Comparing version 1.2.0 to 2.0.0
@@ -7,3 +7,3 @@ 'use strict' | ||
/* | ||
* Main entry point into dotenv. Allows configuration before loading .env and .env.$NODE_ENV | ||
* Main entry point into dotenv. Allows configuration before loading .env | ||
* @param {Object} options - valid options: path ('.env'), encoding ('utf8') | ||
@@ -37,4 +37,4 @@ * @returns {Boolean} | ||
return true | ||
} catch(e) { | ||
return parsedObj | ||
} catch (e) { | ||
if (!silent) { | ||
@@ -75,12 +75,2 @@ console.error(e) | ||
// is this value a variable? | ||
if (value.charAt(0) === '$') { | ||
var possibleVar = value.substring(1) | ||
value = obj[possibleVar] || process.env[possibleVar] || '' | ||
} | ||
// varaible can be escaped with a \$ | ||
if (value.substring(0, 2) === '\\$') { | ||
value = value.substring(1) | ||
} | ||
obj[key] = value | ||
@@ -87,0 +77,0 @@ } |
{ | ||
"name": "dotenv", | ||
"version": "1.2.0", | ||
"version": "2.0.0", | ||
"description": "Loads environment variables from .env file", | ||
"main": "lib/main.js", | ||
"scripts": { | ||
"test": "lab test/* --coverage && standard", | ||
"test": "lab test/* --coverage", | ||
"posttest": "npm run lint", | ||
"lint": "standard" | ||
@@ -27,9 +28,10 @@ }, | ||
"devDependencies": { | ||
"lab": "^5.3.0", | ||
"semver": "^4.3.6", | ||
"should": "4.4.2", | ||
"sinon": "1.12.2", | ||
"standard": "^2.10.0" | ||
"babel": "5.8.23", | ||
"lab": "5.17.0", | ||
"semver": "5.0.3", | ||
"should": "7.1.0", | ||
"sinon": "1.16.1", | ||
"standard": "5.3.0" | ||
}, | ||
"dependencies": {} | ||
} |
112
README.md
@@ -5,3 +5,3 @@ # dotenv | ||
Dotenv loads environment variables from `.env` into `ENV` (process.env). | ||
Dotenv is a zero-dependency module that loads environment variables from a `.env` file into [`process.env`](https://nodejs.org/docs/latest/api/process.html#process_process_env). Storing configuration in the environment separate from code is based on [The Twelve-Factor App](http://12factor.net/config) methodology. | ||
@@ -12,15 +12,2 @@ [![BuildStatus](https://img.shields.io/travis/motdotla/dotenv/master.svg?style=flat-square)](https://travis-ci.org/motdotla/dotenv) | ||
> "Storing [configuration in the environment](http://www.12factor.net/config) | ||
> is one of the tenets of a [twelve-factor app](http://www.12factor.net/). | ||
> Anything that is likely to change between deployment environments–such as | ||
> resource handles for databases or credentials for external services–should be | ||
> extracted from the code into environment variables. | ||
> | ||
> But it is not always practical to set environment variables on development | ||
> machines or continuous integration servers where multiple projects are run. | ||
> Dotenv loads variables from a `.env` file into ENV when the environment is | ||
> bootstrapped." | ||
> | ||
> [Brandon Keepers' Dotenv in Ruby](https://github.com/bkeepers/dotenv) | ||
## Install | ||
@@ -34,6 +21,6 @@ | ||
As early as possible in your application, require and load dotenv. | ||
As early as possible in your application, require and configure dotenv. | ||
```javascript | ||
require('dotenv').load(); | ||
require('dotenv').config(); | ||
``` | ||
@@ -80,8 +67,8 @@ | ||
_Alias: `load`_ | ||
`config` will read your .env file, parse the contents, and assign it to | ||
`process.env` - just like `load` does. You can additionally, pass options to | ||
[`process.env`](https://nodejs.org/docs/latest/api/process.html#process_process_env). You can additionally, pass options to | ||
`config`. | ||
Note: `config` and `load` are synonyms. You can pass options to either. | ||
### Options | ||
@@ -152,43 +139,55 @@ | ||
#### Expanding Variables | ||
## FAQ | ||
Basic variable expansion is supported. | ||
### Should I commit my `.env` file? | ||
``` | ||
BASIC=basic | ||
TEST=$BASIC | ||
``` | ||
No. We **strongly** recommend against committing your `.env` file to version | ||
control. It should only include environment-specific values such as database | ||
passwords or API keys. Your production database should have a different | ||
password than your development database. | ||
Parsing that would result in `{BASIC: 'basic', TEST: 'basic'}`. You can escape | ||
variables by quoting or beginning with `\` (e.g. `TEST=\$BASIC`). If the | ||
