Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya - Dec 24, 2025
Gitenvs
Save your environment variables in git – encrypted.
Gitenvs is a tool that lets you securely store environment variables in your git repository by encrypting them with public/private key pairs. It provides a modern web UI for managing variables across multiple environments and files, with features like importing from .env files, linking shared variables in monorepos, and granular access control through environment-specific encryption keys.
✨ Features
- Multi env file support: Useful for monorepos with different apps and different environments.
- Link env vars between files: Link env vars between files. Useful if you have a shared env var in a monorepo.
- Decrypt env vars in the UI to check the content. Can be toggled per stage.
- Import existing env vars:
- Import .env files in your project folder.
- Import by pasting .env contents in the UI.
- Import directly from vercel.
- Fully keyboard navigable: Use arrow keys and shortcuts to navigate through the UI.
- .env or .ts: You can use .env or .ts files to write your environment variables.
- Public/Private key encryption: Everyone can encrypt env vars, but only those with the private key can decrypt them.
🚀 How to Run
Just run
npx gitenvs
A UI is automatically opened in your browser. Run through the wizard to set up gitenvs.
🤔 Why?
- Consistency: You can easily share your environment variables with your team. Run
git pull mainand you have the latest environment variables. - Encrypted: Your environment variables are encrypted and securely stored in your repository.
- Branch-specific environments: Maintain different environment variables per (feature-) branch and automatically apply them when merging, eliminating manual configuration in production.
- Multi-stage environments: Maintain separate environment variables for development, staging, and production environments.
- Access Control: Developers only have access to development environment variables through a development-specific encryption passphrase. Without the staging/production passphrases, they cannot decrypt environment variables for those environments.
FAQs
Store your environment variables in git – encrypted.
We found that gitenvs demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Package last updated on 22 Jan 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding - Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko - Dec 23, 2025