New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

read-env-file

Package Overview
Dependencies
Maintainers
1
Versions
6
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

read-env-file

Utilities for reading environment variable names & values from files in ".env" format

latest
Source
npmnpm
Version
2.0.3-0
Version published
Maintainers
1
Created
Source

read-env-file

CircleCI npm: version types

Utilities for reading environment variable names & values from files in ".env" format

  ✔ Reads key/value pairs
  ✔ Handles commented & empty lines
  ✔ Allows spaces in quoted values
  ✔ Allows assignment operators in quoted values
  ✔ Reads from "./.env" when no path arg supplied
  ✔ Merges the results of multiple input files

  ✔ Invalid Format (missing key)
  ✔ Invalid Format (missing value)
  ✔ Invalid Format (missing assignment)
  ✔ Invalid Format (space in key)
  ✔ Invalid Format (space in unquoted value)
  ✔ Invalid Format (multiple assignment operators)
  ✔ Invalid Format Error contains accurate line number

Installation

yarn add read-env-file
# or
npm i read-env-file

Usage

Typescript-friendly (type declarations included)

# path/to/.env
key1=foo
key2=bar

# path/.env
key1=foobar
key3=baz

// path/to/dir/index.js
const { readSingle, readMultiple } = require('read-env-file');

readSingle(); // Attempts to read from ./.env

readSingle('path/to/.env');
// Promise<{key1: 'foo', key2: 'bar'}>

readSingle.sync('path/to/.env');
// {key1: 'foo', key2: 'bar'}

readMultiple(['path/to/.env', 'path/.env']);
// Promise<{key1: 'foobar', key2: 'bar', key3: 'baz'}>

readMultiple.sync(['path/to/.env', 'path/.env']);
// {key1: 'foobar', key2: 'bar', key3: 'baz'}

File Formatting

Valid

  • comments and blank lines are ignored
  • values quoted (with ', ", or backtick) to include spaces and = character
  • spaces around keys and values are ignored

Examples:

key=value
# comment starts with "#" (ignored)

# whitespace is trimmed from keys and values
key = value
key =value
key= value

# whitespace in quoted values preserved
key="value with spaces'

# Assignment operators in quoted values preserved
key="value=abc"

Invalid (throws Error)

Errors are informative and specify the cause, file, and line number:

Invalid file format (multiple assignment operators) at /some/path/.env:12

The following conditions cause an invalid format error:

CauseError Mssage
missing keykey undefined
missing valuevalue undefined
missing assignmentvalue undefined
space in keyinvalid spacing
space in unquoted valueinvalid spacing
multiple assignment operatorsmultiple assignment operators

Examples:

# missing key
=value

# missing value
key=

# missing assignment
keyvalue

# space in key
k e y = value

# space in unquoted value
key=value and words

# multiple assignment operators
key=value=invalid

Dependencies

None

License

MIT

Keywords

env
dotenv
.env
env-var

FAQs

Package last updated on 22 Mar 2020

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Axios Maintainer Confirms Social Engineering Attack Behind npm Compromise

Security News

Axios Maintainer Confirms Social Engineering Attack Behind npm Compromise

Axios compromise traced to social engineering, showing how attacks on maintainers can bypass controls and expose the broader software supply chain.

By Sarah Gooding  -  Apr 02, 2026