@dotenvx/dotenvx 1.1.0 → 1.3.0

package/CHANGELOG.md

@@ -2,19 +2,35 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
-## [Unreleased](https://github.com/dotenvx/dotenvx/compare/v1.1.0...main)
+## [Unreleased](https://github.com/dotenvx/dotenvx/compare/v1.3.0...main)
+
+## 1.3.0
+
+### Added
+
+* encrypt specified keys with `--key` option - `dotenvx encrypt -k HELLO` ([#281](https://github.com/dotenvx/dotenvx/pull/281))
+
+## 1.2.0
+
+### Added
+
+* handle nested `dotenvx` invocations - `dotenvx run -- dotenvx run -- env` ([#279](https://github.com/dotenvx/dotenvx/pull/279))
+
+### Changed
+
+* replace `glob` with faster approach ([#278](https://github.com/dotenvx/dotenvx/pull/278))
 
 ## 1.1.0
 
 ### Added
 
-* Add TypeScript type definitions ([#272](https://github.com/dotenvx/dotenvx/pull/272))
+* add TypeScript type definitions ([#272](https://github.com/dotenvx/dotenvx/pull/272))
 
 ## 1.0.1
 
 ### Changed
 
-* 🐞 Fix expansion when preset on `process.env` and/or with `--overload` ([#271](https://github.com/dotenvx/dotenvx/pull/271))
+* 🐞 fix expansion when preset on `process.env` and/or with `--overload` ([#271](https://github.com/dotenvx/dotenvx/pull/271))
 
