with-env - npm Package Compare versions
+1
-23
@@ -1,23 +0,1 @@ | ||
| { | ||
| "name": "with-env", | ||
| "version": "0.1.1", | ||
| "description": "Read and apply .env file if exists in the working directory", | ||
| "main": "index.js", | ||
| "scripts": { | ||
| "test": "prova" | ||
| }, | ||
| "devDependencies": { | ||
| "prova": "*" | ||
| }, | ||
| "keywords": [ | ||
| "env", | ||
| "environment", | ||
| "foreman" | ||
| ], | ||
| "repository": { | ||
| "url": "git@github.com:azer/with-env.git", | ||
| "type": "git" | ||
| }, | ||
| "author": "azer", | ||
| "license": "BSD" | ||
| } | ||
| {"name":"with-env","version":"1.3.37"} |
-7
| PORT=8080 | ||
| AWS_KEY=abcde | ||
| DB=user@foobar.com/corge | ||
| DBSET=mongodb://user:pass@foobar.com:4000,barfoo.com:5000/corge?replicaSet=rs-ds012345 | ||
| DQUOTE="this is quoted" | ||
| SQUOTE='this is also quoted' |
Sorry, the diff of this file is not supported yet
-23
| var read = require("fs").readFileSync; | ||
| module.exports = apply; | ||
| function apply () { | ||
| var doc; | ||
| try { | ||
| doc = read('./.env').toString().split('\n'); | ||
| } catch (exc) { | ||
| return; | ||
| } | ||
| var i = -1; | ||
| var len = doc.length; | ||
| var row; | ||
| while (++i < len) { | ||
| if (!doc[i]) continue; | ||
| row = doc[i].split(/\s*=\s*/); | ||
| process.env[row.shift()] = row.join('=').replace(/['"]/g,''); | ||
| } | ||
| } |
-28
| ## with-env | ||
| Read and apply .env file (if exists) in the working directory. | ||
| ## Install | ||
| ```bash | ||
| $ npm install with-env | ||
| ``` | ||
| ## Usage | ||
| Create an `.env` file: | ||
| ``` | ||
| PORT=8080 | ||
| AWS_KEY=abcde | ||
| DB=user@foobar.com/corge | ||
| ``` | ||
| And call `with-env` on top of your module: | ||
| ```js | ||
| require('with-env')() | ||
| console.log(process.env.AWS_KEY) | ||
| // => 'abcde' | ||
| ``` |
New alerts
Empty package
Supply chain riskPackage does not contain any code. It may be removed, is name squatting, or the result of a faulty package publish.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
No README
QualityPackage does not have a README. This may indicate a failed publish or a low quality package.
Found 1 instance in 1 package
No contributors or author data
MaintenancePackage does not specify a list of contributors or an author in package.json.
Found 1 instance in 1 package
No License Found
LicenseLicense information could not be found.
Found 1 instance in 1 package
No repository
Supply chain riskPackage does not have a linked source code repository. Without this field, a package will have no reference to the location of the source code use to generate the package.
Found 1 instance in 1 package
Fixed alerts
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
No v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
Improved metrics
- Dev dependency count
0
-100%- Number of low quality alerts
1
-50%- Number of low supply chain risk alerts
1
-50%Worsened metrics
- Total package byte prevSize
38
-97.25%- Number of package files
1
-80%- Number of low license alerts
1
Infinity%- Lines of code
0
-100%- Number of low maintenance alerts
2
100%- Number of medium quality alerts
2
100%- Number of lines in readme file
0
-100%- Number of medium supply chain risk alerts
2
Infinity%