dotenv-safe
Advanced tools
The dotenv-safe npm package is used to load environment variables from a .env file into process.env, ensuring that all necessary environment variables are defined and preventing the application from running if any required variables are missing. It extends the functionality of the dotenv package by adding a layer of safety and validation.
Load Environment Variables
This feature loads environment variables from a .env file into process.env, ensuring that all required variables are defined. If any required variables are missing, it will throw an error and prevent the application from running.
require('dotenv-safe').config();Validation of Required Variables
This feature allows you to specify an example .env file that lists all required environment variables. The package will validate that all variables in the example file are present in the actual .env file, ensuring that no required variables are missing.
require('dotenv-safe').config({ example: './.env.example' });Custom Path for .env File
This feature allows you to specify custom paths for both the .env file and the example file. This is useful if your environment files are located in a different directory.
require('dotenv-safe').config({ path: './config/.env', example: './config/.env.example' });The dotenv package is a simpler version of dotenv-safe. It loads environment variables from a .env file into process.env but does not include validation of required variables. It is useful for basic use cases where validation is not necessary.
The env-cmd package allows you to specify environment variables in a JSON or .env file and load them into your application. It also supports multiple environment files for different environments (e.g., development, production). However, it does not provide the same level of validation as dotenv-safe.
The envalid package is a more advanced alternative that not only loads environment variables but also validates and sanitizes them. It provides a more robust solution for ensuring that environment variables are correctly defined and of the correct type. It is more feature-rich compared to dotenv-safe but may require more setup.
Identical to dotenv, but ensures that all necessary environment variables are defined after reading from .env.
These needed variables are read from .env.example, which should be commited along with your project.
npm install --save dotenv-safe
yarn add dotenv-safe
# .env.example, committed to repo
SECRET=
TOKEN=
KEY=
# .env, private
SECRET=topsecret
TOKEN=
// index.js
require('dotenv-safe').load();
Since the provided .env file does not contain all the variables defined in
.env.example, an exception is thrown:
MissingEnvVarsError: The following variables are defined in .env.example but are not defined in the environment: TOKEN, KEY.
Make sure to add them to .env or directly to the environment.
If you expect any of these missing variables to be empty, you can use the allowEmptyValues option:
require('dotenv-safe').load({
allowEmptyValues: true
});
Not all the variables have to be defined in .env, they can be supplied externally.
For example, the following would work:
$ TOKEN=abc KEY=xyz node index.js
Requiring and loading is identical:
require('dotenv-safe').load();
This will load environment variables from .env as usual, but will also read any variables defined in .env.example.
If any variables are already defined in the environment before reading from .env, they will not be overwritten.
If any variables are missing from the environment, a MissingEnvVarsError will be thrown, which lists the missing variables.
Otherwise, returns an object with the following format:
{
parsed: { SECRET: 'topsecret', TOKEN: '' }, // parsed representation of .env
required: { SECRET: 'topsecret', TOKEN: 'external' } // key/value pairs required by .env.example
// and defined by environment
}
If all the required variables were successfully read but an error was thrown when trying to read the .env file, the error will be included in the result object under the error key.
dotenv-safe compares the actual environment after loading .env (if any) with the example file, so it will work correctly if environment variables are missing in .env but provided through other means such as a shell script.
Same options and methods supported by dotenv.
require('dotenv-safe').load({
allowEmptyValues: true,
sample: './.my-env-sample-filename'
});
allowEmptyValuesIf a variable is defined in the example file and has an empty value in the environment, enabling this option will not throw an error after loading.
Defaults to false.
samplePath to example environment file.
Defaults to .env.example.
I regularly use apps that depend on .env files but don't validate if all the necessary variables have been defined correctly.
Instead of having to document and validate this manually, I prefer to commit a self-documenting .env file (no values, key names only) which can be used as a reference.
FAQs
Load environment variables from .env and ensure they are defined
The npm package dotenv-safe receives a total of 74,200 weekly downloads. As such, dotenv-safe popularity was classified as popular.
We found that dotenv-safe demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.
Security News
PyPI now supports digital attestations, enhancing security and trust by allowing package maintainers to verify the authenticity of Python packages.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.