 ## 1.0.0 
 

package/README.md

@@ -1114,6 +1114,18 @@ More examples
   ℹ run [DOTENV_PRIVATE_KEY_PRODUCTION='bff..bc4' dotenvx run -- yourcommand] to test decryption locally
   ```
 
+  </details>
+* <details><summary>`encrypt -k`</summary><br>
+
+  Specify the key(s) to encrypt by passing `--key`.
+
+  ```sh
+  $ echo "HELLO=World\nHELLO2=Universe" > .env
+
+  $ dotenvx encrypt -k HELLO2
+  ✔ encrypted (.env)
+  ```
+
   </details>
 * <details><summary>`help`</summary><br>
 

package/package.json

@@ -1,5 +1,5 @@
 {
-  "version": "1.1.0",
+  "version": "1.3.0",
   "name": "@dotenvx/dotenvx",
   "description": "a better dotenv–from the creator of `dotenv`",
   "author": "@motdotla",
@@ -26,7 +26,8 @@
     "test": "tap run --show-full-coverage",
     "testshell": "bash shellspec",
     "prerelease": "npm test && npm run testshell",
-    "release": "standard-version"
+    "release": "standard-version",
+    "postinstall": "patch-package"
   },
   "funding": "https://dotenvx.com",
   "dependencies": {
@@ -39,12 +40,13 @@
     "dotenv": "^16.4.5",
     "eciesjs": "^0.4.6",
     "execa": "^5.1.1",
-    "glob": "^10.3.10",
+    "fdir": "^6.1.1",
     "ignore": "^5.3.0",
     "is-wsl": "^2.1.1",
     "object-treeify": "1.1.33",
     "open": "^8.4.2",
     "ora": "^5.4.1",
+    "picomatch": "^3.0.1",
     "semver": "^7.3.4",
     "undici": "^5.28.3",
     "which": "^4.0.0",
@@ -53,6 +55,7 @@
   },
   "devDependencies": {
     "capture-console": "^1.0.2",
+    "patch-package": "^8.0.0",
     "pkg": "^5.8.1",
     "proxyquire": "^2.1.3",
     "sinon": "^14.0.1",

package/src/cli/actions/encrypt.js

@@ -16,7 +16,7 @@ async function encrypt () {
       processedEnvFiles,
       changedFilepaths,
       unchangedFilepaths
-    } = main.encrypt(options.envFile)
+    } = main.encrypt(options.envFile, options.key)
 
     for (const processedEnvFile of processedEnvFiles) {
       logger.verbose(`encrypting ${processedEnvFile.envFilepath} (${processedEnvFile.filepath})`)

package/src/cli/actions/run.js

@@ -48,15 +48,31 @@ const executeCommand = async function (commandArgs, env) {
   }
 
   try {
-    let systemCommandPath = commandArgs[0]
+    // ensure the first command is expanded
     try {
-      systemCommandPath = which.sync(`${commandArgs[0]}`)
-      logger.debug(`expanding process command to [${systemCommandPath} ${commandArgs.slice(1).join(' ')}]`)
+      commandArgs[0] = path.resolve(which.sync(`${commandArgs[0]}`))
+      logger.debug(`expanding process command to [${commandArgs.join(' ')}]`)
     } catch (e) {
-      logger.debug(`could not expand process command. using [${systemCommandPath} ${commandArgs.slice(1).join(' ')}]`)
+      logger.debug(`could not expand process command. using [${commandArgs.join(' ')}]`)
     }
 
-    commandProcess = execa(systemCommandPath, commandArgs.slice(1), {
+    // expand any other commands that follow a --
+    let expandNext = false
+    for (let i = 0; i < commandArgs.length; i++) {
+      if (commandArgs[i] === '--') {
+        expandNext = true
+      } else if (expandNext) {
+        try {
+          commandArgs[i] = path.resolve(which.sync(`${commandArgs[i]}`))
+          logger.debug(`expanding process command to [${commandArgs.join(' ')}]`)
+        } catch (e) {
+          logger.debug(`could not expand process command. using [${commandArgs.join(' ')}]`)
+        }
+        expandNext = false
+      }
+    }
+
+    commandProcess = execa(commandArgs[0], commandArgs.slice(1), {
       stdio: 'inherit',
       env: { ...process.env, ...env }
     })
@@ -197,7 +213,6 @@ async function run () {
     logger.error('  or try:   [dotenvx run -- npm run dev]')
     process.exit(1)
   } else {
-    // const commandArgs = process.argv.slice(commandIndex + 1)
     await executeCommand(commandArgs, process.env)
   }
 }

package/src/cli/dotenvx.js

@@ -2,6 +2,7 @@
 
 const fs = require('fs')
 const path = require('path')
+const { execSync } = require('child_process')
 const UpdateNotice = require('./../lib/helpers/updateNotice')
 const { Command } = require('commander')
 const program = new Command()
@@ -93,15 +94,21 @@ const encryptAction = require('./actions/encrypt')
 program.command('encrypt')
   .description('convert .env file(s) to encrypted .env file(s)')
   .option('-f, --env-file <paths...>', 'path(s) to your env file(s)')
+  .option('-k, --key <keys...>', 'keys(s) to encrypt (default: all keys in file)')
   .action(encryptAction)
 
 // dotenvx pro
 program.command('pro')
   .description('🏆 pro')
   .action(function (...args) {
