@dotenvx/dotenvx 1.40.0 → 1.41.0

package/CHANGELOG.md

@@ -2,7 +2,19 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
-[Unreleased](https://github.com/dotenvx/dotenvx/compare/v1.40.0...main)
+[Unreleased](https://github.com/dotenvx/dotenvx/compare/v1.41.0...main)
+
+## [1.41.0](https://github.com/dotenvx/dotenvx/compare/v1.40.1...v1.41.0)
+
+### Added
+
+* Add [directory] argument to precommit and prebuild ([#572](https://github.com/dotenvx/dotenvx/pull/572))
+
+## [1.40.1](https://github.com/dotenvx/dotenvx/compare/v1.40.0...v1.40.1)
+
+### Changed
+
+* Patch `ext scan` command ([#570](https://github.com/dotenvx/dotenvx/pull/570))
 
 ## [1.40.0](https://github.com/dotenvx/dotenvx/compare/v1.39.1...v1.40.0)
 

package/LICENSE

@@ -1,6 +1,6 @@
 BSD 3-Clause License
 
-Copyright (c) 2024, Scott Motte
+Copyright (c) 2024, Dotenvx LLC
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are met:
@@ -26,3 +26,11 @@ SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
 CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+---
+
+Dotenvx is an Open Source project licensed under the BSD 3-Clause above.
+
+Dotenvx Pro is source-available with a commercial-friendly license. You can find 
+the full commercial license in `COMMERCIAL-LICENSE.txt`. See https://dotenvx.com 
+for features and purchasing options.

package/README.md

@@ -796,6 +796,59 @@ Advanced CLI commands.
   Hello World
   ```
 
+  </details>
+* <details><summary>`run` - Multiline</summary><br>
+
+  Dotenvx supports multiline values. This is particularly useful in conjunction with Docker - which [does not support multiline values](https://stackoverflow.com/questions/50299617/set-multiline-environment-variable-with-dockerfile/79578348#79578348).
+
+  ```ini
+  # .env
+  MULTILINE_PEM="-----BEGIN PUBLIC KEY-----
+  MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNl1tL3QjKp3DZWM0T3u
+  LgGJQwu9WqyzHKZ6WIA5T+7zPjO1L8l3S8k8YzBrfH4mqWOD1GBI8Yjq2L1ac3Y/
+  bTdfHN8CmQr2iDJC0C6zY8YV93oZB3x0zC/LPbRYpF8f6OqX1lZj5vo2zJZy4fI/
+  kKcI5jHYc8VJq+KCuRZrvn+3V+KuL9tF9v8ZgjF2PZbU+LsCy5Yqg1M8f5Jp5f6V
+  u4QuUoobAgMBAAE=
+  -----END PUBLIC KEY-----"
+  ```
+
+  ```js
+  // index.js
+  console.log('MULTILINE_PEM', process.env.MULTILINE_PEM)
+  ```
+
+  ```sh
+  $ dotenvx run -- node index.js
+  MULTILINE_PEM -----BEGIN PUBLIC KEY-----
+  MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNl1tL3QjKp3DZWM0T3u
+  LgGJQwu9WqyzHKZ6WIA5T+7zPjO1L8l3S8k8YzBrfH4mqWOD1GBI8Yjq2L1ac3Y/
+  bTdfHN8CmQr2iDJC0C6zY8YV93oZB3x0zC/LPbRYpF8f6OqX1lZj5vo2zJZy4fI/
+  kKcI5jHYc8VJq+KCuRZrvn+3V+KuL9tF9v8ZgjF2PZbU+LsCy5Yqg1M8f5Jp5f6V
+  u4QuUoobAgMBAAE=
+  -----END PUBLIC KEY-----
+  ```
+
+  </details>
+* <details><summary>`run` - Contextual Help</summary><br>
+
+  Unlike other dotenv libraries, dotenvx attempts to unblock you with contextual help.
+
+  For example, when missing a custom .env file:
+
+  ```sh
+  $ dotenvx run -f .env.missing -- echo $HELLO
+  [MISSING_ENV_FILE] missing .env.missing file (/Users/scottmotte/Code/dotenvx/playground/apr-16/.env.missing)
+  [MISSING_ENV_FILE] https://github.com/dotenvx/dotenvx/issues/484 and re-run [dotenvx run -- echo]
+  ```
+
+  or when missing a KEY:
+
+  ```sh
+  $ echo "HELLO=World" > .env
+  $ dotenvx get GOODBYE
+  [MISSING_KEY] missing GOODBYE key
+  ```
+
   </details>
 * <details><summary>`run` - multiple `-f` flags</summary><br>
 
@@ -2026,6 +2079,16 @@ CLI extensions.
   [dotenvx][precommit] dotenvx ext precommit installed [.git/hooks/pre-commit]
   ```
 
