![Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack](https://cdn.sanity.io/images/cgdhsj6q/production/6af25114feaaac7179b18127c83327568ff592d1-1024x1024.webp?w=800&fit=max&auto=format)
Security News
Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
env-cmd
Advanced tools
Changelog
8.0.1
Readme
A simple node program for executing commands using an environment from an env file.
npm install env-cmd
or npm install -g env-cmd
Environment file ./test/.env
# This is a comment
ENV1=THANKS
ENV2=FOR ALL
ENV3=THE FISH
Package.json
{
"scripts": {
"test": "env-cmd ./test/.env mocha -R spec"
}
}
or
Terminal
./node_modules/.bin/env-cmd ./test/.env node index.js
--fallback
file usage optionYou can specify an .env.local
(or any name) env file, add that to your .gitignore
and use that in your local development environment. Then you can use a regular .env
file in root directory with production configs that can get committed to a private/protected repo. When env-cmd
cannot find the .env.local
file it will fallback to looking for a regular .env
file.
Environment file ./.env.local
# This is a comment
ENV1=THANKS
ENV2=FOR ALL
ENV3=THE FISH
Fallback Environment file ./.env
# This can be used as an example fallback
ENV1=foo
ENV2=bar
ENV3=baz
ENV4=quux
ENV5=gorge
Package.json
uses ./.env
as a fallback
{
"scripts": {
"test": "env-cmd --fallback ./.env.local mocha -R spec"
}
}
or
Terminal
# uses ./.env as a fallback, because it can't find `./.env.local`
./node_modules/.bin/env-cmd ./.env.local node index.js
.rc
file usageFor more complex projects, a .env-cmdrc
file can be defined in the root directory and supports as many environments as you want. Instead of passing the path to a .env
file to env-cmd
, simply pass the name of the environment you want to use thats in your .env-cmdrc
file. You may also use multiple environment names to merge env vars together.
.rc file .env-cmdrc
{
"development": {
"ENV1": "Thanks",
"ENV2": "For All"
},
"test": {
"ENV1": "No Thanks",
"ENV3": "!"
},
"production": {
"ENV1": "The Fish"
}
}
Terminal
./node_modules/.bin/env-cmd production node index.js
# Or for multiple environments (where `production` vars override `test` vars,
# but both are included)
./node_modules/.bin/env-cmd test,production node index.js
--no-override
optionSometimes you want to set env variables from a file without overriding existing process env vars or shell env vars.
Terminal
ENV1=welcome ./node_modules/.bin/env-cmd --no-override ./test/.env node index.js
These are the currently accepted environment file formats. If any other formats are desired please create an issue.
key=value
.env-cmdrc
file (as valid json) in execution directoryThis lib attempts to follow standard bash
path rules. The rules are as followed:
Home Directory = /Users/test
Working Directory = /Users/test/Development/app
Type | Input Path | Expanded Path |
---|---|---|
Absolute | /some/absolute/path.env | /some/absolute/path.env |
Home Directory with ~ | ~/starts/on/homedir/path.env | /Users/test/starts/on/homedir/path.env |
Relative | ./some/relative/path.env or some/relative/path.env | /Users/test/Development/app/some/relative/path.env |
Relative with parent dir | ../some/relative/path.env | /Users/test/Development/some/relative/path.env |
Because sometimes its just too cumbersome passing lots of environment variables to scripts. Its usually just easier to have a file with all the vars in them, especially for development and testing.
Do not commit sensitive environment data to a public git repo!
cross-env
- Cross platform setting of environment scripts
Special thanks to cross-env
for inspiration (use's the same cross-spawn
lib underneath too).
I welcome all pull requests. Please make sure you add appropriate test cases for any features added. Before opening a PR please make sure to run the following scripts:
npm run lint
checks for code errors and formats according to js-standardnpm test
make sure all tests passnpm run test-cover
make sure the coverage has not decreased from current masterFAQs
Executes a command using the environment variables in an env file
The npm package env-cmd receives a total of 789,011 weekly downloads. As such, env-cmd popularity was classified as popular.
We found that env-cmd demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
Security News
OpenSSF is warning open source maintainers to stay vigilant against reputation farming on GitHub, where users artificially inflate their status by manipulating interactions on closed issues and PRs.
Security News
A JavaScript library maintainer is under fire after merging a controversial PR to support legacy versions of Node.js.