Enforce 12-factor app environment variables in development or production
.env following dotenv formatting. Make
sure to add it to your .gitignore file. Recommended to commit
dummy values in a file example.env as well.npm i -E strict-envconfig.js (or similar):const env = require('strict-env');
/*
* The `config` function expects a mapping of required environment
* variables names to transformer functions. The library provides
* transformers for common use cases, but you can easily provide
* your own.
*/
module.exports = env.config({
BOOLEAN: env.boolean, // Allows values: 'true', 'false', '1', '0'
INTEGER: env.integer,
JSON: env.json, // Any valid input for `JSON.parse`
NUMBER: env.number,
PORT: env.port,
STRING: env.string, // Non-empty string
/*
* Custom transformers must either return the transformed value
* or throw an error. They are invoked with two parameters:
* value - String value of environment variable, or `undefined`
* if not set. (This allows you to specify variables that
* are optional or have default values.)
* name - String name of the target environment variable. You
* sholud use this to generate nice error messages.
*/
CUSTOM: (value, name) => {
if (/\d+/.test(value)) {
return Number(value);
} else {
const message =
`Env. var. should be a non-negative integer: "${name}"`;
throw new Error(message);
}
},
});
// You can also use the `get` function to process single variables.
// This is useful for ES modules!
export const PORT = env.get('PORT', env.port);
const config = require('./config');
console.info(config.CUSTOM); // Will be be a non-negative integer
console.info(config.PORT); // Will be be a valid port number
console.info(config.STRING); // Will be be a non-empty string
// Etc.
// Or use ES modules
import { PORT } from './config';
This library should work with node versions as old as 0.10, thanks to Rollup and Babel. (Please file an issue if that is not the case!)
FAQs
Enforce env vars for 12-factor apps in dev or prod
The npm package strict-env receives a total of 71 weekly downloads. As such, strict-env popularity was classified as not popular.
We found that strict-env demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.