+  </details>
+* <details><summary>`ext precommit directory`</summary><br>
+
+  Prevent `.env` files from being committed to code inside a specified path to a directory.
+
+  ```sh
+  $ dotenvx ext precommit apps/backend
+  [dotenvx][precommit] .env files (1) protected (encrypted or gitignored)
+  ```
+
   </details>
 * <details><summary>`ext prebuild`</summary><br>
 
@@ -2044,23 +2107,35 @@ CLI extensions.
   ```
 
   </details>
-* <details><summary>`ext scan`</summary><br>
+* <details><summary>`ext prebuild directory`</summary><br>
+
+  Prevent `.env` files from being built into your docker containers inside a specified path to a directory.
 
-  Use [gitleaks](https://gitleaks.io) under the hood to scan for possible secrets in your code.
+  Add it to your `Dockerfile`.
 
   ```sh
-  $ dotenvx ext scan
+  # Dockerfile
+  RUN curl -fsS https://dotenvx.sh | sh
 
-      ○
-      │╲
-      │ ○
-      ○ ░
-      ░    gitleaks
+  ...
 
+  RUN dotenvx ext prebuild apps/backend
+  CMD ["dotenvx", "run", "--", "node", "index.js"]
+  ```
+
+  </details>
+* <details><summary>`ext scan`</summary><br>
+
+  Scan for leaked secrets.
+
+  ```sh
+  $ dotenvx ext scan
   100 commits scanned.
   no leaks found
   ```
 
+  Uses [gitleaks](https://gitleaks.io) under the hood.
+
   </details>
 
 ### Library 📦
@@ -2289,6 +2364,8 @@ Use dotenvx directly in code.
 
 ### Pro 🏆
 
+> Dotenvx Pro is a commercial extension for [dotenvx](https://github.com/dotenvx/dotenvx).
+
 *Secrets Management – Done Right. Encrypted, Cloaked, Secrets as Code.*
 
 * <details><summary>`pro keypair`</summary><br>

package/package.json

@@ -1,5 +1,5 @@
 {
-  "version": "1.40.0",
+  "version": "1.41.0",
   "name": "@dotenvx/dotenvx",
   "description": "a better dotenv–from the creator of `dotenv`",
   "author": "@motdotla",

package/src/cli/actions/ext/prebuild.js

@@ -2,7 +2,10 @@ const { logger } = require('./../../../shared/logger')
 
 const Prebuild = require('./../../../lib/services/prebuild')
 
-function prebuild () {
+function prebuild (directory) {
+  // debug args
+  logger.debug(`directory: ${directory}`)
+
   const options = this.opts()
   logger.debug(`options: ${JSON.stringify(options)}`)
 
@@ -10,7 +13,7 @@ function prebuild () {
     const {
       successMessage,
       warnings
-    } = new Prebuild(options).run()
+    } = new Prebuild(directory, options).run()
 
     for (const warning of warnings) {
       logger.warn(warning.message)

package/src/cli/actions/ext/precommit.js

@@ -2,7 +2,10 @@ const { logger } = require('./../../../shared/logger')
 
 const Precommit = require('./../../../lib/services/precommit')
 
-function precommit () {
+function precommit (directory) {
+  // debug args
+  logger.debug(`directory: ${directory}`)
+
   const options = this.opts()
   logger.debug(`options: ${JSON.stringify(options)}`)
 
@@ -10,7 +13,7 @@ function precommit () {
     const {
       successMessage,
       warnings
-    } = new Precommit(options).run()
+    } = new Precommit(directory, options).run()
 
     for (const warning of warnings) {
       logger.warn(warning.message)

package/src/cli/actions/ext/scan.js

@@ -1,6 +1,7 @@
 const childProcess = require('child_process')
 
 const { logger } = require('./../../../shared/logger')
+const chomp = require('./../../../lib/helpers/chomp')
 
 function scan () {
   const options = this.opts()
@@ -17,11 +18,14 @@ function scan () {
     return
   }
 
+  let output = ''
   try {
-    const output = childProcess.execSync('gitleaks detect -v 2>&1', { stdio: 'pipe' }).toString() // gitleaks sends output as stderr for strange reason
-    logger.blank(output)
+    output = childProcess.execSync('gitleaks detect --no-banner --verbose 2>&1').toString() // gitleaks sends exit code 1 but puts data on stdout for failures, so we catch later and resurface the stdout
