Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
grunt-envpreprocess
Advanced tools
A task for replacing environment-specific variables in a specified file or directory. Environment variables are specified in an external .json file.
preprocess environment variables
This plugin requires Grunt ~0.4.5
If you haven't used Grunt before, be sure to check out the Getting Started guide, as it explains how to create a Gruntfile as well as install and use Grunt plugins. Once you're familiar with that process, you may install this plugin with this command:
npm install grunt-envpreprocess --save-dev
Once the plugin has been installed, it may be enabled inside your Gruntfile with this line of JavaScript:
grunt.loadNpmTask('grunt-envpreprocess');
Text search and replacement in files is powered by the core of grunt-text-replace.
In your project's Gruntfile, add a section named envpreprocess
to the data object passed into grunt.initConfig()
.
grunt.initConfig({
envpreprocess:{
dev:{
files:{
src: 'config/env.json'
},
options:{
replacePath: ['dev_build/**/*.*'],
environment: 'dev'
}
},
prod:{
files:{
src: 'config/env.json'
},
options:{
replacePath: ['dist_build/**/*.*'],
environment: 'prod'
}
}
}
});
(note that if you don't specify dev.options.environment
, it will use the target, which in that case is dev
)
When the task is run, you'll see a log output like this
Running "envpreprocess:prod" (envpreprocess) task
Reading ENV variables from config/env.json
Replaced all ENV variables in prod_build/**/*.*
Type: String
The path of files to have ENV variables replaced with the preprocessor.
Type: String
Default value: dev
Which environment to use when retrieving ENV variables from the .json file. If given "*", any environment that isn't specified will use that value.
Environment variables are defined in the config file located at the specified 'files.src' file. For each variable you must define a value for each environment, or use "*" to apply it to any environments that don't have a value specified. This is an example of such file
{
"APP_NAME": {
"dev": "AppDev",
"prod": "AppProd"
},
"APP_VERSION": {
"*": "0.1.0"
},
"API_BASE": {
"dev": "http://localhost:8000",
"prod": "https://www.mysite.com/api"
}
}
Then in a file you want an ENV variable to be replaced, use something like this
<head>
<title>ENV.APP_NAME</title>
</head>
<script src="ENV.API_BASE/user/create">
var version = "ENV.APP_VERSION";
alert(version);
If you run 'grunt envpreprocess' with options.environment="dev", it will produce
<head>
<title>AppDev</title>
</head>
<script src="http://localhost:8000/user/create">
var version = "0.1.0";
alert(version);
Similarly, if you run 'grunt envpreprocess' with options.environment="prod", it will produce
<head>
<title>AppProd</title>
</head>
<script src="https://www.mysite.com/api/user/create">
var version = "0.1.0";
alert(version);
You can run a simple demo by cloning this repo and running grunt
. In the demo/
directory there is test.html
and demo/config/env.json
to demonstrate how to define environment variables and use them in HTML/JS. Running grunt
will copy test.html
to demo/build_output/
and then envpreprocess
will be run to replace the environment variables inside the build output file.
Note that this is going to modify the files that you point it to. This means that you shouldn't point this task at your actual source files, but at a separate build folder containing a copy of the source.
0.1.0 - Initial release. Functionality is working. Not tested. 0.1.1 - added demo 0.1.2 - accepted PR from nicolasbd to use target as environment if not specified in options
FAQs
A task for replacing environment-specific variables in a specified file or directory. Environment variables are specified in an external .json file.
We found that grunt-envpreprocess demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.