protect-env
Advanced tools
A naive implementation of protecting your process.env.
Avoid malicious packages and hackerz. Restrict process.env access to authorized libraries only.
npm i protect-env
Require this project as the very first line in your app.
const rules = {
ENV_VAR_NAME: ['allowed-file.pattern'],
ENV_VAR_NAME_2: ['package-name'],
ENV_VAR_NAME_3: ['*'],
env: ['global-patterns'],
}
require('protect-env')(rules)
/* ... your code ... */
Errors will be thrown if an unapproved library attempts to access your process.env or keys on it. Those libraries will not gain access to your protected env vars.
protect-env uses minimatch for pattern matching. Pass arrays of glob/minimatching patterns for each key.
process.envconst restore = require('protect-env')({
WHATEVER: ['my-file'],
})
process.env.WHATEVER // protected
restore()
process.env.WHATEVER // unprotected
This is a very naive implementation - only protecting your process.env using getters. It does not protect against other ways of accessing your environment variables (like calling external code, file system requires, or other more elegant methods).
npm run test
npm run prettier
MIT
FAQs
A naive way to protect your process.env
The npm package protect-env receives a total of 7 weekly downloads. As such, protect-env popularity was classified as not popular.
We found that protect-env demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
Security News
cURL and Go security teams are publicly rejecting CVSS as flawed for assessing vulnerabilities and are calling for more accurate, context-aware approaches.
Security News
Bun 1.2 enhances its JavaScript runtime with 90% Node.js compatibility, built-in S3 and Postgres support, HTML Imports, and faster, cloud-first performance.