Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
The std-env npm package is designed to help developers easily determine the environment their code is running in. It provides a straightforward way to check if the current environment is development, production, test, or a CI (Continuous Integration) environment. This can be particularly useful for configuring applications differently based on the environment or for including/excluding certain features or outputs based on where the code is running.
Check if the environment is development
This feature allows you to check if your code is running in a development environment. It's useful for enabling debug logs or development-specific features.
const isDev = require('std-env').isDev;
console.log(isDev); // true if in a development environment
Check if the environment is production
This feature enables you to determine if your application is running in a production environment, which is useful for enabling optimizations or features that should only be available in production.
const isProd = require('std-env').isProd;
console.log(isProd); // true if in a production environment
Check if the environment is test
With this feature, you can easily identify if your code is being executed in a test environment, allowing you to adjust configurations or disable certain functionalities during testing.
const isTest = require('std-env').isTest;
console.log(isTest); // true if in a test environment
Check if running in a CI environment
This feature helps in detecting if your application is running in a CI environment, which can be crucial for configuring CI-specific settings or behaviors.
const isCI = require('std-env').isCI;
console.log(isCI); // true if running in a Continuous Integration environment
cross-env allows you to set and use environment variables across platforms. It's similar to std-env in the sense that it helps manage environment-specific settings, but it focuses more on setting environment variables rather than detecting the environment.
dotenv is a package that loads environment variables from a .env file into process.env. While it serves a different purpose by managing environment variables, it complements std-env's functionality by allowing developers to configure their applications based on the detected environment.
Runtime agnostic JS utils
# Using npm
npm i std-env
# Using pnpm
pnpm i std-env
# Using yarn
yarn add std-env
// ESM
import { env, isDevelopment, isProduction } from "std-env";
// CommonJS
const { env, isDevelopment, isProduction } = require("std-env");
hasTTY
hasWindow
isDebug
isDevelopment
isLinux
isMacOS
isMinimal
isProduction
isTest
isWindows
platform
isColorSupported
nodeVersion
nodeMajorVersion
You can read more about how each flag works from ./src/flags.ts.
std-env
can automatically detect the current runtime provider based on environment variables.
You can use isCI
and platform
exports to detect it:
import { isCI, provider, providerInfo } from "std-env";
console.log({
isCI, // true
provider, // "github_actions"
providerInfo, // { name: "github_actions", isCI: true }
});
List of well known providers can be found from ./src/providers.ts.
std-env
can automatically detect the current JavaScript runtime based on global variables, following the WinterCG Runtime Keys proposal:
import { runtime, runtimeInfo } from "std-env";
// "" | "node" | "deno" | "bun" | "workerd" ...
console.log(runtime);
// { name: "node" }
console.log(runtimeInfo);
You can also use individual named exports for each runtime detection:
[!NOTE] When running code in Bun and Deno with Node.js compatibility mode,
isNode
flag will be alsotrue
, indicating running in a Node.js compatible runtime.Use
runtime === "node"
if you need strict check for Node.js runtime.
isNode
isBun
isDeno
isNetlify
isEdgeLight
isWorkerd
isFastly
List of well known providers can be found from ./src/runtimes.ts.
env
std-env
provides a lightweight proxy to access environment variables in a platform agnostic way.
import { env } from "std-env";
process
std-env
provides a lightweight proxy to access process
object in a platform agnostic way.
import { process } from "std-env";
MIT
v3.8.0
FAQs
Runtime agnostic JS utils
The npm package std-env receives a total of 5,542,839 weekly downloads. As such, std-env popularity was classified as popular.
We found that std-env demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.