npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

notenv

v2.0.3

Published

friends don't let friends use .env

Downloads

239

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

flaqueflaque

Keywords

Readme

notenv

notenv is a "replacement" for a dumb uses of .env files. You really shouldn't use .env files. Any production secret that would live in a .env should never live on some engineers computer. And in many cases, any development "secret" should be so unimportant that it's fine to put it in source control.

For example, you don't need to put your "password" for the development postgres in .env if it's just something running locally on a developer's laptop.

The general rule of thumb: if you're worried about committing a secret to source control, it probably shouldn't be living on some engineers computer either.

Install

yarn add notenv

Usage

notenv lets you proclaim the existence of an environment variables and then get them later on with a type-safe getter.

import proclaim from "notenv";

const env = proclaim({
  DATABASE_PASSWORD: "my-development-password"
});

env("DATABASE_PASSWORD"); // returns "my-development-password" when NODE_ENV !== "production"
env("ARGLE_BARGLE"); // Fails typecheck

If you're in production and it can't find it in process.env[key], it'll throw an error. Otherwise, it'll use the development value, (the property in the object).

The suggested way to use notenv is to create a env.js (or env.ts) file somewhere and then export all your environment variables from there.

// env.js
import proclaim from "notenv";

export default proclaim({
  DATABASE_URL: "postgres://localhost...",
  DATABASE_USER: "local",
  DATABASE_PASSWORD: "dummy-buddy"
});

Then in some other file, you can use env variables like this:

import env from "./env.js";

env("DATABASE_USER");