@dotenvx/dotenvx 0.8.4 → 0.10.0

package/LICENSE

@@ -0,0 +1,28 @@
+BSD 3-Clause License
+
+Copyright (c) 2024, Scott Motte
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its
+   contributors may be used to endorse or promote products derived from
+   this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

package/README.md

@@ -347,10 +347,20 @@ More examples
 
 * <details><summary>Heroku</summary><br>
 
+  > Add the buildpack, installing the `dotenvx` binary to your heroku deployment.
+
   ```sh
-  coming soon
+  heroku buildpacks:add https://github.com/dotenvx/heroku-buildpack-dotenvx
   ```
 
+  > Use it in your Procfile.
+
+  ```sh
+  web: dotenvx run -- node index.js
+  ```
+
+  <sub><a href="https://github.com/dotenvx/heroku-buildpack-dotenvx">buildpack docs</a></sub>
+
   </details>
 
 * <details><summary>Laravel Forge</summary><br>
@@ -416,6 +426,32 @@ More examples
 * [dotenvx/docs](https://dotenvx.com/docs)
 * [quickstart guide](https://dotenvx.com/docs/quickstart)
 
+## Pre-commit
+
+You can prevent `.env` files from being committed to code with this pre-commit hook.
+
+Place this in `.git/hooks/pre-commit`
+
+```
+#!/bin/sh
+dotenvx precommit --quiet
+
+# Check dotenvx precommit exit status
+if [ $? -ne 0 ]; then
+  echo "dotenvx pre-commit failed. run [dotenvx precommit] for more information"
+  exit 1
+fi
+exit 0
+```
+
+Make sure to make it executable.
+
+```
+chmod +x .git/hooks/pre-commit
+```
+
+You can simulate the pre-commit hook by running `dotenvx precommit` locally.
+
 ## Contributing
 
 You can fork this repo and create [pull requests](https://github.com/dotenvx/dotenvx/pulls) or if you have questions or feedback:

package/package.json

@@ -1,5 +1,5 @@
 {
-  "version": "0.8.4",
+  "version": "0.10.0",
   "name": "@dotenvx/dotenvx",
   "description": "a better dotenv–from the creator of `dotenv`",
   "author": "@motdotla",
@@ -31,11 +31,12 @@
     "commander": "^11.1.0",
     "conf": "^10.2.0",
     "dotenv": "^16.3.1",
+    "execa": "^5.1.1",
+    "ignore": "^5.3.0",
     "open": "^8.4.2",
     "ora": "^5.4.1",
     "qrcode-terminal": "^0.12.0",
     "update-notifier": "^5.1.0",
-    "execa": "^5.1.1",
     "winston": "^3.11.0",
     "xxhashjs": "^0.2.2"
   },

package/src/cli/actions/encrypt.js

@@ -4,6 +4,7 @@ const main = require('./../../lib/main')
 const logger = require('./../../shared/logger')
 const helpers = require('./../helpers')
 const createSpinner = require('./../../shared/createSpinner')
+const { AppendToIgnores } = require('./../ignores')
 
 const spinner = createSpinner('encrypting')
 
@@ -11,6 +12,8 @@ const spinner = createSpinner('encrypting')
 const ENCODING = 'utf8'
 
 async function encrypt () {
+  new AppendToIgnores().run()
+
   spinner.start()
   await helpers.sleep(500) // better dx
 

package/src/cli/actions/precommit.js

@@ -0,0 +1,55 @@
+const fs = require('fs')
+
+const ignore = require('ignore')
+
+const logger = require('./../../shared/logger')
+
+function precommit () {
+  const options = this.opts()
+  logger.debug(`options: ${JSON.stringify(options)}`)
+
+  // 1. check for .gitignore file
+  if (!fs.existsSync('.gitignore')) {
+    logger.error('.gitignore missing')
+    logger.help('? add it with [touch .gitignore]')
+    process.exit(1)
+  }
+
+  const ig = ignore().add(fs.readFileSync('.gitignore').toString())
+  const files = fs.readdirSync(process.cwd())
+  const dotenvFiles = files.filter(file => file.match(/^\.env(\..+)?$/))
+  dotenvFiles.forEach(file => {
+    // check if that file is being ignored
+    if (ig.ignores(file)) {
+      switch (file) {
+        case '.env.example':
+          logger.warn(`${file} (currently ignored but should not be)`)
+          logger.help(`? add !${file} to .gitignore with [echo "!${file}" >> .gitignore]`)
+          break
+        case '.env.vault':
+          logger.warn(`${file} (currently ignored but should not be)`)
+          logger.help(`? add !${file} to .gitignore with [echo "!${file}" >> .gitignore]`)
+          break
+        default:
+          logger.success(file)
+          break
+      }
+    } else {
+      switch (file) {
+        case '.env.example':
+          logger.success('.env.example') // should not be ignored
+          break
+        case '.env.vault':
+          logger.success('.env.vault') // should not be ignored
+          break
+        default:
+          logger.error(`${file} not properly gitignored`)
+          logger.help(`? add ${file} to .gitignore with [echo ".env*" >> .gitignore]`)
+          process.exit(1)
+          break
+      }
+    }
+  })
+}
+
+module.exports = precommit

