npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@rikishi/secure-env

v1.2.1

Published

Use ENVs securely with encryption

Downloads

36

Readme

npm version JavaScript Style Guide Maintenance GitHub license GitHub release Github all releases

secure-env

Secure-env is a module that loads environment variables from a .env.enc file.A encryption tool that would helps you prevent attacks from npm-malicious-packages.

Usage

Create a .env file in the root directory of your project. Add environment-specific variables on new lines in the form of NAME=VALUE. For example:

DB_HOST=localhost:27017
DB_USER=scott
DB_PASS=tiger

Encrypt .env

$ npm install -g secure-env
$ secure-env .env -s mySecretPassword

Alternatively if you want this installed locally run the command as follows:

$ ./node_modules/secure-env/dist/es5/lib/cli.js .env -s mySecretPassword

If you are running NPM > v5.2. You can use npx:

$ npx secure-env .env -s mySecretPassword

A new encrypted file .env.enc will be created in your project root directory.You can delete the .env file after this,to prevent stealing.

Decrypt .env.enc

As early as possible in your application, require and configure dotenv.

let secureEnv = require('secure-env');
global.env = secureEnv({secret:'mySecretPassword'});

That's it.

global.env now has the keys and values you defined in your .env file.

var db = require('db')
db.connect({
  host: global.env.DB_HOST,
  username: global.env.DB_USER,
  password: global.env.DB_PASS
})

Options

Encryption

$ secure-env --option <VALUE> <file-path-which-is-to-be-encrypted>

| Option | What does it do | Defaults | | ------ | ------ | ------ | | --secret | Specify the secret Key which would be later used to decrypt the file. | mySecret | | --out | The encrypted file path that would be created. | env.enc | | --algo | The encryption algorithm that is to be used to encrypt the env file. | aes256 | | --decrypt | prints the decrypted text to stdout

Decryption

Path

Default: .env

You can specify a custom path if your file containing environment variables is named or located differently.

require('secure-env')({path:'/custom/path/to/your/env/vars'});

Decryption Algorithm

Default: aes256

You may specify the encryption algorithm for your file containing environment variables using this option.

require('secure-env')({enc_algo:'aes256'});

Secret

Default: mySecret

Specify the secret Key which was used during encryption of raw file.Having a salt-hashed secret key is recommended.

require('secure-env')({secret:'mySecretPassword'});

Parse rules

Refer https://github.com/motdotla/dotenv/blob/master/README.md#parse

The parsing engine currently supports the following rules:

  • BASIC=basic becomes {BASIC: 'basic'}
  • empty lines are skipped
  • lines beginning with # are treated as comments
  • empty values become empty strings (EMPTY= becomes {EMPTY: ''})
  • single and double quoted values are escaped (SINGLE_QUOTE='quoted' becomes {SINGLE_QUOTE: "quoted"})
  • new lines are expanded if in double quotes (MULTILINE="new\nline" becomes
{MULTILINE: 'new
line'}
  • inner quotes are maintained (think JSON) (JSON={"foo": "bar"} becomes {JSON:"{\"foo\": \"bar\"}")
  • whitespace is removed from both ends of the value (see more on trim) (FOO=" some value " becomes {FOO: 'some value'}) G.md)

License

See LICENSE

Dependencies

Source-env uses these open source projects to work properly:

  • Minimist - Argument parser without all the fanciful decoration.

Contributors

Acknowledgements

Source-env is inspired from and also uses code references from these open source projects: