Product
Socket Now Supports pylock.toml Files
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
By Trevor Norris - Jun 05, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
envdotjs
Store your environment variables in a dynamic env.js file and encrypt so you can commit your variables to source control.
envdotjs
Store your environment variables in a dynamic env.js file and encrypt so you can commit your variables to source control.
Installation
With yarn:
yarn add envdotjs
Or with npm:
npm install --save envdotjs
Basic Usage
Add an env.js file to the root of your project:
module.exports = {
SOME_VARIABLE: '123'
}
Then as early as possible in your application:
require('envdotjs').load()
envdotjs will attempt to load an encrypted file (env.js.enc) first. If it's not found it will then load env.js. Encryption is obviously preferable if you want to keep your environment variables in source control. See below for information on encryption.
Encryption Key
If you want to encrypt your variables, you first need to set a key. There are 3 ways to do this.
Setting your key with a file
Create a env.js.key file in the root of your project containing whatever key you want to use. envdotjs will automatically find this file and use it to encrypt and unencrypt the contents of your env.js file. Make sure you don't check this file or your env.js file into source control.
Setting your key in the environment
You can also set a variable in the environment called ENVDOTJS_KEY with the value of your key. If you also have a env.js.key file and the environment variable set, the environment variable will get used.
Setting your key with options
If you need more control over where the key is, you can also set it in the options during the load:
require('envdotjs').load({
key: 'some-secure-key'
})
Options
key: Sets encryption key. Defaults to process.env.ENVDOTJS_KEY, then contents of env.js.key.path: Path to your encrypted or unencrypted environment file. Defaults to env.js.enc, then env.js.strict: Set to true if you want endotjs to throw an error if something goes wrong. By default, it will just log a warning to the console.
Encryption
You can encrypt files using the node module itself, but it's more convenient to use the CLI.
Installation
npm install --global envdotjs
Usage
envdotjs encrypt
This will encrypt your env.js file using the key that's location in your env.js.key file. For more advanced usage, check for options with envdotjs --help
Best Practices
- Encrypt your
env.jsfile any time it changes. This will ensure your development environment matches your deploys. - Never commit
env.jsorenv.js.keyfiles to source control
Keywords
FAQs
Store your environment variables in a dynamic env.js file and encrypt so you can commit your variables to source control.
The npm package envdotjs receives a total of 0 weekly downloads. As such, envdotjs popularity was classified as not popular.
We found that envdotjs demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Package last updated on 23 Jul 2018
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Research
Destructive npm Packages Disguised as Utilities Enable Remote System Wipe
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.
By Kush Pandya - Jun 05, 2025
Research
Security News
Malicious Ruby Gems Exfiltrate Telegram Tokens and Messages Following Vietnam Ban
Malicious Ruby gems typosquat Fastlane plugins to steal Telegram bot tokens, messages, and files, exploiting demand after Vietnam’s Telegram ban.
By Kirill Boychenko - Jun 03, 2025