cryptoenv - npm Package Compare versions

Comparing version 0.1.6 to 0.1.7

package.json

 {
   "name": "cryptoenv",
-  "version": "0.1.6",
+  "version": "0.1.7",
   "description": "Manage encrypted env variables",
@@ -5,0 +5,0 @@ "homepage": "https://github.com/secrez/cryptoenv#readme",

README.md

@@ -114,2 +114,16 @@ # CryptoEnv
 
+## Skip the log when needed
+
+In some cases, the console.log that tells about the encrypted keys can create problems because the output is used as is. For example, flattening a contract with Hardhat.
+
+To avoid seeing the log, you can add the options `noLogsIfNoKeys` like
+
+```javascript
+require("cryptoenv").parse({
+  noLogsIfNoKeys: true,
+});
+```
+
+Alternatively, you can set the variable `NO_LOGS_IF_NO_KEYS` in the environment.
+
 ## About security
@@ -133,3 +147,3 @@
   -l, --list                  List the keys' names
-
+  -t, --toggle                Toggle enabled/disabled keys
 ```
@@ -139,2 +153,11 @@
 
+**0.1.7**
+
+- Add `noLogsIfNoKeys` options in `.parse` to skip any logging test if no keys are found
+- Add same skip if an ENV variable `NO_LOGS_IF_NO_KEYS` is set
+
+**0.1.6**
+
+- Improve message when keys exist but are disabled
+
 **0.1.4**
@@ -141,0 +164,0 @@

src/CryptoEnv.js

@@ -19,2 +19,10 @@ const path = require("path");
 
+  consoleInfo(force, ...params) {
+    const noLogs =
+      !!this.options.noLogsIfNoKeys || !!process.env.NO_LOGS_IF_NO_KEYS;
+    if (force || !noLogs) {
+      console.info(...params);
+    }
+  }
+
   async run() {
@@ -91,4 +99,4 @@ const { newKey, list, toggle } = this.options;
       } else {
-        console.info("Active env variables:");
-        console.info(Object.keys(variables).join("\n"));
+        this.consoleInfo(true, "Active env variables:");
+        this.consoleInfo(true, Object.keys(variables).join("\n"));
       }
@@ -99,3 +107,3 @@ } else {
       }
-      console.info("No encrypted env variables, yet");
+      this.consoleInfo(true, "No encrypted env variables, yet");
     }
@@ -147,3 +155,3 @@ }
     await this.encryptAndSave(variable, password);
-    console.info("Keys successfully stored");
+    this.consoleInfo(true, "Keys successfully stored");
   }
@@ -194,3 +202,4 @@
       if (this.hasDisabled()) {
-        console.info(
+        this.consoleInfo(
+          false,
           chalk.grey(
@@ -201,3 +210,6 @@ `CryptoEnv > some encrypted keys are disabled. Run "cryptoEnv -t" to enable them`
       } else {
-        console.info(chalk.grey(`CryptoEnv > no encrypted keys found`));
+        this.consoleInfo(
+          false,
+          chalk.grey(`CryptoEnv > no encrypted keys found`)
+        );
       }
@@ -209,3 +221,4 @@ process.env.__decryptionAlreadyDone__ = "TRUE";
       const prompt = require("prompt-sync")({});
-      console.info(
+      this.consoleInfo(
+        true,
         chalk.green(
@@ -217,3 +230,3 @@ "CryptoEnv > Type your password to decrypt the env, or press enter to skip it"
       if (!password) {
-        console.info(chalk.grey("CryptoEnv > decryption skipped"));
+        this.consoleInfo(true, chalk.grey("CryptoEnv > decryption skipped"));
         process.env.__decryptionAlreadyDone__ = "TRUE";
@@ -236,3 +249,3 @@ return;
       } catch (e) {
-        console.info(chalk.red("Wrong password"));
+        this.consoleInfo(true, chalk.red("Wrong password"));
         process.exit(1);
@@ -242,8 +255,10 @@ }
     if (found) {
-      console.info(
+      this.consoleInfo(
+        true,
         chalk.green(`CryptoEnv > ${found} key${found > 1 ? "s" : ""} decrypted`)
       );
     } else if (this.hasDisabled()) {
-      console.info(
+      this.consoleInfo(
         chalk.grey(
+          false,
           `CryptoEnv > some encrypted keys are disabled. Run "cryptoEnv -t" to enable them`
@@ -253,3 +268,6 @@ )
     } else {
-      console.info(chalk.grey(`CryptoEnv > no encrypted keys found`));
+      this.consoleInfo(
+        false,
+        chalk.grey(`CryptoEnv > no encrypted keys found`)
+      );
     }
@@ -256,0 +274,0 @@ process.env.__decryptionAlreadyDone__ = "TRUE";

test/CryptoEnv.test.js

@@ -123,3 +123,3 @@ const { assert, expect } = require("chai");
 
-  describe("toggle", async function () {
+  describe.only("toggle", async function () {
     it("should toggle the variables", async function () {
@@ -126,0 +126,0 @@ let cryptoEnv = new CryptoEnv({ envPath });

New alerts

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Fixed alerts

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

30435

increased by3.86%

Lines of code

461

increased by3.83%

Number of lines in readme file

179

increased by14.74%

Worsened metrics

Number of low supply chain risk alerts

34

increased by36%

No dependency changes