Security News
CISA Brings KEV Data to GitHub
CISA's KEV data is now on GitHub, offering easier access, API integration, commit history tracking, and automated updates for security teams and researchers.
By Sarah Gooding - Jan 29, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
strict-env
Enforce 12-factor app environment variables in development or production
Recommended usage
- Create
.envfollowing dotenv formatting. Make sure to add it to your.gitignorefile. Recommended to commit dummy values in a fileexample.envas well. npm i -E strict-env- In
config.js(or similar):
const env = require('strict-env');
/*
* The `config` function expects a mapping of required environment
* variables names to transformer functions. The library provides
* transformers for common use cases, but you can easily provide
* your own.
*/
module.exports = env.config({
BOOLEAN: env.boolean, // Allows values: 'true', 'false', '1', '0'
INTEGER: env.integer,
JSON: env.json, // Any valid input for `JSON.parse`
NUMBER: env.number,
PORT: env.port,
STRING: env.string, // Non-empty string
/*
* Custom transformers must either return the transformed value
* or throw an error. They are invoked with two parameters:
* value - String value of environment variable, or `undefined`
* if not set. (This allows you to specify variables that
* are optional or have default values.)
* name - String name of the target environment variable. You
* sholud use this to generate nice error messages.
*/
CUSTOM: (value, name) => {
if (/\d+/.test(value)) {
return Number(value);
} else {
const message =
`Env. var. should be a non-negative integer: "${name}"`;
throw new Error(message);
}
},
});
// You can also use the `get` function to process single variables.
// This is useful for ES modules!
export const PORT = env.get('PORT', env.port);
- Use config values in other files:
const config = require('./config');
console.info(config.CUSTOM); // Will be be a non-negative integer
console.info(config.PORT); // Will be be a valid port number
console.info(config.STRING); // Will be be a non-empty string
// Etc.
// Or use ES modules
import { PORT } from './config';
Compatibility
This library should work with node versions as old as 0.10, thanks to Rollup and Babel. (Please file an issue if that is not the case!)
FAQs
Enforce env vars for 12-factor apps in dev or prod
We found that strict-env demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 12 Jan 2018
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Opengrep Emerges as Open Source Alternative Amid Semgrep Licensing Controversy
Opengrep forks Semgrep to preserve open source SAST in response to controversial licensing changes.
By Sarah Gooding - Jan 28, 2025
Security News
Node.js EOL Versions CVE Dubbed the "Worst CVE of the Year" by Security Experts
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
By Sarah Gooding - Jan 24, 2025