@dotenvx/dotenvx 1.38.4 → 1.39.0

package/CHANGELOG.md

@@ -2,7 +2,21 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
-[Unreleased](https://github.com/dotenvx/dotenvx/compare/v1.38.4...main)
+[Unreleased](https://github.com/dotenvx/dotenvx/compare/v1.39.0...main)
+
+### Added
+
+* Add `--convention flow` option to `dotenvx run` ([#551](https://github.com/dotenvx/dotenvx/pull/551))
+
+### Changed
+
+* Fix typos ([#550](https://github.com/dotenvx/dotenvx/pull/550))
+
+## [1.38.5](https://github.com/dotenvx/dotenvx/compare/v1.38.4...v1.38.5)
+
+### Added
+
+* 🐞 Add `config.d.ts` file to fix type error when loading `dotenvx/dotenvx/config` with dynamic import ([#547](https://github.com/dotenvx/dotenvx/pull/547))
 
 ## [1.38.4](https://github.com/dotenvx/dotenvx/compare/v1.38.3...v1.38.4)
 
@@ -300,7 +314,7 @@ FOO=${FOO}bar
 
 ### Changed
 
-* for `--convention nextjs` ingnore `.env.local` for TEST environment ([#425](https://github.com/dotenvx/dotenvx/pull/425))
+* for `--convention nextjs` ignore `.env.local` for TEST environment ([#425](https://github.com/dotenvx/dotenvx/pull/425))
 * for `precommit` redirect missing `dotenvx` command using POSIX compliant redirection ([#424](https://github.com/dotenvx/dotenvx/pull/424))
 * make parent `dotenvx help` command less noisy by removing `[options]`. run `dotenvx COMMAND -h` to list all available options like always ([#429](https://github.com/dotenvx/dotenvx/pull/429))
 
@@ -841,7 +855,7 @@ Learn more at [https://dotenvx.com/docs/quickstart#add-encryption]
 
 ### Added
 
-* Support encryption replacemnt of multiline values ([#220](https://github.com/dotenvx/dotenvx/pull/220))
+* Support encryption replacement of multiline values ([#220](https://github.com/dotenvx/dotenvx/pull/220))
 
 ## 0.40.0
 
@@ -894,7 +908,7 @@ Further notes:
 
 * `DOTENV_PUBLIC_KEY` lives in the `.env` file. You can safely share this with whomever you wish.
 * `DOTENV_PRIVATE_KEY` lives in your `.env.keys` file. Share this only with those you trust to decrypt your secrets.
-* If using encrypted `.env` files like this it is safe to commmit them to source code. This makes reviewing PRs that contain secrets much easier.
+* If using encrypted `.env` files like this it is safe to commit them to source code. This makes reviewing PRs that contain secrets much easier.
 * Tell your contributors to contribute a secret using the command `dotenvx set HELLO world --encrypt`.
 * Set your `DOTENV_PRIVATE_KEY` on your server to decrypt these values using `dotenvx run -- yourcommand`
 * You can repeat all this per environment by modifying your set command to `dotenvx set HELLO production -f .env.production --encrypt` (for example)

package/README.md

@@ -604,7 +604,7 @@ More examples
   </details>
 * <details><summary>`--convention` flag</summary><br>
 
-  Load envs using [Next.js' convention](https://nextjs.org/docs/pages/building-your-application/configuring/environment-variables#environment-variable-load-order). Set `--convention` to `nextjs`:
+  Load envs using [Next.js' convention](https://nextjs.org/docs/pages/building-your-application/configuring/environment-variables#environment-variable-load-order) or [dotenv-flow convention](https://www.npmjs.com/package/dotenv-flow). Set `--convention` to `nextjs` or `flow`:
 