package/src/cli/actions/run.js

@@ -2,10 +2,16 @@ const fs = require('fs')
 const logger = require('./../../shared/logger')
 const helpers = require('./../helpers')
 const main = require('./../../lib/main')
+const { AppendToIgnores } = require('./../ignores')
 
 const ENCODING = 'utf8'
 
 async function run () {
+  new AppendToIgnores().run()
+
+  const commandArgs = this.args
+  logger.debug(`process command [${commandArgs.join(' ')}]`)
+
   const options = this.opts()
   logger.debug(`options: ${JSON.stringify(options)}`)
 
@@ -81,7 +87,19 @@ async function run () {
         readableFilepaths.add(envFilepath)
         result.injected.forEach(key => injected.add(key))
       } catch (e) {
-        logger.warn(e)
+        switch (e.code) {
+          // missing .env
+          case 'ENOENT':
+            logger.warnv(`missing .env file (${filepath})`)
+            logger.help(`? in development: add one with [echo "HELLO=World" > .env] and re-run [dotenvx run -- ${commandArgs.join(' ')}]`)
+            logger.help('? for production: set [DOTENV_KEY] on your server and re-deploy')
+            break
+
+          // unhandled error
+          default:
+            logger.warn(e)
+            break
+        }
       }
     }
 
@@ -99,9 +117,8 @@ async function run () {
     logger.error('  or try:   [dotenvx run -- npm run dev]')
     process.exit(1)
   } else {
-    const subCommand = process.argv.slice(commandIndex + 1)
-
-    await helpers.executeCommand(subCommand, process.env)
+    // const commandArgs = process.argv.slice(commandIndex + 1)
+    await helpers.executeCommand(commandArgs, process.env)
   }
 }
 

package/src/cli/dotenvx.js

@@ -7,7 +7,6 @@ const program = new Command()
 const logger = require('./../shared/logger')
 const helpers = require('./helpers')
 const examples = require('./examples')
-const { AppendToIgnores } = require('./ignores')
 const packageJson = require('./../shared/packageJson')
 
 // once a day check for any updates
@@ -23,8 +22,6 @@ program
   .option('-v, --verbose', 'sets log level to verbose')
   .option('-d, --debug', 'sets log level to debug')
   .hook('preAction', (thisCommand, actionCommand) => {
-    new AppendToIgnores().run()
-
     const options = thisCommand.opts()
 
     if (options.logLevel) {
@@ -56,7 +53,7 @@ program
 
 // dotenvx run -- node index.js
 program.command('run')
-  .description('inject env at runtime [dotenvx run -- your-command-here]')
+  .description('inject env at runtime [dotenvx run -- yourcommand]')
   .addHelpText('after', examples.run)
   .option('-f, --env-file <paths...>', 'path(s) to your env file(s)', '.env')
   .option('-o, --overload', 'override existing env variables')
@@ -69,6 +66,12 @@ program.command('encrypt')
   .option('-f, --env-file <paths...>', 'path(s) to your env file(s)', helpers.findEnvFiles('./'))
   .action(require('./actions/encrypt'))
 
+// dotenvx precommit
+program.command('precommit')
+  .description('dotenvx precommit check')
+  .addHelpText('after', examples.precommit)
+  .action(require('./actions/precommit'))
+
 // dotenvx hub
 program.addCommand(require('./commands/hub'))
 

package/src/cli/examples.js

@@ -48,7 +48,18 @@ Try it:
   `
 }
 
+const precommit = function () {
+  return `
+Examples:
+
+  \`\`\`
+  $ dotenvx precommit
+  \`\`\`
+  `
+}
+
 module.exports = {
   run,
-  encrypt
+  encrypt,
+  precommit
 }

package/src/cli/helpers.js

@@ -23,26 +23,26 @@ const resolvePath = function (filepath) {
   return path.resolve(process.cwd(), filepath)
 }
 
