npm - @captainsafia/burrow - Versions diffs - 1.0.0-preview.0d335f8 → 1.0.0-preview.285f965 - Mend

@captainsafia/burrow 1.0.0-preview.0d335f8 → 1.0.0-preview.285f965

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -1,6 +1,10 @@
 # burrow
-A platform-agnostic, directory-scoped secrets manager. Store secrets outside your repos, inherit them through directory ancestry.
+Burrow is a platform-agnostic, directory-scoped secrets manager. Secrets are stored outside your repos in a local SQLite store and exportable to various formats via the CLI. For a nicer dev experience, Burrow currently stores secrets in a plain-text format outside the target repo, which means that secrets can still be leaked to other users on your machine or people who gain access to your device. But, for your day-to-day dev use, this beats keeping secrets in gitignored files in your repo.
+<p align="center">
+  <img src="demo.gif" alt="burrow demo" width="600">
+</p>
 ```
 ~/projects/                     # DATABASE_URL, API_KEY defined here
@@ -30,8 +34,10 @@ burrow set DATABASE_URL=postgres://localhost/mydb --path ~/projects
 ### Get a secret
 ```bash
-burrow get API_KEY --show
+burrow get API_KEY
 burrow get API_KEY --format json
+# Redact the secret value in output
+burrow get API_KEY --redact
 ```
 ### List all secrets
@@ -39,13 +45,21 @@ burrow get API_KEY --format json
 ```bash
 burrow list
 burrow list --format json
+# Redact secret values in output
+burrow list --redact
 ```
 ### Export to your shell
 ```bash
+# Auto-detects your shell (bash, fish, powershell, cmd)
 eval "$(burrow export)"
-eval "$(burrow export --format shell)" && npm start
+# Or specify a format explicitly
+burrow export --format fish
+burrow export --format powershell
+burrow export --format dotenv
+burrow export --format json
 ```
 ### Block inheritance
@@ -84,13 +98,26 @@ import { BurrowClient } from '@captainsafia/burrow';
 const client = new BurrowClient();
-await client.set('API_KEY', 'secret123', { path: '/my/project' });
+try {
+  await client.set('API_KEY', 'secret123', { path: '/my/project' });
+  const secret = await client.get('API_KEY', { cwd: '/my/project/subdir' });
+  console.log(secret?.value); // 'secret123'
+  console.log(secret?.sourcePath); // '/my/project'
-const secret = await client.get('API_KEY', { cwd: '/my/project/subdir' });
-console.log(secret?.value); // 'secret123'
-console.log(secret?.sourcePath); // '/my/project'
+  const allSecrets = await client.list({ cwd: '/my/project' });
+} finally {
+  client.close(); // Clean up database connection
+}
+```
+Or with TypeScript's `using` declarations for automatic cleanup:
-const allSecrets = await client.list({ cwd: '/my/project' });
+```typescript
+{
+  using client = new BurrowClient();
+  await client.set('API_KEY', 'secret123');
+} // Automatically cleaned up
 ```
 ## Contributing

package/dist/api.d.ts CHANGED Viewed

@@ -5,7 +5,7 @@ export interface ResolvedSecret {
 	value: string;
 	sourcePath: string;
 }
-export type ExportFormat = "shell" | "dotenv" | "json";
+export type ExportFormat = "shell" | "bash" | "fish" | "powershell" | "cmd" | "dotenv" | "json";
 /**
  * Configuration options for creating a BurrowClient instance.
  */
@@ -21,7 +21,7 @@ export interface BurrowClientOptions {
 	configDir?: string;
 	/**
 	 * Custom filename for the secrets store.
-	 * Defaults to `store.json`.
+	 * Defaults to `store.db`.
 	 */
 	storeFileName?: string;
 	/**
@@ -99,10 +99,6 @@ export interface ExportOptions {
 	 * - `json`: Exports as a JSON object
 	 */
 	format?: ExportFormat;
-	/**
-	 * Whether to show actual values (currently unused, reserved for future use).
-	 */
-	showValues?: boolean;
 	/**
 	 * Whether to include source paths in JSON output.
 	 * When true, JSON output includes `{ key: { value, sourcePath } }` format.
@@ -151,7 +147,7 @@ export declare class BurrowClient {
 	 * The secret will be available to the specified directory and all its
 	 * subdirectories, unless overridden or blocked at a deeper level.
 	 *
-	 * @param key - Environment variable name. Must match `^[A-Z_][A-Z0-9_]*$`
+	 * @param key - Environment variable name. Must match `^[A-Za-z_][A-Za-z0-9_]*$`
 	 * @param value - Secret value to store
 	 * @param options - Set options including target path
 	 * @throws Error if the key format is invalid
@@ -215,7 +211,7 @@ export declare class BurrowClient {
 	 *
 	 * A blocked key can be re-enabled by calling `set` at the same or deeper path.
 	 *
-	 * @param key - Environment variable name to block. Must match `^[A-Z_][A-Z0-9_]*$`
+	 * @param key - Environment variable name to block. Must match `^[A-Za-z_][A-Za-z0-9_]*$`
 	 * @param options - Block options including target path
 	 * @throws Error if the key format is invalid
 	 *
@@ -240,7 +236,7 @@ export declare class BurrowClient {
 	 * `remove` completely deletes the secret entry. After removal, the key
 	 * may still be inherited from parent directories if defined there.
 	 *
-	 * @param key - Environment variable name to remove. Must match `^[A-Z_][A-Z0-9_]*$`
+	 * @param key - Environment variable name to remove. Must match `^[A-Za-z_][A-Za-z0-9_]*$`
 	 * @param options - Remove options including target path
 	 * @returns true if the secret was found and removed, false if it didn't exist
 	 * @throws Error if the key format is invalid

