cryptoenv
Advanced tools
Comparing version 0.1.6 to 0.1.7
{ | ||
"name": "cryptoenv", | ||
"version": "0.1.6", | ||
"version": "0.1.7", | ||
"description": "Manage encrypted env variables", | ||
@@ -5,0 +5,0 @@ "homepage": "https://github.com/secrez/cryptoenv#readme", |
@@ -114,2 +114,16 @@ # CryptoEnv | ||
## Skip the log when needed | ||
In some cases, the console.log that tells about the encrypted keys can create problems because the output is used as is. For example, flattening a contract with Hardhat. | ||
To avoid seeing the log, you can add the options `noLogsIfNoKeys` like | ||
```javascript | ||
require("cryptoenv").parse({ | ||
noLogsIfNoKeys: true, | ||
}); | ||
``` | ||
Alternatively, you can set the variable `NO_LOGS_IF_NO_KEYS` in the environment. | ||
## About security | ||
@@ -133,3 +147,3 @@ | ||
-l, --list List the keys' names | ||
-t, --toggle Toggle enabled/disabled keys | ||
``` | ||
@@ -139,2 +153,11 @@ | ||
**0.1.7** | ||
- Add `noLogsIfNoKeys` options in `.parse` to skip any logging test if no keys are found | ||
- Add same skip if an ENV variable `NO_LOGS_IF_NO_KEYS` is set | ||
**0.1.6** | ||
- Improve message when keys exist but are disabled | ||
**0.1.4** | ||
@@ -141,0 +164,0 @@ |
@@ -19,2 +19,10 @@ const path = require("path"); | ||
consoleInfo(force, ...params) { | ||
const noLogs = | ||
!!this.options.noLogsIfNoKeys || !!process.env.NO_LOGS_IF_NO_KEYS; | ||
if (force || !noLogs) { | ||
console.info(...params); | ||
} | ||
} | ||
async run() { | ||
@@ -91,4 +99,4 @@ const { newKey, list, toggle } = this.options; | ||
} else { | ||
console.info("Active env variables:"); | ||
console.info(Object.keys(variables).join("\n")); | ||
this.consoleInfo(true, "Active env variables:"); | ||
this.consoleInfo(true, Object.keys(variables).join("\n")); | ||
} | ||
@@ -99,3 +107,3 @@ } else { | ||
} | ||
console.info("No encrypted env variables, yet"); | ||
this.consoleInfo(true, "No encrypted env variables, yet"); | ||
} | ||
@@ -147,3 +155,3 @@ } | ||
await this.encryptAndSave(variable, password); | ||
console.info("Keys successfully stored"); | ||
this.consoleInfo(true, "Keys successfully stored"); | ||
} | ||
@@ -194,3 +202,4 @@ | ||
if (this.hasDisabled()) { | ||
console.info( | ||
this.consoleInfo( | ||
false, | ||
chalk.grey( | ||
@@ -201,3 +210,6 @@ `CryptoEnv > some encrypted keys are disabled. Run "cryptoEnv -t" to enable them` | ||
} else { | ||
console.info(chalk.grey(`CryptoEnv > no encrypted keys found`)); | ||
this.consoleInfo( | ||
false, | ||
chalk.grey(`CryptoEnv > no encrypted keys found`) | ||
); | ||
} | ||
@@ -209,3 +221,4 @@ process.env.__decryptionAlreadyDone__ = "TRUE"; | ||
const prompt = require("prompt-sync")({}); | ||
console.info( | ||
this.consoleInfo( | ||
true, | ||
chalk.green( | ||
@@ -217,3 +230,3 @@ "CryptoEnv > Type your password to decrypt the env, or press enter to skip it" | ||
if (!password) { | ||
console.info(chalk.grey("CryptoEnv > decryption skipped")); | ||
this.consoleInfo(true, chalk.grey("CryptoEnv > decryption skipped")); | ||
process.env.__decryptionAlreadyDone__ = "TRUE"; | ||
@@ -236,3 +249,3 @@ return; | ||
} catch (e) { | ||
console.info(chalk.red("Wrong password")); | ||
this.consoleInfo(true, chalk.red("Wrong password")); | ||
process.exit(1); | ||
@@ -242,8 +255,10 @@ } | ||
if (found) { | ||
console.info( | ||
this.consoleInfo( | ||
true, | ||
chalk.green(`CryptoEnv > ${found} key${found > 1 ? "s" : ""} decrypted`) | ||
); | ||
} else if (this.hasDisabled()) { | ||
console.info( | ||
this.consoleInfo( | ||
chalk.grey( | ||
false, | ||
`CryptoEnv > some encrypted keys are disabled. Run "cryptoEnv -t" to enable them` | ||
@@ -253,3 +268,6 @@ ) | ||
} else { | ||
console.info(chalk.grey(`CryptoEnv > no encrypted keys found`)); | ||
this.consoleInfo( | ||
false, | ||
chalk.grey(`CryptoEnv > no encrypted keys found`) | ||
); | ||
} | ||
@@ -256,0 +274,0 @@ process.env.__decryptionAlreadyDone__ = "TRUE"; |
@@ -123,3 +123,3 @@ const { assert, expect } = require("chai"); | ||
describe("toggle", async function () { | ||
describe.only("toggle", async function () { | ||
it("should toggle the variables", async function () { | ||
@@ -126,0 +126,0 @@ let cryptoEnv = new CryptoEnv({ envPath }); |
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
30435
461
179
34