Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
By Socket Research Team - Dec 02, 2024
Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
poetry-dotenv-plugin
Advanced tools
poetry-dotenv-plugin
A Poetry plugin to automatically load environment variables from .env files
- 0.2.0
- PyPI
Sorry we don't scan binary artifacts yet
- Maintainers
- 1
Poetry Dotenv Plugin
A Poetry plugin that automatically loads environment variables from .env files into the environment before poetry commands are run.
Supports Python 3.7+
$ cat .env
MY_ENV_VAR='Hello World'
$ poetry run python -c 'import os; print(os.environ.get("MY_ENV_VAR"))'
Hello World
This plugin depends on the python-dotenv package for its functionality and therefore also supports features that python-dotenv supports. Interpolating variables using POSIX variable expansion for example.
Origins
Initial implementation based on the event handler application plugin example in the Poetry docs.
Install
poetry self add poetry-dotenv-plugin
Coming from Pipenv
If you are transitioning from pipenv there shouldn't be much to change with regard to the .env loading. If you were a user of pipenv's environment variables to control .env loading then you can use the analogous environment variables listed below.
| Pipenv env var | Poetry env var |
|---|---|
| PIPENV_DOTENV_LOCATION | POETRY_DOTENV_LOCATION |
| PIPENV_DONT_LOAD_ENV | POETRY_DONT_LOAD_ENV |
Overriding existing environment variables
By default, this plugin will override existing environment variables. This is because this plugin was built to make onboarding for users coming from pipenv as seamless as possible. If you want to prevent existing environment variables from being overridden, you can set the POETRY_DOTENV_DONT_OVERRIDE environment variable to true.1
Footnotes
Keywords
FAQs
A Poetry plugin to automatically load environment variables from .env files
We found that poetry-dotenv-plugin demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Research
Typosquatting Cryptographic Libraries: Malicious npm Packages Threaten Crypto Developers with Keylogging and Wallet Theft
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
By Kirill Boychenko - Nov 27, 2024
Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
By Sarah Gooding - Nov 26, 2024