npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

secrets

v1.1.5

Published

Secret handler for Node.js 🗝️

Downloads

499

Readme

Secrets

Secret handler for Node.js 🗝️

Secret is a zero-dependency package to handle secrets in Node.js from a .env file into process.env. Inspired by dotenv.

Install

yarn add secrets

Usage

Create a .env file in the root directory of your project. It supports 3 types of .env files .env.json and .env.js

.env supports entries in the form of NAME=VALUE.

NODE_ENV=development
PORT=3000
SECRET=my_super_secret

.env.json supports JSON

{
  "NODE_ENV": "development",
  "PORT": 3000,
  "SECRET": "my_super_secret"
}

.env.js supports JavaScript

module.exports = {
  NODE_ENV: 'development',
  PORT: 3000,
  SECRET: 'my_super_secret',
}

That's it. As early as possible in your application, require secrets. process.env should have the keys and values you defined in your .env file.

// setups entries in process.env
import 'secrets' // or require('secrets')
...

// which can be access anywhere in your code
app.listen(process.env.PORT, function () {
  console.log('Server running on localhost:' + process.env.PORT)
})

Verify environment variables are loaded in process.env

secret.verify('PORT', 'SECRET') // throw error if it's missing

Babel Plugin

module.exports = {
  presets: ['module:metro-react-native-babel-preset'],
  plugins: ['secrets/babel-plugin-secrets'],
}

Github Action

To create secret .env environment files on demands on your github actions checkout du5rte/create-secret-file

Location

Secrets should be place in the root of the project but it searches for .env files the same way node searches for node_modules folders, the closer to the root the higher the priority.

/Users/user/myProjects/myAwesomeProject/.env
/Users/user/myProjects/.env
/Users/user/.env
/Users/.env

Rules

The parsing engine currently supports the following rules:

  • BASIC=basic becomes {BASIC: 'basic'}
  • empty lines are skipped
  • lines beginning with # are treated as comments
  • empty values become empty strings (EMPTY= becomes {EMPTY: ''})
  • single and double quoted values are escaped (SINGLE_QUOTE='quoted' becomes {SINGLE_QUOTE: "quoted"})
  • new lines are expanded if in double quotes (MULTILINE="new\nline" becomes
{MULTILINE: 'new
line'}
  • inner quotes are maintained (think JSON) (JSON={"foo": "bar"} becomes {JSON:"{\"foo\": \"bar\"}")

FAQ

Should I commit my secrets files?

No! 🙅‍♂️, do not commit your .env files! Adding a .gitignore file to your repository should be your first line of defense against accidentally leaking any secrets. read more

Contributing

See CONTRIBUTING.md

License

See LICENSE