@dotenvx/dotenvx 1.17.0 → 1.18.1

package/CHANGELOG.md

@@ -2,7 +2,46 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
-## [Unreleased](https://github.com/dotenvx/dotenvx/compare/v1.17.0...main)
+## [Unreleased](https://github.com/dotenvx/dotenvx/compare/v1.18.1...main)
+
+## 1.18.1
+
+### Added
+
+* escape user inputted regex groupings like `$1` or `$2`. ([#396](https://github.com/dotenvx/dotenvx/pull/396))
+
+## 1.18.0
+
+### Added
+
+* `set` and `encrypt` preserve leading spaces ([#395](https://github.com/dotenvx/dotenvx/pull/395))
+
+```sh
+     HELLO=world
+```
+
+### Changed
+
+* improve escape and quote handling for `set`, `encrypt`, and `decrypt` ([#395](https://github.com/dotenvx/dotenvx/pull/395))
+* 🐞 fix `encrypt`, then `decrypt`, then `encrypt` on a json value ([#377](https://github.com/dotenvx/dotenvx/issues/377))
+
+Note: the underlying `replace` engine to support these changes now wraps your values in single quotes. the prior `replace` engine wrapped in double quotes.
+
+So where your `.env` used to look like this with double quotes:
+
+```sh
+HELLO="encrypted:1234"
+API_KEY="encrypted:5678"
+```
+
+It will now begin looking like this with single quotes:
+
+```sh
+HELLO='encrypted:1234'
+API_KEY='encrypted:5678'
+```
+
+It's an aesthetic side effect only. Your values will continue to be decrypted and encrypted correctly.
 
 ## 1.17.0
 

package/README.md

@@ -260,6 +260,18 @@ More examples
   Hello World
   ```
 
+  </details>
+* <details><summary>Kotlin 📐</summary><br>
+
+  ```sh
+  $ echo "HELLO=World" > .env
+  $ echo 'fun main() { val hello = System.getenv("HELLO") ?: ""; println("Hello $hello") }' > index.kt
+  $ kotlinc index.kt -include-runtime -d index.jar
+
+  $ dotenvx run -- java -jar index.jar
+  Hello World
+  ```
+
   </details>
 * <details><summary>.NET 🔵</summary><br>
 
@@ -1089,7 +1101,7 @@ More examples
 
   This can be useful for more complex .env values (spaces, escaped characters, quotes, etc) combined with `eval` on the command line.
 
-  ```
+  ```sh
   $ echo "console.log('Hello ' + process.env.KEY + ' ' + process.env.HELLO)" > index.js
   $ eval $(dotenvx get --format=eval) node index.js
   Hello value World

package/package.json

@@ -1,5 +1,5 @@
 {
-  "version": "1.17.0",
+  "version": "1.18.1",
   "name": "@dotenvx/dotenvx",
   "description": "a better dotenv–from the creator of `dotenv`",
   "author": "@motdotla",

package/src/lib/helpers/escapeDollarSigns.js

@@ -0,0 +1,5 @@
+function escapeDollarSigns (str) {
+  return str.replace(/\$/g, '$$$$')
+}
+
+module.exports = escapeDollarSigns

package/src/lib/helpers/escapeForRegex.js

@@ -0,0 +1,5 @@
+function escapeForRegex (str) {
+  return str.replace(/[|\\{}()[\]^$+*?.]/g, '\\$&').replace(/-/g, '\\x2d')
+}
+
+module.exports = escapeForRegex

package/src/lib/helpers/replace.js

@@ -1,38 +1,59 @@
+const util = require('util')
 const dotenv = require('dotenv')
 
-function replace (src, key, value) {
+const escapeForRegex = require('./escapeForRegex')
+const escapeDollarSigns = require('./escapeDollarSigns')
+
+function replace (src, key, replaceValue) {
   let output
-  let formatted = `${key}="${value}"`
+  let escapedValue = util.inspect(replaceValue, { showHidden: false, depth: null, colors: false })
+
+  if (replaceValue.includes('\n')) {
+    escapedValue = JSON.stringify(replaceValue) // use JSON stringify if string contains newlines
+    escapedValue = escapedValue.replace(/\\n/g, '\n') // fix up newlines
+    escapedValue = escapedValue.replace(/\\r/g, '\r')
+  }
+  let newPart = `${key}=${escapedValue}`
 
   const parsed = dotenv.parse(src)
   if (Object.prototype.hasOwnProperty.call(parsed, key)) {
-    const regex = new RegExp(
-      // Match the key at the start of a line, following a newline, or prefaced by export
-      `(^|\\n)\\s*(export\\s+)?${key}\\s*=\\s*` +
-      // `(^|\\n)${key}\\s*=\\s*` +
-      // Non-capturing group to handle different types of quotations and unquoted values
-      '(?:' +
-        '(["\'`])' + // Match an opening quote
-        '.*?' + // Non-greedy match for any characters within quotes
-        // '\\2' + // Match the corresponding closing quote
-        '\\3' + // Match the corresponding closing quote
-      '|' +
-        // Match unquoted values; account for escaped newlines
-        '(?:[^#\\n\\\\]|\\\\.)*' + // Use non-capturing group for any character except #, newline, or backslash, or any escaped character
-      ')',
-      'gs' // Global and dotAll mode to treat string as single line
+    const originalValue = parsed[key]
+    const escapedOriginalValue = escapeForRegex(originalValue)
+
+    // conditionally enforce end of line
+    let enforceEndOfLine = ''
+    if (escapedOriginalValue === '') {
+      enforceEndOfLine = '$' // EMPTY scenario
+    }
+
+    const currentPart = new RegExp(
+      '^' + // start of line
+      '(\\s*)?' + // spaces
+      '(export\\s+)?' + // export
+      key + // KEY
+      '\\s*=\\s*' + // spaces (KEY = value)
+      '["\'`]?' + // open quote
+      escapedOriginalValue + // escaped value
+      '["\'`]?' + // close quote
+      enforceEndOfLine
+      ,
+      'gm' // (g)lobal (m)ultiline
     )
 
-    output = src.replace(regex, `$1$2${formatted}`)
+    const saferInput = escapeDollarSigns(newPart) // cleanse user inputted capture groups ($1, $2 etc)
+
+    // $1 preserves spaces
+    // $2 preserves export
+    output = src.replace(currentPart, `$1$2${saferInput}`)
   } else {
     // append
     if (src.endsWith('\n')) {
-      formatted = formatted + '\n'
+      newPart = newPart + '\n'
     } else {
-      formatted = '\n' + formatted
+      newPart = '\n' + newPart
     }
 
-    output = src + formatted
+    output = src + newPart
   }
 
   return output

package/src/lib/services/genexample.js

@@ -83,7 +83,7 @@ class Genexample {
         if (key in parsed) {
           preExisted[key] = parsed[key]
         } else {
-          exampleSrc += `${key}=""\n`
+          exampleSrc += `${key}=''\n`
 
           addedKeys.add(key)