dotenv-expand
Advanced tools
Package description
The dotenv-expand npm package is an extension for dotenv. It allows you to have more complex .env files by enabling variable expansion within your environment variables. This means you can reference other environment variables within your .env file, which dotenv by itself does not support.
Variable Expansion
This feature allows you to reference other variables in your .env file. For example, if you have a BASE_URL variable, you can use it to construct the API_URL variable.
require('dotenv').config();
require('dotenv-expand')(process.env);
// .env file
// BASE_URL=https://myapi.com
// API_URL=${BASE_URL}/v1Nested Variable Expansion
This feature allows for nested variable expansion where you can use multiple environment variables to construct a new one.
require('dotenv').config();
require('dotenv-expand')(process.env);
// .env file
// URL=https://myapi.com
// VERSION=v1
// API_URL=${URL}/${VERSION}env-cmd is a simple node program for executing commands using an environment from an env file. It is similar to dotenv-expand in that it helps manage environment variables, but it does not support variable expansion.
cross-env allows you to run scripts that set and use environment variables across platforms. It is similar to dotenv-expand in the sense that it helps with environment variables, but it does not support .env file variable expansion.
envfile is a package to parse and stringify the envfile format. It is similar to dotenv-expand in that it works with .env files, but it does not support variable expansion within the .env file itself.
Readme
Dotenv libraries are supported by the community.
Special thanks to:
Dotenv-expand adds variable expansion on top of dotenv. If you find yourself needing to expand environment variables already existing on your machine, then dotenv-expand is your tool.
# Install locally (recommended)
npm install dotenv-expand --save
Or installing with yarn? yarn add dotenv-expand
Create a .env file in the root of your project:
PASSWORD="s1mpl3"
DB_PASS=$PASSWORD
As early as possible in your application, import and configure dotenv and then expand dotenv:
const dotenv = require('dotenv')
const dotenvExpand = require('dotenv-expand')
dotenvExpand(dotenv.config())
console.log(process.env) // remove this after you've confirmed it is expanding
That's it. process.env now has the expanded keys and values you defined in your .env file.
dotenvExpand(dotenv.config())
...
connectdb(process.env.DB_PASS)
Note: Consider using
dotenvxinstead of preloading. I am now doing (and recommending) so.It serves the same purpose (you do not need to require and load dotenv), has built-in expansion support, adds better debugging, and works with ANY language, framework, or platform. – motdotla
You can use the --require (-r) command line option to preload dotenv & dotenv-expand. By doing this, you do not need to require and load dotenv or dotenv-expand in your application code. This is the preferred approach when using import instead of require.
$ node -r dotenv-expand/config your_script.js
The configuration options below are supported as command line arguments in the format dotenv_config_<option>=value
$ node -r dotenv-expand/config your_script.js dotenv_config_path=/custom/path/to/your/env/vars
Additionally, you can use environment variables to set configuration options. Command line arguments will precede these.
$ DOTENV_CONFIG_<OPTION>=value node -r dotenv-expand/config your_script.js
$ DOTENV_CONFIG_ENCODING=latin1 node -r dotenv-expand/config your_script.js dotenv_config_path=/custom/path/to/.env
See tests/.env.test for simple and complex examples of variable expansion in your .env
file.
dotenv-expand exposes one function:
expand will expand your environment variables.
const env = {
parsed: {
BASIC: 'basic',
BASIC_EXPAND: '${BASIC}',
BASIC_EXPAND_SIMPLE: '$BASIC'
}
}
console.log(dotenvExpand.expand(env))
Default: process.env
Specify an object to write your secrets to. Defaults to process.env environment variables.
const myEnv = {}
const env = {
processEnv: myEnv,
parsed: {
HELLO: 'World'
}
}
dotenvExpand.expand(env)
console.log(myEnv.HELLO) // World
console.log(process.env.HELLO) // undefined
The expansion engine roughly has the following rules:
$KEY will expand any env with the name KEY${KEY} will expand any env with the name KEY\$KEY will escape the $KEY rather than expand${KEY:-default} will first attempt to expand any env with the name KEY. If not one, then it will return default${KEY-default} will first attempt to expand any env with the name KEY. If not one, then it will return defaultYou can see a full list of rules here.
process.env, for example pas$word)?Modify your dotenv.config to write to an empty object and pass that to dotenvExpand.processEnv.
const dotenv = require('dotenv')
const dotenvExpand = require('dotenv-expand')
const myEnv = dotenv.config({ processEnv: {} }) // prevent writing to `process.env`
dotenvExpand.expand(myEnv)
See CONTRIBUTING.md
See CHANGELOG.md
FAQs
Expand environment variables using dotenv
The npm package dotenv-expand receives a total of 12,264,379 weekly downloads. As such, dotenv-expand popularity was classified as popular.
We found that dotenv-expand demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.
Security News
GitHub is susceptible to a CDN flaw that allows attackers to host malware on any public repository.