Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
Gitenvs
Save your environment variables in git – encrypted.
Gitenvs is a tool that lets you securely store environment variables in your git repository by encrypting them with public/private key pairs. It provides a modern web UI for managing variables across multiple environments and files, with features like importing from .env files, linking shared variables in monorepos, and granular access control through environment-specific encryption keys.
✨ Features
- Multi env file support: Useful for monorepos with different apps and different environments.
- Link env vars between files: Link env vars between files. Useful if you have a shared env var in a monorepo.
- Decrypt env vars in the UI to check the content. Can be toggled per stage.
- Import existing env vars:
- Import .env files in your project folder.
- Import by pasting .env contents in the UI.
- Import directly from vercel.
- Fully keyboard navigable: Use arrow keys and shortcuts to navigate through the UI.
- .env or .ts: You can use .env or .ts files to write your environment variables.
- Public/Private key encryption: Everyone can encrypt env vars, but only those with the private key can decrypt them.
🚀 How to Run
Just run
npx gitenvs
A UI is automatically opened in your browser. Run through the wizard to set up gitenvs.
🤔 Why?
- Consistency: You can easily share your environment variables with your team. Run
git pull mainand you have the latest environment variables. - Encrypted: Your environment variables are encrypted and securely stored in your repository.
- Branch-specific environments: Maintain different environment variables per (feature-) branch and automatically apply them when merging, eliminating manual configuration in production.
- Multi-stage environments: Maintain separate environment variables for development, staging, and production environments.
- Access Control: Developers only have access to development environment variables through a development-specific encryption passphrase. Without the staging/production passphrases, they cannot decrypt environment variables for those environments.
FAQs
Store your environment variables in git – encrypted.
We found that gitenvs demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Package last updated on 22 Jan 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025
Application Security
/Research
/Security News
Updated and Ongoing Supply Chain Attack Targets CrowdStrike npm Packages
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.
By Kush Pandya, Peter van der Zee, Olivia Brown, Socket Research Team - Sep 16, 2025