env-verifier
Advanced tools
Quickly verify that incoming variables from process.env aren't missing.
You probably have code that looks like this in your repo:
module.exports = {
database: {
name: process.env.DB_NAME
host: process.env.DB_HOST
password: process.env.DB_PASSWORD
},
baseUrl: process.env.BASE_URL
}
to get up and running quickly with a verified config file, you can replace the above with something like this:
const { strictVerify } = require('env-verifier')
//throws on one or more env misses
module.exports = strictVerify({
database: {
name: 'DB_NAME',
host: 'DB_HOST',
password: 'DB_PASSWORD'
},
baseUrl: 'BASE_URL'
})
This package exposes two verification functions - verify and strictVerify. Use verify (as seen below) when you want to handle reporting missing values, and strictVerify (as seen above) when you want, when any env misses are encountered, us to throw a descriptive error containing all env misses.
Use example for verify:
const { verify } = require('env-verifier')
const { config, errors } = verify({
database: {
name: 'DB_NAME'
host: 'DB_HOST'
password: 'DB_PASSWORD'
},
baseUrl: 'BASE_URL'
})
// do custom error logging, possibly throw your own errors
errors.forEach(console.error)
module.exports = config
You can pass in your own env object as a parameter as long as its an object that is non-nested and has key value pairs with undefined or string as their value type.
You may have values that aren't present on your env object, but that you would like to live in your config object, this can be achieved by using the insert() function.
const { verify, insert } = require('env-verifier')
module.exports = verify({
appName: insert('my_app')
... // other env key names
}).config
//exports:
{
appName: 'my_app'
... // other env values
}
As of env-verifier version 1.2.0, the obfuscation of env secrets is supported.
by wrapping the env key of the secret in the secret function exported by env-verifier, the secret will be retrieved and wrapped in a Secret object (see function specification above).
Note: support for transforming or inserting secrets is not supported at this time.
To retrieve the secret, the reveal function can be called.
What secret obfuscation will do:
JSON.stringify of the config object will replace all secrets with the string '[secret]'What secret obfuscation will not do:
env objectconst { verify, secret } = require('env-verifier')
const env = {
PASSWORD: 'superSecretPassword'
}
const { config } = verify({
password: secret('PASSWORD')
... // other env key names
}, env)
module.exports = config
//exports:
{
password: {
reveal(): string
}
... // other env values
}
config.password.reveal()
// returns:
'superSecretPassword'
console.log(config)
// prints:
// {
// if you're using nodejs:
// password: [secret]
// if you're using other JS environments:
// password: Secret { reveal: [Function] }
// ... other env values
// }
JSON.stringify(config)
// returns
// {
// "password": "[secret]"
// ... other env values
// }
Error reports are generated when an env variable is missing. An env variable is considered missing under the following circumstances:
undefined is returned from the env object.'', is returned from the env object.verify will always return the errors array, but it will be an empty array if there are no env misses.
strictVerify will not throw an error on the first encountered missing env value. Instead it will continue in order to report all missing env variables.
Since process.env only returns strings, sometimes its necessary to transform those strings into something else (IE: transform the string "true" to a boolean true)
This can be done by passing in an array (TransformTuple) containing the env variable name, and the function that you would like to use to transform the env variable value like so:
const config = {
useNewFeature: ['USE_NEW_FEATURE', trueOrFalse => trueOrFalse === 'true'],
... //other env variables
}
verify(config)
Transformation functions will not be run if its corresponding env value is missing.
env-verifier tries to give typescript typings for the config object that it returns, but needs a little help to get the correct types
If you are using TypeScript, you can do the following:
const config: {
a: 'A',
b: insert([1, 2])
c: {
d: ['A', (envValue) => ([envValue])]
}
}
const verifiedConfig = strictVerify(config)
// typings:
// typeof verifiedConfig = {
// a: VerifiedConfig<unknown>
// b: VerifiedConfig<unknown>
// c: VerifiedConfig<unknown>
// }
// add typeof config object
const verifiedConfig = strictVerify<typeof config>(config)
// better typings:
// typeof verifiedConfig = {
// a: string,
// b: number[],
// c: {
// d: (string | (envVerify: any) => any)
// }
// }
// cast TransformTuple types correctly
const config = {
a: 'A',
b: insert([1, 2])
c: {
d: ['A', (envValue) => ([envValue])] as TransformTuple<string>
}
}
const verifiedConfig = strictVerify<typeof config>(config)
// best typings:
// typeof verifiedConfig = {
// a: string,
// b: number[],
// c: {
// d: string
// }
// }
This package is written in TypeScript and is built/distributed for environments that support the majority of the es2016 specification.
This package also works best with projects that have centralized config files, IE: You map your .env variables to a config object in a file, and import/require that config object wherever you need .env values.
Other than that, just install the package and get going!
One of these:
npm install env-verifier
And one of these:
const { verify, strictVerify } = require('env-verifier')
And you're all set.
After you've ran npm install, just run npm test.
We use jest as our testing framework.
Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.
We use SemVer for versioning. For the versions available, see the tags on this repository.
See also the list of contributors who participated in this project.
This project is licensed under the MIT License - see the LICENSE file for details.
FAQs
"Make sure you have all your env variables!"
The npm package env-verifier receives a total of 2 weekly downloads. As such, env-verifier popularity was classified as not popular.
We found that env-verifier demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.
Security News
PyPI now supports digital attestations, enhancing security and trust by allowing package maintainers to verify the authenticity of Python packages.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.