package/dist/api.js CHANGED Viewed

@@ -66,10 +66,10 @@ class Storage {
       await chmod(this.configDir, 448);
     }
     this.db = new Database(this.storePath);
-    this.db.run("PRAGMA journal_mode = WAL");
     if (!isWindows()) {
       await chmod(this.storePath, 384);
     }
+    this.db.run("PRAGMA journal_mode = WAL");
     this.db.run(`
       CREATE TABLE IF NOT EXISTS secrets (
         path TEXT NOT NULL,
@@ -122,7 +122,12 @@ class Storage {
   }
   async getAncestorPaths(canonicalPath) {
     const db = await this.ensureDb();
-    const rows = db.query("SELECT DISTINCT path FROM secrets WHERE ? = path OR ? LIKE path || '/' || '%' OR path = '/'").all(canonicalPath, canonicalPath);
+    let rows;
+    if (isWindows()) {
+      rows = db.query("SELECT DISTINCT path FROM secrets WHERE ? = path OR ? LIKE path || '\\' || '%' OR (length(path) = 3 AND path LIKE '_:\\' AND ? LIKE path || '%')").all(canonicalPath, canonicalPath, canonicalPath);
+    } else {
+      rows = db.query("SELECT DISTINCT path FROM secrets WHERE ? = path OR ? LIKE path || '/' || '%' OR path = '/'").all(canonicalPath, canonicalPath);
+    }
     return rows.map((row) => row.path);
   }
   async removeKey(canonicalPath, key) {
@@ -246,6 +251,9 @@ function escapeShellValue(value) {
 function escapeDoubleQuotes(value) {
   return value.replace(/\\/g, "\\\\").replace(/"/g, "\\\"");
 }
+function escapePowerShellValue(value) {
+  return value.replace(/'/g, "''");
+}
 function formatShell(secrets) {
   const lines = [];
   const sortedKeys = Array.from(secrets.keys()).sort();
@@ -258,6 +266,42 @@ function formatShell(secrets) {
   return lines.join(`
 `);
 }
+function formatFish(secrets) {
+  const lines = [];
+  const sortedKeys = Array.from(secrets.keys()).sort();
+  for (const key of sortedKeys) {
+    const secret = secrets.get(key);
+    assertValidEnvKey(key);
+    const escapedValue = escapeShellValue(secret.value);
+    lines.push(`set -gx ${key} '${escapedValue}'`);
+  }
+  return lines.join(`
+`);
+}
+function formatPowerShell(secrets) {
+  const lines = [];
+  const sortedKeys = Array.from(secrets.keys()).sort();
+  for (const key of sortedKeys) {
+    const secret = secrets.get(key);
+    assertValidEnvKey(key);
+    const escapedValue = escapePowerShellValue(secret.value);
+    lines.push(`$env:${key} = '${escapedValue}'`);
+  }
+  return lines.join(`
+`);
+}
+function formatCmd(secrets) {
+  const lines = [];
+  const sortedKeys = Array.from(secrets.keys()).sort();
+  for (const key of sortedKeys) {
+    const secret = secrets.get(key);
+    assertValidEnvKey(key);
+    const escapedValue = secret.value.replace(/([&|<>^])/g, "^$1");
+    lines.push(`set ${key}=${escapedValue}`);
+  }
+  return lines.join(`
+`);
+}
 function formatDotenv(secrets) {
   const lines = [];
   const sortedKeys = Array.from(secrets.keys()).sort();
@@ -295,7 +339,14 @@ function formatJson(secrets, includeSources = false) {
 function format(secrets, fmt, options = {}) {
   switch (fmt) {
     case "shell":
+    case "bash":
       return formatShell(secrets);
+    case "fish":
+      return formatFish(secrets);
+    case "powershell":
+      return formatPowerShell(secrets);
+    case "cmd":
+      return formatCmd(secrets);
     case "dotenv":
       return formatDotenv(secrets);
     case "json":

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@captainsafia/burrow",
-  "version": "1.0.0-preview.0d335f8",
+  "version": "1.0.0-preview.285f965",
   "description": "Platform-agnostic, directory-scoped secrets manager",
   "type": "module",
   "main": "dist/api.js",
@@ -51,6 +51,7 @@
   ],
   "license": "MIT",
   "dependencies": {
+    "clipboardy": "^5.0.2",
     "commander": "^14.0.2"
   }
 }