Product
Announcing Precomputed Reachability Analysis in Socket
Socket’s precomputed reachability slashes false positives by flagging up to 80% of vulnerabilities as irrelevant, with no setup and instant results.
By Martin Torp - Jul 30, 2025
You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 4-6.RSVP →
Bundle environment variables in Vite at build time startup time!
Motivation
In Vite, import.meta.env variables are set at build time with vite build.
However we often want to enable the person deploying the app to define those values, we don't want to re build every time we need
to change a configuration.
vite-envs facilitates this by enabling to:
docker run --env FOO="xyz" my-org/my-vite-app
Then, access FOO:
- In the TypeScript code as
import.meta.env.FOO - In
index.html, as<title>%FOO%</title>
This eliminates the need to rebuild each time you wish to change some configuration.
More importantly, it allows you to ship a customizable Docker image of your webapp!
Features
- 🔧 Effortless setup: Integrates smoothly, works as your already used to, does not disrupt your Storybook.
- 😌 The
VITE_prefix isn't required. - 🛡️ Type-safe: Type definition for your
import.meta.env. Hot reload enabled! - 🌐
index.html: Use your envs in your HTML file. Example<title>%FOO%</title> - 🧠 Supports computation of env values at build time.
- ⚙️ (Optional) enables to use EJS expressions in your
index.html.<title><%= import.meta.env.FOO.toUpperCase() =></title> - 🔒 Secure: Only injects environment variables explicitly defined in the
.envfile.
You can also choose to declare your variables in another file like.env.declarationif.envis gitignored in your project.
How it works
vite-envs is a Vite plugin.
When you build your app (vite build) it generate a dist/vite-envs.sh script.
When executed, this script updates the dist/index.html by injecting the environment variables
defined on the host running the script.
So, to make the dynamic injection of environment variables take place, you simply need to run the vite-envs.sh script
before starting your web server.
In practice, the diff that you would need to apply to your Dockerfile would look something like this:
Dockerfile
-CMD ["nginx", "-g", "daemon off;"]
+ENTRYPOINT sh -c "./vite-envs.sh && nginx -g 'daemon off;'"
Types
Unrelated to the dynamic injection of environment variables, vite-envs also brings strict typing for import.meta.env.
Demo
Documentation
Usecase example
Onyxia is a Vite app distributed as a Docker image.
Sysadmins that would like to deploy Onyxia on their infrastructure can simply use the official Docker image and provide relevant environnement variable to adjust the theme/branding of the website to their usecase as documented here.
Here are two deployment example:
FAQs
Env var in Vite at container startup
The npm package vite-envs receives a total of 3,554 weekly downloads. As such, vite-envs popularity was classified as popular.
We found that vite-envs demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 03 Jul 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Socket Now Protects the Chrome Extension Ecosystem
Socket is launching experimental protection for Chrome extensions, scanning for malware and risky permissions to prevent silent supply chain attacks.
By Mix Irving, Alexandros Kapravelos, Eli Insua - Jul 30, 2025
Product
Introducing Socket MCP for Claude Desktop
Add secure dependency scanning to Claude Desktop with Socket MCP, a one-click extension that keeps your coding conversations safe from malicious packages.
By Alexandros Kapravelos - Jul 29, 2025