dotenv - npm Package Compare versions

Comparing version 0.2.4 to 0.2.5

lib/main.js

@@ -52,3 +52,3 @@ "use strict";
 
-          dotenv.keys_and_values[key] = value;
+          dotenv.keys_and_values[key] = value.trim();
       })
@@ -55,0 +55,0 @@

package.json

 {
   "name": "dotenv",
-  "version": "0.2.4",
+  "version": "0.2.5",
   "description": "Loads environment variables from .env",
@@ -5,0 +5,0 @@ "main": "lib/main.js",

README.md

 # dotenv
 
-Dotenv loads environment variables from .env into ENV (process.env).
+Dotenv loads environment variables from .env into ENV (process.env). It is a superior alternative to [nconf](https://github.com/flatiron/nconf) and other variants.
 
@@ -16,20 +16,25 @@ [![BuildStatus](https://travis-ci.org/scottmotte/dotenv.png?branch=master)](https://travis-ci.org/scottmotte/dotenv)
 
-As early as possible in your application require dotenv and load the .env variables. 
+Add it to your package.json file.
 
 ```javascript
-var dotenv = require('dotenv');
-dotenv.load();
+{
+  ...
+  "dependencies": {
+    ...
+    "dotenv": "0.2.4"
+  }
+}
 ```
 
-IMPORTANT: In pre `0.2.0`, you instantiated dotenv like the following with the bagels. 
+## Usage
 
+As early as possible in your application require dotenv and load the `.env` variables: 
+
 ```javascript
-var dotenv = require('dotenv')();
+var dotenv = require('dotenv');
 dotenv.load();
 ```
 
-## Usage
+Then, create a `.env` file in the root directory of your project. Add the application configuration you want. For example:
 
-Add your application configuration to your .env file in the root of your project:
-
 ```
@@ -46,4 +51,7 @@ S3_BUCKET=YOURS3BUCKET
 var sendgrid_username = process.env.SENDGRID_USERNAME;
+var secret_key        = process.env.SECRET_KEY;
 ```
 
+That's it. You're done.
+
 ## Should I commit my .env file?
@@ -68,1 +76,14 @@
 
+## Who's using dotenv
+
+Here's a list of apps/sites/libraries using dotenv. It's in no way a complete list. 
+
+* [sendgrid-nodejs](https://github.com/sendgrid/sendgrid-nodejs)
+* [handshake.js](https://github.com/handshakejs/handshakejs-api)
+* [xavi](http://xavi.io/)
+* [google-oauth2-service-account](https://github.com/jacoblwe20/google-oauth2-service-account)
+* [kibble](https://github.com/scottmotte/kibble)
+* [flossedtoday](https://github.com/scottmotte/flossedtoday)
+* [github-streaker](https://github.com/scottmotte/github-streaker)
+
+[Create a pull request](https://github.com/scottmotte/dotenv/pulls) and add yours to the list.

test/main.js

@@ -13,3 +13,3 @@ var assert      = require('assert'),
   it('version should be set', function() {
-    result.version.should.eql("0.2.4"); 
+    result.version.should.eql("0.2.5"); 
   });
@@ -60,2 +60,6 @@
 
+    it('should handle zero width unicode characters', function() {
+      process.env.ZERO_WIDTH_CHARACTER.should.eql("user:pass@troup.mongohq.com:1004/dude");
+    });
+
   });
@@ -62,0 +66,0 @@

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

8561

increased by13.87%

Lines of code

118

increased by2.61%

Number of lines in readme file

87

increased by31.82%

Worsened metrics

Number of low supply chain risk alerts

18

increased by5.88%

No dependency changes