npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

load-secrets

v0.4.0

Published

load secrets from your home dir or from the env

Downloads

17

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

jesseditsonjesseditson

Keywords

secretsenv

Readme

load-secrets

Platform agnostic secrets loader for ~/.secrets/project-name.env or process.env

Usage

const secrets = require('load-secrets')

To load secrets from a file, add a file called <your-project-name>.env to the ~/.secrets folder, e.g.

mkdir -p ~/.secrets
touch ~/.secrets/package-name.env

The env file name must (case insensitively) match your project name in package.json.

In the env file, each new line will be parsed as a variable.

You may use quotes or omit them, if you omit them the output will be stripped:

FOO=     W H O A    
> "W H O A"
FOO='     W H O A    '
> "     W H O A    "
FOO=  something with a # comment afer it
> "something with a"
FOO='comments are preserved in #quotes'
> "comments are preserved in #quotes"

To load secrets from the environment, make sure your secrets are prefixed with your project name, e.g.

export PROJECT_SECRET='I like the smell of gasoline 🙃'

is used via:

// package.json name is "project"
const secrets = require('load-secrets')
console.log(secrets.SECRET) // prints 'I like the smell of gasoline 🙃'

Project name is case insensitive, but case is retained on your vars, so project_sEcreTs is the same as PROJECT_sEcreTs, and both will produce require('load-secrets').sEcreTs

Project name is also sanitized for bash variable name compatibility - so any special characters in your project name will be replaced with underscores in the prefix name.

Example: if your project name is "my-project", the env var prefix would be MY_PROJECT.

You do not need to prefix files in your <project>.env file, so the above in a file would be:

SECRET=I like the smell of gasoline 🙃

Secrets in the env will override secrets in your files, so if you need to test something quickly, just set it:

SECRET=foo node myprogram.js # SECRET is 'foo' regardless of what's in the env file

NOTE: this only works for secrets that are defined in your secrets file - so you can't set arbitrary secrets this way, and if you don't have an env file, you still must prefix secrets with your project name.

Client-side Usage

While this package is not meant to be loaded on the client, it can be used in conjunction with a build tool (such as webpack) to decorate the package at runtime, allowing use of process.env on the client.

This is usually achieved by using something like https://webpack.js.org/plugins/environment-plugin/, which will automatically handle defining process.env for you, and having it fall back to an env from load-secrets.

const webpack = require('webpack')
const secrets = require('load-secrets')

const envPlugin = new webpack.EnvironmentPlugin({
  MY_PROJECT_MY_SECERT: secrets.MY_SECRET
})

This allows for isomorphic builds of applications that use this library, and use of ~/.secrets when developing locally without checking in dev configs.