📅 You're Invited: Meet the Socket team at RSAC (April 28 – May 1).RSVP
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

dotenv-override-true

Package Overview
Dependencies
Maintainers
1
Versions
3
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

dotenv-override-true

It's dotenv, but by default overrides system environment variables

6.2.2
latest
Source
npm
Version published
Maintainers
1
Created
Source

dotenv-override-true

It's dotenv, but by default overrides system environment variables.

This project is a fork of motdotla/dotenv. The difference is this project by default overrides system environment variables.

Why?

You can

node -r dotenv-override-true/config index.js

to use your own environment variables in .env without changing any code in index.js.

The original project doesn't have an easy way to achieve above.

dotenv

dotenv

Dotenv is a zero-dependency module that loads environment variables from a .env file into process.env. Storing configuration in the environment separate from code is based on The Twelve-Factor App methodology.

BuildStatus Build status NPM version js-standard-style Coverage Status

Install

# with npm
npm install dotenv

# or with Yarn
yarn add dotenv

Usage

As early as possible in your application, require and configure dotenv.

require('dotenv').config()

Create a .env file in the root directory of your project. Add environment-specific variables on new lines in the form of NAME=VALUE. For example:

DB_HOST=localhost
DB_USER=root
DB_PASS=s1mpl3

That's it.

process.env now has the keys and values you defined in your .env file.

const db = require('db')
db.connect({
  host: process.env.DB_HOST,
  username: process.env.DB_USER,
  password: process.env.DB_PASS
})

Preload

You can use the --require (-r) command line option to preload dotenv. By doing this, you do not need to require and load dotenv in your application code. This is the preferred approach when using import instead of require.

$ node -r dotenv/config your_script.js

The configuration options below are supported as command line arguments in the format dotenv_config_<option>=value

$ node -r dotenv/config your_script.js dotenv_config_path=/custom/path/to/your/env/vars

Additionally, you can use environment variables to set configuration options. Command line arguments will precede these.

$ DOTENV_CONFIG_<OPTION>=value node -r dotenv/config your_script.js

$ DOTENV_CONFIG_ENCODING=latin1 node -r dotenv/config your_script.js dotenv_config_path=/custom/path/to/.env

Config

Alias: load

config will read your .env file, parse the contents, assign it to process.env, and return an Object with a parsed key containing the loaded content or an error key if it failed.

const result = dotenv.config()

if (result.error) {
  throw result.error
}

console.log(result.parsed)

You can additionally, pass options to config.

Options

Path

Default: path.resolve(process.cwd(), '.env')

You may specify a custom path if your file containing environment variables is located elsewhere.

require('dotenv').config({ path: '/full/custom/path/to/your/env/vars' })

Encoding

Default: utf8

You may specify the encoding of your file containing environment variables.

require('dotenv').config({ encoding: 'latin1' })

Override

Default: true

When set to true, the environment variables from your env file override what is set in process.env.

# .env
PORT=8080

process.env['PORT'] = '3000'
require('dotenv').config()
console.log(process.env['PORT']) // prints 8080

Debug

Default: false

You may turn on logging to help debug why certain keys or values are not being set as you expect.

require('dotenv').config({ debug: process.env.DEBUG })

Parse

The engine which parses the contents of your file containing environment variables is available to use. It accepts a String or Buffer and will return an Object with the parsed keys and values.

const dotenv = require('dotenv')
const buf = Buffer.from('BASIC=basic')
const config = dotenv.parse(buf) // will return an object
console.log(typeof config, config) // object { BASIC : 'basic' }

Options

Debug

Default: false

You may turn on logging to help debug why certain keys or values are not being set as you expect.

const dotenv = require('dotenv')
const buf = Buffer.from('hello world')
const opt = { debug: true }
const config = dotenv.parse(buf, opt)
// expect a debug message because the buffer is not in KEY=VAL form

Rules

The parsing engine currently supports the following rules:

