Security News
The Hidden Blast Radius of the Axios Compromise
The Axios compromise shows how time-dependent dependency resolution makes exposure harder to detect and contain.
By Ahmad Nassri - Apr 01, 2026
New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details → →
Envaid
Improve your experience with environment variables using Envaid and its killer features:
- Fallback: specify a default value to use when a variable does not exist in the environment.
- Parsing: Automatically parse integers, floats, booleans, JSON objects and arrays.
Envaid is based on Strapi's env-helper.
Getting Started
Getting started with Envaid is super easy.
First, install the envaid package with your favorite package manager.
# If you use NPM
npm install envaid
# If you use Yarn
yarn add envaid
# If you use PNPM
pnpm install envaid
Then, import envaid into your project.
const env = require("envaid");
// Or, if you prefer ES modules
import env from "envaid";
Table of Contents
- The
envfunction - The
env.intfunction - The
env.floatfunction - The
env.boolfunction - The
env.jsonfunction - The
env.arrayfunction
Documentation
The env function
Retrieves a variable from the environment and returns the variable or defaultValue when the variable is not set.
defaultType can be a variable of any type.
Examples:
// Returns the value of process.env.JWT_SECRET
const jwtSecret = envaid("JWT_SECRET");
// Returns the value of process.env.JWT_SECRET if it is set, or test otherwise
const jwtSecret = env("JWT_SECRET", "test");
The env.int function
Retrieves a variable from the environment and parses it into an integer, or returns defaultValue when the variable is not set.
defaultValue must be either a number or undefined.
Examples:
// Returns the value of MAX_CONCURRENT_PROCESSES as an integer or undefined if the variable is not set
const maxConcurrentProcesses = env.int("MAX_CONCURRENT_PROCESSES");
// Returns the value of MAX_CONCURRENT_PROCESSES as an integer or 2 if the variable is not set
const maxConcurrentProcesses = env.int("MAX_CONCURRENT_PROCESSES", 2);
The env.float function
Retrieves a variable from the environment and parses it into a floating point number, or returns defaultValue when the variable is not set.
defaultValue must be either a number or undefined.
Examples:
// Returns the value of PI_VALUE as a float or undefined if the variable is not set
const pi = env.float("PI_VALUE");
// Returns the value of PI_VALUE as an integer or 3.14 if the variable is not set
const pi = env.float("PI_VALUE", 3.14);
The env.bool function
Retrieves a variable from the environment and parses it into a boolean value or returns defaultValue when the variable is not set.
Values TRUE, true, 1, YES, yes, ON, and on are parsed as true.
Values FALSE, false, 0, NO, no, OFF, and off are parsed as false.
defaultValue must be either a boolean or undefined.
Examples:
// Returns the value of NOTIFICATIONS_ENABLED as a boolean or undefined if the variable is not set
const notificationsEnabled = env.bool("NOTIFICATIONS_ENABLED");
// Returns the value of NOTIFICATIONS_ENABLED as a boolean or true if the variable is not set
const maxConcurrentProcesses = env.bool("NOTIFICATIONS_ENABLED", true);
The env.json function
Retrieves a variable from the environment and parses it into a JSON object or returns defaultValue when the variable is not set.
defaultValue can be a variable of any type.
Examples:
// Returns the value of CONFIG as a JSON object or undefined if the variable is not set
const config = env.json("CONFIG");
// Returns the value of CONFIG as a JSON object or { foo: "bar" } if the variable is not set
const config = env.json("CONFIG", { foo: "bar" });
The env.array function
Retrieves a variable from the environment and parses it into an array or returns defaultValue when the variable is not set.
Opening and closing brackets, if any, are automatically stripped away from the variables.
defaultValue can be an array of any kind or undefined.
env.array also accepts a trim optional parameter, which defines whether the environment variable and each array element should be trimmed before being returned.
trim is defaulted to true.
Examples:
// Returns the value of APP_KEYS as an array or undefined if the variable is not set
const appKeys = env.json("APP_KEYS");
// Returns the value of APP_KEYS as an array or ["foo", "bar"] if the variable is not set
const appKeys = env.json("APP_KEYS", ["foo", "bar"]);
// Returns the value of process.env.APP_KEYS without trimming it nor the member it parses
// Eg. APP_KEYS = " foo, bar" would return [" foo", " bar"]
const appKeys = env.json("APP_KEYS", undefined, false);
FAQs
A better way to access your environment variables
We found that envaid demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 17 Oct 2022
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Supply Chain Attack on Axios Pulls Malicious Dependency from npm
A supply chain attack on Axios introduced a malicious dependency, plain-crypto-js@4.2.1, published minutes earlier and absent from the project’s GitHub releases.
By Socket Research Team - Mar 31, 2026
Research
TeamPCP Compromises Telnyx Python SDK to Deliver Credential-Stealing Malware
Malicious versions of the Telnyx Python SDK on PyPI delivered credential-stealing malware via a multi-stage supply chain attack.
By Socket Research Team - Mar 27, 2026