1.0.0 • Published 7 years ago

protect-env v1.0.0

Weekly downloads
1
License
MIT
Repository
github
Last release
7 years ago

🛡 protect-env

A naive implementation of protecting your process.env.

Avoid malicious packages and hackerz. Restrict process.env access to authorized libraries only.

🚀 Installation

npm i protect-env

🐜 Usage

Require this project as the very first line in your app.

Basic

const rules = {
	ENV_VAR_NAME: ['allowed-file.pattern'],
	ENV_VAR_NAME_2: ['package-name'],
	ENV_VAR_NAME_3: ['*'],
	env: ['global-patterns'],
}
require('protect-env')(rules)

/* ... your code ... */

Errors

Errors will be thrown if an unapproved library attempts to access your process.env or keys on it. Those libraries will not gain access to your protected env vars.

Minimal "Glob" Matching

protect-env uses minimatch for pattern matching. Pass arrays of glob/minimatching patterns for each key.

Restoring process.env

const restore = require('protect-env')({
	WHATEVER: ['my-file'],
})
process.env.WHATEVER // protected
restore()
process.env.WHATEVER // unprotected

⚠️ Caveats

This is a very naive implementation - only protecting your process.env using getters. It does not protect against other ways of accessing your environment variables (like calling external code, file system requires, or other more elegant methods).

📐 Testing

npm run test

🖌 Linting

npm run prettier

⚖ License

MIT

processenvenvironmentprotect
minimatch
@infinitebrahmanuniverse/nolb-prote@everything-registry/sub-chunk-2484
1.0.0

7 years ago

0.0.0

7 years ago