  • BASIC=basic becomes {BASIC: 'basic'}
  • empty lines are skipped
  • lines beginning with # are treated as comments
  • empty values become empty strings (EMPTY= becomes {EMPTY: ''})
  • single and double quoted values are escaped (SINGLE_QUOTE='quoted' becomes {SINGLE_QUOTE: "quoted"})
  • new lines are expanded if in double quotes (MULTILINE="new\nline" becomes
{MULTILINE: 'new
line'}
  • inner quotes are maintained (think JSON) (JSON={"foo": "bar"} becomes {JSON:"{\"foo\": \"bar\"}")
  • whitespace is removed from both ends of the value (see more on trim) (FOO=" some value " becomes {FOO: 'some value'})

FAQ

Should I commit my .env file?

No. We strongly recommend against committing your .env file to version control. It should only include environment-specific values such as database passwords or API keys. Your production database should have a different password than your development database.

Should I have multiple .env files?

No. We strongly recommend against having a "main" .env file and an "environment" .env file like .env.test. Your config should vary between deploys, and you should not be sharing values between environments.

In a twelve-factor app, env vars are granular controls, each fully orthogonal to other env vars. They are never grouped together as “environments”, but instead are independently managed for each deploy. This is a model that scales up smoothly as the app naturally expands into more deploys over its lifetime.

The Twelve-Factor App

What happens to environment variables that were already set?

By default we will modify any environment variables that have already been set. In particular, if there is a variable in your .env file which collides with one that already exists in your environment, then that variable will be used. If you don't want to override it you can set the override option for config() function to false.

If you don't want to override process.env you can do something like this:

const fs = require('fs')
const dotenv = require('dotenv')
const envConfig = dotenv.config({ override: false })

Can I customize/write plugins for dotenv?

For dotenv@2.x.x: Yes. dotenv.config() now returns an object representing the parsed .env file. This gives you everything you need to continue setting values on process.env. For example:

const dotenv = require('dotenv')
const variableExpansion = require('dotenv-expand')
const myEnv = dotenv.config()
variableExpansion(myEnv)

What about variable expansion?

Try dotenv-expand

How do I use dotenv with import?

ES2015 and beyond offers modules that allow you to export any top-level function, class, var, let, or const.

When you run a module containing an import declaration, the modules it imports are loaded first, then each module body is executed in a depth-first traversal of the dependency graph, avoiding cycles by skipping anything already executed.

ES6 In Depth: Modules

You must run dotenv.config() before referencing any environment variables. Here's an example of problematic code:

errorReporter.js:

import { Client } from 'best-error-reporting-service'

export const client = new Client(process.env.BEST_API_KEY)

index.js:

import dotenv from 'dotenv'
import errorReporter from './errorReporter'

dotenv.config()
errorReporter.client.report(new Error('faq example'))

client will not be configured correctly because it was constructed before dotenv.config() was executed. There are (at least) 3 ways to make this work.

  • Preload dotenv: node --require dotenv/config index.js (Note: you do not need to import dotenv with this approach)
  • Import dotenv/config instead of dotenv (Note: you do not need to call dotenv.config() and must pass options via the command line or environment variables with this approach)
  • Create a separate file that will execute config first as outlined in this comment on #133

Contributing Guide

See CONTRIBUTING.md

Change Log

See CHANGELOG.md

License

See LICENSE

Who's using dotenv

Here's just a few of many repositories using dotenv:

Go well with dotenv

Here's some projects that expand on dotenv. Check them out.

Keywords

dotenv
env
.env
environment
variables
config

FAQs

Package last updated on 12 Sep 2020

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

wget to Wipeout: Malicious Go Modules Fetch Destructive Payload

Research

wget to Wipeout: Malicious Go Modules Fetch Destructive Payload

Socket's research uncovers three dangerous Go modules that contain obfuscated disk-wiping malware, threatening complete data loss.

By Kush Pandya  -  May 01, 2025
A New Overview in our Dashboard

Product

A New Overview in our Dashboard

We redesigned Socket's first logged-in page to display rich and insightful visualizations about your repositories protected against supply chain threats.

By André Staltz  -  Apr 29, 2025