@dotenvx/dotenvx 1.39.0 → 1.40.0

package/CHANGELOG.md

@@ -2,7 +2,21 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
-[Unreleased](https://github.com/dotenvx/dotenvx/compare/v1.39.0...main)
+[Unreleased](https://github.com/dotenvx/dotenvx/compare/v1.40.0...main)
+
+## [1.40.0](https://github.com/dotenvx/dotenvx/compare/v1.39.1...v1.40.0)
+
+### Added
+
+* Smarter `ext precommit` and `ext prebuild` – catch duplicate KEYs in the same .env file where one is mistakenly left unencrypted ([#567](https://github.com/dotenvx/dotenvx/pull/567))
+
+## [1.39.1](https://github.com/dotenvx/dotenvx/compare/v1.39.0...v1.39.1)
+
+### Added
+
+* Add `version` to homebrew formula ([#564](https://github.com/dotenvx/dotenvx/pull/564))
+
+## [1.39.0](https://github.com/dotenvx/dotenvx/compare/v1.38.5...v1.39.0)
 
 ### Added
 

package/README.md

@@ -614,6 +614,9 @@ More examples
 
   $ dotenvx run --convention=nextjs -- node index.js
   Hello development local
+
+  $ dotenvx run --convention=flow -- node index.js
+  Hello development local
   ```
 
   (more conventions available upon request)
@@ -1156,6 +1159,29 @@ Advanced CLI commands.
   development local
   ```
 
+  </details>
+* <details><summary>`get KEY --convention=flow`</summary><br>
+
+  Return a single environment variable's value using [dotenv-flow's convention](https://www.npmjs.com/package/dotenv-flow). Set `--convention` to `flow`:
+
+  ```sh
+  $ echo "HELLO=development local" > .env.development.local
+  $ echo "HELLO=development" > .env.development
+  $ echo "HELLO=local" > .env.local
+  $ echo "HELLO=env" > .env
+  $ echo "console.log('Hello ' + process.env.HELLO)" > index.js
+
+  $ NODE_ENV=development dotenvx get HELLO --convention=flow
+  development local
+  ```
+
+  Further, we recommend using `DOTENV_ENV` over `NODE_ENV`– as `dotenvx` works everywhere, not just node.
+
+  ```sh
+  $ DOTENV_ENV=development dotenvx get HELLO --convention=flow
+  development local
+  ```
+
   </details>
 * <details><summary>`get` (json)</summary><br>
 
@@ -2261,6 +2287,128 @@ Use dotenvx directly in code.
 
