Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

now-env

Package Overview
Dependencies
Maintainers
3
Versions
18
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

now-env

Use `now.json` environment variables while developing

  • 3.1.0
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
77
decreased by-54.71%
Maintainers
3
Weekly downloads
 
Created
Source

now-env

With the help of this package, you can easily set environment variables for the use in development.

If you're already using a now.json file or the now key in package.json, the env sub property will be assigned to process.env automatically.

In addition, you can store secrets locally, that are specific to the development environment.

IMPORTANT: Do not use this package in production. It should only be used locally, while developing. This is because the secrets that you're using locally shouldn't match the ones you use in production (more secure). In production, you should be adding secrets like this.

Usage

Firstly, install the package from npm:

yarn add now-env

As the last step, register the helper by loading it:

require('now-env')

That's all, you can now check process.env for the environment variables!

If your application is running inside Now cloud then this module is not going to do anything and let Now set your environment variables.

If using this with Next.js, follow the example at next.js/examples/with-now-env to make sure now-env only runs on the server at build time.

Secrets

Most probably you will want to use secret keys in your now.json file. This module allow you to use them too without worries in development.

Create a now.json with some secret defined as @secret-name, similar to:

{
  "env": {
    "SECRET": "@my-secret-key",
    "ANOTHER_SECRET": "@my-other-secret-key",
    "SECRET_FAIL": "@this-is-not-defined"
  }
}

Then create a now-secrets.json with the secrets names and values.

{
  "@my-secret-key": "keep-it-secret",
  "@my-other-secret-key": "keep-it-secret-too"
}

This file must be ignored to actually keep them secret.

Then when starting your application now-env will read the now.json and get the values from now-secrets.json. If a environment key can't be found in now-secrets.json (or the file doesn't exists) then is going to use the secret name as value, that means if DB_PASS is @db_pass and you don't define it inside now-secrets.json then the value will be @db_pass.

Required Variables

Now supports using the env key as an array of required values you'll need to provide when deploying. This module also allow you to use them in development.

Create a now.json with the array, similar to:

{
  "env": [
    "REQUIRED_KEY",
    "REQUIRED_SECRET"
  ]
}

Then create a now-required.json with the environment keys and values.

{
  "REQUIRED_KEY": "required-value",
  "REQUIRED_SECRET": "@required-secret"
}

You can also use secrets, for that you will need to create a now-secrets.json too.

Then when starting your application now-env will read the now.json and get the values from now-required.json (and now-secrets.json). If a environment key can't be found in now-required.json then is going to throw a reference error.

Migrating from dotenv

If you're already using the dotenv module you can switch to now-env easily:

  1. Create a now.json file with the env key with every environment variable
  2. Install now-env
  3. Change require('dotenv').config() with require('now-env')
  4. That's it!

Keywords

FAQs

Package last updated on 21 Jun 2018

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc