@dotenvx/dotenvx 1.18.0 → 1.18.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/CHANGELOG.md +8 -2
  2. package/package.json +1 -1
  3. package/src/lib/helpers/escapeDollarSigns.js +5 -0
  4. package/src/lib/helpers/replace.js +5 -1
package/CHANGELOG.md CHANGED
@@ -2,13 +2,19 @@
2
2
 
3
3
  All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
4
4
 
5
- ## [Unreleased](https://github.com/dotenvx/dotenvx/compare/v1.18.0...main)
5
+ ## [Unreleased](https://github.com/dotenvx/dotenvx/compare/v1.18.1...main)
6
+
7
+ ## 1.18.1
8
+
9
+ ### Added
10
+
11
+ * escape user inputted regex groupings like `$1` or `$2`. ([#396](https://github.com/dotenvx/dotenvx/pull/396))
6
12
 
7
13
  ## 1.18.0
8
14
 
9
15
  ### Added
10
16
 
11
- * `set` and `encrypt` preserve leading spaces ([#395](https://github.com/dotenvx/dotenvx/pull/395/))
17
+ * `set` and `encrypt` preserve leading spaces ([#395](https://github.com/dotenvx/dotenvx/pull/395))
12
18
 
13
19
  ```sh
14
20
  HELLO=world
package/package.json CHANGED
@@ -1,5 +1,5 @@
1
1
  {
2
- "version": "1.18.0",
2
+ "version": "1.18.1",
3
3
  "name": "@dotenvx/dotenvx",
4
4
  "description": "a better dotenv–from the creator of `dotenv`",
5
5
  "author": "@motdotla",
package/src/lib/helpers/escapeDollarSigns.js ADDED
@@ -0,0 +1,5 @@
1
+ function escapeDollarSigns (str) {
2
+ return str.replace(/\$/g, '$$$$')
3
+ }
4
+
5
+ module.exports = escapeDollarSigns
package/src/lib/helpers/replace.js CHANGED
@@ -2,10 +2,12 @@ const util = require('util')
2
2
  const dotenv = require('dotenv')
3
3
 
4
4
  const escapeForRegex = require('./escapeForRegex')
5
+ const escapeDollarSigns = require('./escapeDollarSigns')
5
6
 
6
7
  function replace (src, key, replaceValue) {
7
8
  let output
8
9
  let escapedValue = util.inspect(replaceValue, { showHidden: false, depth: null, colors: false })
10
+
9
11
  if (replaceValue.includes('\n')) {
10
12
  escapedValue = JSON.stringify(replaceValue) // use JSON stringify if string contains newlines
11
13
  escapedValue = escapedValue.replace(/\\n/g, '\n') // fix up newlines
@@ -38,9 +40,11 @@ function replace (src, key, replaceValue) {
38
40
  'gm' // (g)lobal (m)ultiline
39
41
  )
40
42
 
43
+ const saferInput = escapeDollarSigns(newPart) // cleanse user inputted capture groups ($1, $2 etc)
44
+
41
45
  // $1 preserves spaces
42
46
  // $2 preserves export
43
- output = src.replace(currentPart, `$1$2${newPart}`)
47
+ output = src.replace(currentPart, `$1$2${saferInput}`)
44
48
  } else {
45
49
  // append
46
50
  if (src.endsWith('\n')) {