {
+        let value = process.env[key];
+        key = key.split(this.prefix)[1];
+        if (filter && ((typeof filter === "function" && !filter(key)) || (
+          Object.prototype.toString.call(filter) && !filter.test(key)
+        ))) {
+            continue;
+          }
+        this.keys[key]= value;
+      }
+    }
+    if (Object.keys(this.keys).length === 0) {
+      console.info(chalk.grey(`CryptoEnv > no encrypted keys found`));
+    }
     if (!password) {
@@ -162,10 +181,6 @@ const prompt = require('prompt-sync')({});
     let found = 0;
-    for (let key in process.env) {
-      if (
-        RegExp(`^${this.prefix}`).test(key) &&
-        this.isBase64(process.env[key])
-      ) {
+    for (let key in this.keys) {
         try {
           process.env[key] = Crypto.decrypt(
-            process.env[key],
+            this.keys[key],
             Crypto.SHA3(password)
@@ -178,3 +193,2 @@ );
         }
-      }
     }
@@ -181,0 +195,0 @@ if (found) {

test/CryptoEnv.test.js

@@ -82,12 +82,29 @@ const { assert, expect } = require("chai");
     it("should parse the .env file and decrypt the variables", async function () {
+      delete process.env.myKey;
+      require("dotenv").config({ path: envPath });
+      let cryptoEnv = new CryptoEnv();
+      cryptoEnv.parse(undefined, password);
+      expect(process.env.myKey).equal("8s8s8s8s87w7w7wydydydyd6d6d6d6");
+    });
 
-      this.timeout(60000);
+    it("should parse with a filter", async function () {
+      delete process.env.myKey;
+      require("dotenv").config({ path: envPath });
+      let cryptoEnv = new CryptoEnv();
+      cryptoEnv.parse(/argoPlan/, password);
+      expect(process.env.myKey).equal(undefined);
+    });
 
+    it("should parse with a filter", async function () {
+      delete process.env.myKey;
+      process.env.nodeENV = "test";
       require("dotenv").config({ path: envPath });
       let cryptoEnv = new CryptoEnv();
-      cryptoEnv.parse(undefined, password);
-      expect(process.env.myKey, "8s8s8s8s87w7w7wydydydyd6d6d6d6");
+      cryptoEnv.parse(() => process.env.nodeENV !== "test" , password);
+      expect(process.env.myKey).equal(undefined);
     });
 
+
     it.skip("should parse the .env file and decrypt the variables", async function () {
+      delete process.env.myKey;
       this.timeout(60000);
@@ -94,0 +111,0 @@ // to verify it manually

New alerts

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

25930

increased by4.68%

Lines of code

378

increased by8.62%

Worsened metrics

Number of low supply chain risk alerts

16

increased by100%

No dependency changes