-    const pro = fs.readFileSync(path.join(__dirname, './pro.txt'), 'utf8')
-
-    console.log(pro)
+    try {
+      // execute `dotenvx-pro` if available
+      execSync('dotenvx-pro', { stdio: ['inherit', 'inherit', 'ignore'] })
+    } catch (_error) {
+      const pro = fs.readFileSync(path.join(__dirname, './pro.txt'), 'utf8')
+
+      console.log(pro)
+    }
   })
 
 // // dotenvx ent

package/src/lib/main.d.ts

@@ -144,8 +144,9 @@ export type EncryptOutput = {
  *
  * @see https://dotenvx.com/docs
  * @param envFile - path to the .env file
+ * @param key - keys(s) to encrypt (default: all keys in .env file)
  */
-export function encrypt(envFile: string): EncryptOutput;
+export function encrypt(envFile: string, key: string): EncryptOutput;
 
 export type VaultEncryptOutput = {
   dotenvKeys: Record<string, string>;
@@ -157,6 +158,7 @@ export type VaultEncryptOutput = {
   existingVaults: string[];
   addedDotenvFilenames: string[];
   envFile: string | string[];
+  key: string | string[];
 };
 
 /**

package/src/lib/main.js

@@ -194,8 +194,8 @@ const set = function (key, value, envFile, encrypt) {
 }
 
 /** @type {import('./main').encrypt} */
-const encrypt = function (envFile) {
-  return new Encrypt(envFile).run()
+const encrypt = function (envFile, key) {
+  return new Encrypt(envFile, key).run()
 }
 
 /** @type {import('./main').status} */

package/src/lib/services/encrypt.js

@@ -11,8 +11,9 @@ const replace = require('./../helpers/replace')
 const ENCODING = 'utf8'
 
 class Encrypt {
-  constructor (envFile = '.env') {
+  constructor (envFile = '.env', key = []) {
     this.envFile = envFile
+    this.key = key
     this.processedEnvFiles = []
     this.changedFilepaths = new Set()
     this.unchangedFilepaths = new Set()
@@ -20,6 +21,7 @@ class Encrypt {
 
   run () {
     const envFilepaths = this._envFilepaths()
+    const keys = this._keys()
     for (const envFilepath of envFilepaths) {
       const filepath = path.resolve(envFilepath)
 
@@ -52,15 +54,17 @@ class Encrypt {
         // iterate over all non-encrypted values and encrypt them
         const parsed = dotenv.parse(src)
         for (const [key, value] of Object.entries(parsed)) {
-          const encrypted = isEncrypted(key, value)
-          if (!encrypted) {
-            row.keys.push(key) // track key(s)
+          if (keys.length < 1 || keys.includes(key)) { // optionally control which key to encrypt
+            const encrypted = isEncrypted(key, value)
+            if (!encrypted) {
+              row.keys.push(key) // track key(s)
 
-            const encryptedValue = encryptValue(value, publicKey)
-            // once newSrc is built write it out
-            src = replace(src, key, encryptedValue)
+              const encryptedValue = encryptValue(value, publicKey)
+              // once newSrc is built write it out
+              src = replace(src, key, encryptedValue)
 
-            row.changed = true // track change
+              row.changed = true // track change
+            }
           }
         }
 
@@ -99,6 +103,14 @@ class Encrypt {
 
     return this.envFile
   }
+
+  _keys () {
+    if (!Array.isArray(this.key)) {
+      return [this.key]
+    }
+
+    return this.key
+  }
 }
 
 module.exports = Encrypt

package/src/lib/services/ls.js

@@ -1,5 +1,6 @@
+const { fdir: Fdir } = require('fdir')
 const path = require('path')
-const globSync = require('glob').globSync
+const picomatch = require('picomatch')
 
 class Ls {
   constructor (directory = './', envFile = '.env*') {
@@ -14,27 +15,23 @@ class Ls {
   }
 
   _filepaths () {
-    const options = {
-      ignore: this.ignore,
-      cwd: this.cwd // context dirctory for globSync
-    }
+    const ignoreMatchers = this.ignore.map(pattern => picomatch(pattern))
+    const pathMatchers = this._patterns().map(pattern => picomatch(pattern))
+
+    const api = new Fdir()
+      .withRelativePaths()
+      .exclude((dir, path) => ignoreMatchers.some(matcher => matcher(path)))
+      .filter((path) => pathMatchers.some(matcher => matcher(path)))
 
-    const patterns = this._patterns()
-    return globSync(patterns, options)
+    return api.crawl(this.cwd).sync()
   }
 
   _patterns () {
     if (!Array.isArray(this.envFile)) {
-      return `**/${this.envFile}`
+      return [`**/${this.envFile}`]
     }
 
-    const out = []
-
-    for (let i = 0; i < this.envFile.length; i++) {
-      const part = this.envFile[i]
-      out.push(`**/${part}`)
-    }
-    return out
+    return this.envFile.map(part => `**/${part}`)
   }
 }