-const executeCommand = async function (subCommand, env) {
+const executeCommand = async function (commandArgs, env) {
   const signals = [
     'SIGHUP', 'SIGQUIT', 'SIGILL', 'SIGTRAP', 'SIGABRT',
     'SIGBUS', 'SIGFPE', 'SIGUSR1', 'SIGSEGV', 'SIGUSR2', 'SIGTERM'
   ]
 
-  logger.debug(`executing subcommand ${subCommand}`)
+  logger.debug(`executing process command [${commandArgs.join(' ')}]`)
 
   // handler for SIGINT
-  let subprocess
+  let commandProcess
   const sigintHandler = () => {
     logger.debug('received SIGINT')
-    logger.debug('checking subprocess')
-    logger.debug(subprocess)
+    logger.debug('checking command process')
+    logger.debug(commandProcess)
 
-    if (subprocess) {
-      logger.debug('sending SIGINT to subprocess')
-      subprocess.kill('SIGINT') // Send SIGINT to the subprocess
+    if (commandProcess) {
+      logger.debug('sending SIGINT to command process')
+      commandProcess.kill('SIGINT') // Send SIGINT to the command process
     } else {
-      logger.debug('no subprocess to send SIGINT to')
+      logger.debug('no command process to send SIGINT to')
     }
   }
 
@@ -51,7 +51,7 @@ const executeCommand = async function (subCommand, env) {
   }
 
   try {
-    subprocess = execa(subCommand[0], subCommand.slice(1), {
+    commandProcess = execa(commandArgs[0], commandArgs.slice(1), {
       stdio: 'inherit',
       env: { ...process.env, ...env }
     })
@@ -62,8 +62,8 @@ const executeCommand = async function (subCommand, env) {
       process.on(signal, () => handleOtherSignal(signal))
     })
 
-    // Wait for the subprocess to finish
-    const { exitCode } = await subprocess
+    // Wait for the command process to finish
+    const { exitCode } = await commandProcess
 
     if (exitCode !== 0) {
       logger.debug(`received exitCode ${exitCode}`)
@@ -72,15 +72,15 @@ const executeCommand = async function (subCommand, env) {
   } catch (error) {
     if (error.signal !== 'SIGINT') {
       logger.error(error.message)
-      logger.error(`command [${subCommand.join(' ')}] failed`)
+      logger.error(`command [${commandArgs.join(' ')}] failed`)
       logger.error('')
-      logger.error(`  try without dotenvx: [${subCommand.join(' ')}]`)
+      logger.error(`  try without dotenvx: [${commandArgs.join(' ')}]`)
       logger.error('')
       logger.error('if that succeeds, then dotenvx is the culprit. report issue:')
       logger.error(`<${REPORT_ISSUE_LINK}>`)
     }
 
-    // Exit with the error code from the subprocess, or 1 if unavailable
+    // Exit with the error code from the command process, or 1 if unavailable
     process.exit(error.exitCode || 1)
   } finally {
     // Clean up: Remove the SIGINT handler

package/src/cli/ignores.js

@@ -1,6 +1,6 @@
 const fs = require('fs')
 
-const FORMATS = ['.env*', '!.env.vault', '.flaskenv*']
+const FORMATS = ['.env*', '!.env.vault']
 
 class Generic {
   constructor (filename, touchFile = false) {

package/src/shared/createSpinner.js

@@ -7,6 +7,8 @@ const createSpinner = function (initialMessage = '') {
   return {
     start: (message) => spinner.start(message),
     succeed: (message) => spinner.succeed(chalk.keyword('green')(message)),
+    warn: (message) => spinner.warn(chalk.keyword('orangered')(message)),
+    info: (message) => spinner.info(chalk.keyword('blue')(message)),
     done: (message) => spinner.succeed(message),
     fail: (message) => spinner.fail(chalk.bold.red(message))
   }

package/src/shared/logger.js

@@ -11,6 +11,7 @@ const packageJson = require('./packageJson')
 const levels = {
   error: 0,
   warn: 1,
+  warnv: 1,
   success: 2,
   successv: 2,
   info: 2,
@@ -41,6 +42,8 @@ const dotenvxFormat = printf(({ level, message, label, timestamp }) => {
       return error(formattedMessage)
     case 'warn':
       return warn(formattedMessage)
+    case 'warnv':
+      return warn(`[dotenvx@${packageJson.version}] ${formattedMessage}`)
     case 'success':
       return success(formattedMessage)
     case 'successv': // success with 'version'