   ```sh
   $ echo "HELLO=development local" > .env.development.local
@@ -741,6 +741,10 @@ More examples
 > Become a `dotenvx` power user.
 >
 
+### CLI 📟
+
+Advanced CLI commands.
+
 * <details><summary>`run` - Variable Expansion</summary><br>
 
   Reference and expand variables already on your machine for use in your .env file.
@@ -1025,6 +1029,31 @@ More examples
 
   (more conventions available upon request)
 
+  </details>
+* <details><summary>`run --convention=flow`</summary><br>
+
+  Load envs using [dotenv-flow's convention](https://www.npmjs.com/package/dotenv-flow). Set `--convention` to `flow`:
+
+  ```sh
+  $ echo "HELLO=development local" > .env.development.local
+  $ echo "HELLO=development" > .env.development
+  $ echo "HELLO=local" > .env.local
+  $ echo "HELLO=env" > .env
+  $ echo "console.log('Hello ' + process.env.HELLO)" > index.js
+
+  $ NODE_ENV=development dotenvx run --convention=flow -- node index.js 
+  [dotenvx@1.X.X] injecting env (1) from .env.development.local, .env.development, .env.local, .env
+  Hello development local
+  ```
+
+  Further, we recommend using `DOTENV_ENV` over `NODE_ENV`– as `dotenvx` works everywhere, not just node.
+
+  ```sh
+  $ DOTENV_ENV=development dotenvx run --convention=flow -- node index.js 
+  [dotenvx@1.X.X] injecting env (1) from .env.development.local, .env.development, .env.local, .env
+  Hello development local
+  ```
+
   </details>
 * <details><summary>`run -fk`</summary><br>
 
@@ -1504,7 +1533,7 @@ More examples
   </details>
 * <details><summary>`decrypt -ek`</summary><br>
 
-  Decrypt the contents inside an encrypted `.env` file except for an exluded key.
+  Decrypt the contents inside an encrypted `.env` file except for an excluded key.
 
   ```sh
   $ echo "HELLO=World\nHOLA=Mundo" > .env
@@ -1602,7 +1631,7 @@ More examples
   </details>
 * <details><summary>`keypair --format shell`</summary><br>
 
-  Print a shell formatted reponse of public/private keys.
+  Print a shell formatted response of public/private keys.
 
   ```sh
   $ echo "HELLO=World" > .env
@@ -1753,7 +1782,7 @@ More examples
   </details>
 * <details><summary>`rotate -ek`</summary><br>
 
-  Rotate the encrypted contents inside an encrypted `.env` file except for an exluded key.
+  Rotate the encrypted contents inside an encrypted `.env` file except for an excluded key.
 
   ```sh
   $ echo "HELLO=World\nHOLA=Mundo" > .env
@@ -1875,6 +1904,8 @@ More examples
 
 ### Extensions 🔌
 
+CLI extensions.
+
 * <details><summary>`ext genexample`</summary><br>
 
   In one command, generate a `.env.example` file from your current `.env` file contents.
@@ -2006,7 +2037,9 @@ More examples
 
   </details>
 
-### config() 📦
+### Library 📦
+
+Use dotenvx directly in code.
 
 * <details><summary>`config()`</summary><br>
 
@@ -2204,7 +2237,7 @@ More examples
   </details>
 * <details><summary>`set(KEY, value)`</summary><br>
 
-  Programatically set an environment variable. 
+  Programmatically set an environment variable. 
 
   ```js
   // index.js
@@ -2215,7 +2248,7 @@ More examples
   </details>
 * <details><summary>`get(KEY)` - <i>Decryption at Access</i></summary><br>
 
-  Programatically get an environment variable at access/runtime.
+  Programmatically get an environment variable at access/runtime.
 
   ```js
   // index.js
@@ -2228,6 +2261,16 @@ More examples
 
   </details>
 
+## Whitepaper
+
+> **Dotenvx: Reducing Secrets Risk with Cryptographic Separation**
+>
+> Abstract. An ideal secrets solution would not only centralize secrets but also contain the fallout of a breach. While secrets managers offer centralized storage and distribution, their design creates a large blast radius, risking exposure of thousands or even millions of secrets. We propose a solution that reduces the blast radius by splitting secrets management into two distinct components: an encrypted secrets file and a separate decryption key.
+>
+> ...
+>
+> [Read the whitepaper](https://dotenvx.com/dotenvx.pdf)
+
 &nbsp;
 
 ## Guides

package/package.json

@@ -1,5 +1,5 @@
 {
-  "version": "1.38.4",
+  "version": "1.39.0",
   "name": "@dotenvx/dotenvx",
   "description": "a better dotenv–from the creator of `dotenv`",
   "author": "@motdotla",

package/src/cli/commands/ext.js

@@ -61,7 +61,7 @@ ext.command('scan')
   .description('scan for leaked secrets')
   .action(require('./../actions/ext/scan'))
 
