dotenv - npm Package Compare versions

Comparing version 0.0.1 to 0.0.2

lib/main.js

 "use strict";
 
-var fs = require('fs');
+var package_json  = require('./../package.json');
+var fs            = require('fs');
 
 function dotenv() {
   dotenv = {
+    version: package_json.version,
     environment: process.env.NODE_ENV || "development",
@@ -25,2 +27,3 @@
           var value           = key_value_array[1].trim();
+          value               = value.replace(/['"]/gm, '');
 
@@ -27,0 +30,0 @@ process.env[key]    = value;

package.json

 {
   "name": "dotenv",
-  "version": "0.0.1",
+  "version": "0.0.2",
   "description": "Loads environment variables from .env",
@@ -5,0 +5,0 @@ "main": "lib/main.js",

README.md

@@ -7,2 +7,4 @@ # dotenv
 
+As early as possible in your application require dotenv and load the .env variables. 
+
 ```javascript
@@ -13,6 +15,33 @@ var dotenv = require('dotenv');
 
-## Contributions
+## Usage
 
-Contributions are very welcome. To run the tests, run:
+Add your application configuration to your .env file in the root of your project:
 
+```
+S3_BUCKET=YOURS3BUCKET
+SECRET_KEY=YOURSECRETKEYGOESHERE
+SENDGRID_USERNAME=YOURSENDGRIDUSERNAME
+SENDGRID_PASSWORD=YOURSENDGRIDPASSWORDGOESHERE
+```
+
+Whenever your application loads, these variables will be available in `process.env`:
+
+```javascript
+var sendgrid_username = process.env.SENDGRID_USERNAME;
+```
+
+## Should I commit my .env file?
+
+Try not to commit your .env file to version control. It is best to keep it local to your machine and local on any machine you deploy to. Keep production credential .envs on your production machines, and keep development .envs on your local machine.
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Added some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request
+
+## Running tests
+
 ```bash
@@ -19,0 +48,0 @@ npm test

test/main.js

@@ -5,12 +5,29 @@ var assert      = require('assert'),
 
+var result;
+
 describe('dotenv', function() {
+  before(function() {
+    result = dotenv();
+  });
+
+  it('version should be set', function() {
+    result.version.should.eql("0.0.2"); 
+  });
+
   describe('.load()', function() {
-    it('sets the environment variables', function() {
-      var result = dotenv();
+    before(function() {
+      result.load();
+    });
 
-      result.load();
-      
+    it('sets the basic environment variables', function() {
       process.env.BASIC.should.eql("basic");
     });
+
+    it('sets double quotes environment variables', function() {
+      process.env.DOUBLE_QUOTES.should.eql("double_quotes");
+    });
+    it('sets single quotes environment variables', function() {
+      process.env.SINGLE_QUOTES.should.eql("single_quotes");
+    });
   });
 });

New alerts

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 2 instances in 1 package

Improved metrics

Total package byte prevSize

3889

70.05%

Lines of code

64

36.17%

Number of lines in readme file

49

145%

Worsened metrics

Number of low supply chain risk alerts

6

50%

No dependency changes