   </details>
 
+### Pro 🏆
+
+*Secrets Management – Done Right. Encrypted, Cloaked, Secrets as Code.*
+
+* <details><summary>`pro keypair`</summary><br>
+
+  Print fully managed public/private keys for `.env` file.
+
+  ```sh
+  $ echo "HELLO=World" > .env
+  $ dotenvx encrypt
+
+  $ dotenvx pro push
+
+  $ dotenvx pro keypair
+  {"DOTENV_PUBLIC_KEY":"<publicKey>","DOTENV_PRIVATE_KEY":"<privateKey>"}
+  ```
+
+  </details>
+* <details><summary>`pro keypair -f`</summary><br>
+
+  Print fully managed public/private keys for `.env.production` file.
+
+  ```sh
+  $ echo "HELLO=Production" > .env.production
+  $ dotenvx encrypt -f .env.production
+
+  $ dotenvx pro push
+
+  $ dotenvx pro keypair -f .env.production
+  {"DOTENV_PUBLIC_KEY_PRODUCTION":"<publicKey>","DOTENV_PRIVATE_KEY_PRODUCTION":"<privateKey>"}
+  ```
+
+  </details>
+* <details><summary>`pro keypair DOTENV_PRIVATE_KEY`</summary><br>
+
+  Print specific fully managed keypair for `.env` file.
+
+  ```sh
+  $ echo "HELLO=World" > .env
+  $ dotenvx encrypt
+
+  $ dotenvx pro push
+
+  $ dotenvx pro keypair DOTENV_PRIVATE_KEY
+  <privateKey>
+  ```
+
+  </details>
+* <details><summary>`pro settings org`</summary><br>
+
+  Print organization.
+
+  ```sh
+  $ dotenvx pro settings org
+  motdotla
+  ```
+
+  </details>
+* <details><summary>`pro settings orgpublickey`</summary><br>
+
+  Print organization public key–used for encrypting project private keys.
+
+  ```sh
+  $ dotenvx pro settings orgpublickey
+  02761eccd2a442ebbfa14ac2e72762d885a1e96b8949428deea62db305947d6408
+  ```
+
+  </details>
+* <details><summary>`pro settings orgprivatekey`</summary><br>
+
+  Print masked organization private key–used for decrypting project private keys.
+
+  ```sh
+  $ dotenvx pro settings orgprivatekey
+  322c004*********************************************************
+  ```
+
+  </details>
+* <details><summary>`pro settings orgprivatekey --unmask`</summary><br>
+
+  Print unmasked organization private key–used for decrypting project private keys.
+
+  ```sh
+  $ dotenvx pro settings orgprivatekey --unmask
+  322c004271ac6ad1b548df3f316ff4e8f08e17e0b15f459db64f3f3b48b0efb7
+  ```
+
+  </details>
+* <details><summary>`pro settings orgteam`</summary><br>
+
+  Print team status in tabular format.
+
+  ```sh
+  $ dotenvx pro settings orgteam
+  ╔═══════════╤════════╗
+  ║ username  │ synced ║
+  ╟───────────┼────────╢
+  ║ motdotla  │ ✔      ║
+  ╟───────────┼────────╢
+  ║ motdotenv │ ✔      ║
+  ╚═══════════╧════════╝
+  ```
+
+  </details>
+* <details><summary>`pro settings storetree`</summary><br>
+
+  Print encrypted store tree–backing your dotenvx pro installation.
+
+  ```sh
+  $ dotenvx pro settings storetree
+  ├─ .env
+  └─ pro.dotenvx.com
+     ├─ user-1-organization-1.json
+     ├─ user-1-private-key.json
+     └─ user-1.json
+  ```
+
+  </details>
+
+&nbsp;
+
 ## Whitepaper
 
 > **Dotenvx: Reducing Secrets Risk with Cryptographic Separation**

package/package.json

@@ -1,5 +1,5 @@
 {
-  "version": "1.39.0",
+  "version": "1.40.0",
   "name": "@dotenvx/dotenvx",
   "description": "a better dotenv–from the creator of `dotenv`",
   "author": "@motdotla",

package/src/lib/helpers/dotenvParse.js

@@ -1,7 +1,7 @@
 // historical dotenv.parse - https://github.com/motdotla/dotenv)
 const LINE = /(?:^|^)\s*(?:export\s+)?([\w.-]+)(?:\s*=\s*?|:\s+?)(\s*'(?:\\'|[^'])*'|\s*"(?:\\"|[^"])*"|\s*`(?:\\`|[^`])*`|[^#\r\n]+)?\s*(?:#.*)?(?:$|$)/mg
 
-function dotenvParse (src, skipExpandForDoubleQuotes = false, skipConvertingWindowsNewlines = false) {
+function dotenvParse (src, skipExpandForDoubleQuotes = false, skipConvertingWindowsNewlines = false, collectAllValues = false) {
   const obj = {}
 
   // Convert buffer to string
@@ -35,8 +35,18 @@ function dotenvParse (src, skipExpandForDoubleQuotes = false, skipConvertingWind
       value = value.replace(/\\t/g, '\t') // tabs
     }
 
