@dotenvx/dotenvx 1.39.1 → 1.40.0

package/CHANGELOG.md

@@ -2,7 +2,13 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
-[Unreleased](https://github.com/dotenvx/dotenvx/compare/v1.39.1...main)
+[Unreleased](https://github.com/dotenvx/dotenvx/compare/v1.40.0...main)
+
+## [1.40.0](https://github.com/dotenvx/dotenvx/compare/v1.39.1...v1.40.0)
+
+### Added
+
+* Smarter `ext precommit` and `ext prebuild` – catch duplicate KEYs in the same .env file where one is mistakenly left unencrypted ([#567](https://github.com/dotenvx/dotenvx/pull/567))
 
 ## [1.39.1](https://github.com/dotenvx/dotenvx/compare/v1.39.0...v1.39.1)
 

package/README.md

@@ -2289,7 +2289,7 @@ Use dotenvx directly in code.
 
 ### Pro 🏆
 
-*Secrets Management – Done Right. Cloak your private keys and treat secrets like code.*
+*Secrets Management – Done Right. Encrypted, Cloaked, Secrets as Code.*
 
 * <details><summary>`pro keypair`</summary><br>
 

package/package.json

@@ -1,5 +1,5 @@
 {
-  "version": "1.39.1",
+  "version": "1.40.0",
   "name": "@dotenvx/dotenvx",
   "description": "a better dotenv–from the creator of `dotenv`",
   "author": "@motdotla",

package/src/lib/helpers/dotenvParse.js

@@ -1,7 +1,7 @@
 // historical dotenv.parse - https://github.com/motdotla/dotenv)
 const LINE = /(?:^|^)\s*(?:export\s+)?([\w.-]+)(?:\s*=\s*?|:\s+?)(\s*'(?:\\'|[^'])*'|\s*"(?:\\"|[^"])*"|\s*`(?:\\`|[^`])*`|[^#\r\n]+)?\s*(?:#.*)?(?:$|$)/mg
 
-function dotenvParse (src, skipExpandForDoubleQuotes = false, skipConvertingWindowsNewlines = false) {
+function dotenvParse (src, skipExpandForDoubleQuotes = false, skipConvertingWindowsNewlines = false, collectAllValues = false) {
   const obj = {}
 
   // Convert buffer to string
@@ -35,8 +35,18 @@ function dotenvParse (src, skipExpandForDoubleQuotes = false, skipConvertingWind
       value = value.replace(/\\t/g, '\t') // tabs
     }
 
-    // Add to object
-    obj[key] = value
+    if (collectAllValues) {
+      // handle scenario where user mistakenly includes plaintext duplicate in .env:
+      //
+      // # .env
+      // HELLO="World"
+      // HELLO="enrypted:1234"
+      obj[key] = obj[key] || []
+      obj[key].push(value)
+    } else {
+      // Add to object
+      obj[key] = value
+    }
   }
 
   return obj

package/src/lib/helpers/isFullyEncrypted.js

@@ -3,12 +3,21 @@ const isEncrypted = require('./isEncrypted')
 const isPublicKey = require('./isPublicKey')
 
 function isFullyEncrypted (src) {
-  const parsed = dotenvParse(src)
+  const parsed = dotenvParse(src, false, false, true) // collect all values
 
-  for (const [key, value] of Object.entries(parsed)) {
-    const result = isEncrypted(value) || isPublicKey(key, value)
-    if (!result) {
-      return false
+  for (const [key, values] of Object.entries(parsed)) {
+    // handle scenario where user mistakenly includes plaintext duplicate in .env:
+    //
+    // # .env
+    // HELLO="World"
+    // HELLO="enrypted:1234"
+    //
+    // key => [value1, ...]
+    for (const value of values) {
+      const result = isEncrypted(value) || isPublicKey(key, value)
+      if (!result) {
+        return false
+      }
     }
   }
 

package/src/lib/services/precommit.js

@@ -93,11 +93,24 @@ class Precommit {
     }
   }
 
+  _isInGitRepo () {
+    try {
+      childProcess.execSync('git rev-parse --is-inside-work-tree', { stdio: 'ignore' })
+      return true
+    } catch {
+      return false
+    }
+  }
+
   _isFileToBeCommitted (filePath) {
     try {
+      if (!this._isInGitRepo()) {
+        // consider file to be committed if there is an error (not a git repo)
+        return true
+      }
+
       const output = childProcess.execSync('git diff HEAD --name-only').toString()
       const files = output.split('\n')
-
       return files.includes(filePath)
     } catch (error) {
       // consider file to be committed if there is an error (not using git)