+    logger.blank(chomp(output))
   } catch (error) {
-    console.error(error.message)
+    if (error.stdout) {
+      console.error(chomp(error.stdout.toString()))
+    }
 
     process.exit(1)
   }

package/src/cli/commands/ext.js

@@ -47,12 +47,14 @@ ext.command('gitignore')
 ext.command('prebuild')
   .description('prevent including .env files in docker builds')
   .addHelpText('after', examples.prebuild)
+  .argument('[directory]', 'directory to prevent including .env files from', '.')
   .action(require('./../actions/ext/prebuild'))
 
 // dotenvx ext precommit
 ext.command('precommit')
   .description('prevent committing .env files to code')
   .addHelpText('after', examples.precommit)
+  .argument('[directory]', 'directory to prevent committing .env files from', '.')
   .option('-i, --install', 'install to .git/hooks/pre-commit')
   .action(require('./../actions/ext/precommit'))
 

package/src/lib/services/prebuild.js

@@ -1,5 +1,6 @@
 /* istanbul ignore file */
 const fsx = require('./../helpers/fsx')
+const path = require('path')
 const ignore = require('ignore')
 
 const Ls = require('../services/ls')
@@ -9,7 +10,10 @@ const packageJson = require('./../helpers/packageJson')
 const MISSING_DOCKERIGNORE = '.env.keys' // by default only ignore .env.keys. all other .env* files COULD be included - as long as they are encrypted
 
 class Prebuild {
-  constructor () {
+  constructor (directory = './') {
+    // args
+    this.directory = directory
+
     this.excludeEnvFile = ['test/**', 'tests/**', 'spec/**', 'specs/**', 'pytest/**', 'test_suite/**']
   }
 
@@ -28,11 +32,13 @@ class Prebuild {
 
     // 2. check .env* files against .dockerignore file
     const ig = ignore().add(dockerignore)
-    const lsService = new Ls(process.cwd(), undefined, this.excludeEnvFile)
+    const lsService = new Ls(this.directory, undefined, this.excludeEnvFile)
     const dotenvFiles = lsService.run()
-    dotenvFiles.forEach(file => {
+    dotenvFiles.forEach(_file => {
       count += 1
 
+      const file = path.join(this.directory, _file) // to handle when directory argument passed
+
       // check if that file is being ignored
       if (ig.ignores(file)) {
         if (file === '.env.example' || file === '.env.vault') {

package/src/lib/services/precommit.js

@@ -1,5 +1,6 @@
 /* istanbul ignore file */
 const fsx = require('./../helpers/fsx')
+const path = require('path')
 const ignore = require('ignore')
 
 const Ls = require('../services/ls')
@@ -11,7 +12,10 @@ const childProcess = require('child_process')
 const MISSING_GITIGNORE = '.env.keys' // by default only ignore .env.keys. all other .env* files COULD be included - as long as they are encrypted
 
 class Precommit {
-  constructor (options = {}) {
+  constructor (directory = './', options = {}) {
+    // args
+    this.directory = directory
+    // options
     this.install = options.install
     this.excludeEnvFile = ['test/**', 'tests/**', 'spec/**', 'specs/**', 'pytest/**', 'test_suite/**']
   }
@@ -41,11 +45,14 @@ class Precommit {
 
       // 2. check .env* files against .gitignore file
       const ig = ignore().add(gitignore)
-      const lsService = new Ls(process.cwd(), undefined, this.excludeEnvFile)
+
+      const lsService = new Ls(this.directory, undefined, this.excludeEnvFile)
       const dotenvFiles = lsService.run()
-      dotenvFiles.forEach(file => {
+      dotenvFiles.forEach(_file => {
         count += 1
 
+        const file = path.join(this.directory, _file) // to handle when directory argument passed
+
         // check if file is going to be committed
         if (this._isFileToBeCommitted(file)) {
           // check if that file is being ignored