-    // Add to object
-    obj[key] = value
+    if (collectAllValues) {
+      // handle scenario where user mistakenly includes plaintext duplicate in .env:
+      //
+      // # .env
+      // HELLO="World"
+      // HELLO="enrypted:1234"
+      obj[key] = obj[key] || []
+      obj[key].push(value)
+    } else {
+      // Add to object
+      obj[key] = value
+    }
   }
 
   return obj

package/src/lib/helpers/executeDynamic.js

@@ -23,12 +23,9 @@ function executeDynamic (program, command, rawArgs) {
   const result = childProcess.spawnSync(`dotenvx-${command}`, forwardedArgs, { stdio: 'inherit', env })
   if (result.error) {
     if (command === 'pro') {
-      // logger.warn(`[INSTALLATION_NEEDED] install dotenvx-${command} to use [dotenvx ${command}] commands 🏆`)
-      // logger.help('? see installation instructions [https://github.com/dotenvx/dotenvx-pro]')
-
       const pro = `_______________________________________________________________
 |                                                             |
-|  coming soon! (for small business)                          |
+|  For small and medium businesses                            |
 |                                                             |
 |      | |     | |                                            |
 |    __| | ___ | |_ ___ _ ____   ____  __  _ __  _ __ ___     |
@@ -37,9 +34,9 @@ function executeDynamic (program, command, rawArgs) {
 |   \\__,_|\\___/ \\__\\___|_| |_|\\_/  /_/\\_\\ | .__/|_|  \\___/    |
 |                                         | |                 |
 |                                         |_|                 |
-| ## learn more on github 🐙                                  |
+| ## learn more on dotenvx 🟨                                 |
 |                                                             |
-| >> https://github.com/dotenvx/dotenvx/issues/259            |
+| >> https://dotenvx.com/pricing                              |
 |                                                             |
 | ## subscribe on github to be notified 📣                    |
 |                                                             |
@@ -50,6 +47,9 @@ function executeDynamic (program, command, rawArgs) {
 |_____________________________________________________________|`
 
       console.log(pro)
+      console.log('')
+      logger.warn(`[INSTALLATION_NEEDED] install dotenvx-${command} to use [dotenvx ${command}] commands 🏆`)
+      logger.help('? see installation instructions [https://github.com/dotenvx/dotenvx-pro]')
     } else {
       logger.info(`error: unknown command '${command}'`)
     }

package/src/lib/helpers/isFullyEncrypted.js

@@ -3,12 +3,21 @@ const isEncrypted = require('./isEncrypted')
 const isPublicKey = require('./isPublicKey')
 
 function isFullyEncrypted (src) {
-  const parsed = dotenvParse(src)
+  const parsed = dotenvParse(src, false, false, true) // collect all values
 
-  for (const [key, value] of Object.entries(parsed)) {
-    const result = isEncrypted(value) || isPublicKey(key, value)
-    if (!result) {
-      return false
+  for (const [key, values] of Object.entries(parsed)) {
+    // handle scenario where user mistakenly includes plaintext duplicate in .env:
+    //
+    // # .env
+    // HELLO="World"
+    // HELLO="enrypted:1234"
+    //
+    // key => [value1, ...]
+    for (const value of values) {
+      const result = isEncrypted(value) || isPublicKey(key, value)
+      if (!result) {
+        return false
+      }
     }
   }
 

package/src/lib/services/precommit.js

@@ -93,11 +93,24 @@ class Precommit {
     }
   }
 
+  _isInGitRepo () {
+    try {
+      childProcess.execSync('git rev-parse --is-inside-work-tree', { stdio: 'ignore' })
+      return true
+    } catch {
+      return false
+    }
+  }
+
   _isFileToBeCommitted (filePath) {
     try {
+      if (!this._isInGitRepo()) {
+        // consider file to be committed if there is an error (not a git repo)
+        return true
+      }
+
       const output = childProcess.execSync('git diff HEAD --name-only').toString()
       const files = output.split('\n')
-
       return files.includes(filePath)
     } catch (error) {
       // consider file to be committed if there is an error (not using git)