variable is not found in the file, `process.env` is checked. Missing variables | ||
result in an empty string. | ||
### Should I have multiple `.env` files? | ||
``` | ||
BASIC=basic | ||
TEST=$TEST | ||
DNE=$DNE | ||
``` | ||
No. We **strongly** recommend against having a "main" `.env` file and an "environment" `.env` file like `.env.test`. Your config should vary between deploys, and you should not be sharing values between environments. | ||
```bash | ||
TEST=example node -e 'require("dotenv").config();' | ||
> In a twelve-factor app, env vars are granular controls, each fully orthogonal to other env vars. They are never grouped together as “environments”, but instead are independently managed for each deploy. This is a model that scales up smoothly as the app naturally expands into more deploys over its lifetime. | ||
> | ||
> – [The Twelve-Factor App](http://12factor.net/config) | ||
### What happens to environment variables that were already set? | ||
We will never modify any environment variables that have already been set. In particular, if there is a variable in your `.env` file which collides with one that already exists in your environment, then that variable will be skipped. This behavior allows you to override all `.env` configurations with a machine-specific environment, although it is not recommended. | ||
### Can I customize/write plugins for dotenv? | ||
For `dotenv@2.x.x`: Yes. `dotenv.config()` now returns an object representing | ||
the parsed `.env` file. This gives you everything you need to continue | ||
setting values on `process.env`. For example: | ||
```js | ||
var dotenv = require('dotenv') | ||
var variableExpansion = require('dotenv-expand') | ||
const myEnv = dotenv.config() | ||
variableExpansion(myEnv) | ||
``` | ||
- `process.env.BASIC` would equal `basic` | ||
- `process.env.TEST` would equal `example` | ||
- `process.env.DNE` would equal `""` | ||
### What about variable expansion? | ||
## FAQ | ||
For `dotenv@2.x.x`: Use [dotenv-expand](https://github.com/motdotla/dotenv-expand). | ||
### Should I commit my .env file? | ||
For `dotenv@1.x.x`: We haven't been presented with a compelling use case for expanding variables and believe it leads to env vars that are not "fully orthogonal" as [The Twelve-Factor App](http://12factor.net/config) outlines.<sup>[[1](https://github.com/motdotla/dotenv/issues/39)][[2](https://github.com/motdotla/dotenv/pull/97)]</sup> Please open an issue if you have a compelling use case. | ||
No. We **strongly** recommend against committing your .env file to version | ||
control. It should only include environment-specific values such as database | ||
passwords or API keys. Your production database should have a different | ||
password than your development database. | ||
## Contributing | ||
## Contributing Guide | ||
See [Contributing Guide](Contributing.md) | ||
See [CONTRIBUTING.md](CONTRIBUTING.md) | ||
## Change Log | ||
See [CHANGELOG.md](CHANGELOG.md) | ||
## License | ||
See [LICENSE](LICENSE) | ||
## Who's using dotenv | ||
@@ -199,6 +198,15 @@ | ||
* [npm](https://github.com/npm/newww) | ||
* [sendgrid-nodejs](https://github.com/sendgrid/sendgrid-nodejs) | ||
* [handshake.js](https://github.com/handshakejs/handshakejs-api) | ||
* [google-oauth2-service-account](https://github.com/jacoblwe20/google-oauth2-service-account) | ||
* [kibble](https://github.com/motdotla/kibble) | ||
* [github-streaker](https://github.com/motdotla/github-streaker) | ||
* [jaws](https://github.com/jaws-framework/jaws-core-js) | ||
* [node-lambda](https://github.com/motdotla/node-lambda) | ||
* [resume-cli](https://www.npmjs.com/package/resume-cli) | ||
* [phant](https://www.npmjs.com/package/phant) | ||
* [adafruit-io-node](https://github.com/adafruit/adafruit-io-node) | ||
* [mockbin](https://www.npmjs.com/package/mockbin) | ||
* [and many more...](https://www.npmjs.com/browse/depended/dotenv) | ||
## Go well with dotenv | ||
Here's some projects that expand on dotenv. Check them out. | ||
* [require-environment-variables](https://github.com/bjoshuanoah/require-environment-variables) | ||
* [dotenv-safe](https://github.com/rolodato/dotenv-safe) |
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 4 instances in 1 package
207
3
18713
6
9
77