-// overide helpInformation to hide dynamic commands
+// override helpInformation to hide dynamic commands
 ext.helpInformation = function () {
   const originalHelp = Command.prototype.helpInformation.call(this)
   const lines = originalHelp.split('\n')

package/src/cli/dotenvx.js

@@ -60,7 +60,7 @@ program.command('run')
   .option('-fv, --env-vault-file <paths...>', 'path(s) to your .env.vault file(s)', collectEnvs('envVaultFile'), [])
   .option('-o, --overload', 'override existing env variables')
   .option('--strict', 'process.exit(1) on any errors', false)
-  .option('--convention <name>', 'load a .env convention (available conventions: [\'nextjs\'])')
+  .option('--convention <name>', 'load a .env convention (available conventions: [\'nextjs\', \'flow\'])')
   .option('--ignore <errorCodes...>', 'error code(s) to ignore (example: --ignore=MISSING_ENV_FILE)')
   .action(function (...args) {
     this.envs = envs
@@ -79,7 +79,7 @@ program.command('get')
   .option('-fv, --env-vault-file <paths...>', 'path(s) to your .env.vault file(s)', collectEnvs('envVaultFile'), [])
   .option('-o, --overload', 'override existing env variables')
   .option('--strict', 'process.exit(1) on any errors', false)
-  .option('--convention <name>', 'load a .env convention (available conventions: [\'nextjs\'])')
+  .option('--convention <name>', 'load a .env convention (available conventions: [\'nextjs\', \'flow\'])')
   .option('--ignore <errorCodes...>', 'error code(s) to ignore (example: --ignore=MISSING_ENV_FILE)')
   .option('-a, --all', 'include all machine envs as well')
   .option('-pp, --pretty-print', 'pretty print output')
@@ -219,7 +219,7 @@ program.command('precommit')
     precommitAction.apply(this, args)
   })
 
-// overide helpInformation to hide DEPRECATED and 'ext' commands
+// override helpInformation to hide DEPRECATED and 'ext' commands
 program.helpInformation = function () {
   const originalHelp = Command.prototype.helpInformation.call(this)
   const lines = originalHelp.split('\n')

package/src/lib/config.d.ts

@@ -0,0 +1 @@
+export {};

package/src/lib/helpers/conventions.js

@@ -1,7 +1,8 @@
 function conventions (convention) {
+  const env = process.env.DOTENV_ENV || process.env.NODE_ENV || 'development'
+
   if (convention === 'nextjs') {
-    const nodeEnv = process.env.NODE_ENV || 'development'
-    const canonicalEnv = ['development', 'test', 'production'].includes(nodeEnv) && nodeEnv
+    const canonicalEnv = ['development', 'test', 'production'].includes(env) && env
 
     return [
       canonicalEnv && { type: 'envFile', value: `.env.${canonicalEnv}.local` },
@@ -9,8 +10,16 @@ function conventions (convention) {
       canonicalEnv && { type: 'envFile', value: `.env.${canonicalEnv}` },
       { type: 'envFile', value: '.env' }
     ].filter(Boolean)
+  } else if (convention === 'flow') {
+    return [
+      { type: 'envFile', value: `.env.${env}.local` },
+      { type: 'envFile', value: `.env.${env}` },
+      { type: 'envFile', value: '.env.local' },
+      { type: 'envFile', value: '.env' },
+      { type: 'envFile', value: '.env.defaults' }
+    ]
   } else {
-    throw new Error(`INVALID_CONVENTION: '${convention}'. permitted conventions: ['nextjs']`)
+    throw new Error(`INVALID_CONVENTION: '${convention}'. permitted conventions: ['nextjs', 'flow']`)
   }
 }
 

package/src/lib/main.d.ts

@@ -121,7 +121,7 @@ export interface DotenvConfigOptions {
   DOTENV_KEY?: string;
 
   /**
-   * Load a .env convention (available conventions: 'nextjs')
+   * Load a .env convention (available conventions: 'nextjs, flow')
    */
   convention?: string;
 
@@ -191,7 +191,7 @@ export interface SetOptions {
   envKeysFile?: string;
 
   /**
-   * Set a .env convention (available conventions: 'nextjs')
+   * Set a .env convention (available conventions: 'nextjs, flow')
    */
   convention?: string;
 

package/src/lib/services/precommit.js

@@ -46,7 +46,7 @@ class Precommit {
       dotenvFiles.forEach(file => {
         count += 1
 
-        // check if file is going to be commited
+        // check if file is going to be committed
         if (this._isFileToBeCommitted(file)) {
           // check if that file is being ignored
           if (ig.ignores(file)) {