@dotenvx/dotenvx 1.56.0 → 1.57.1

package/src/lib/helpers/executeDynamic.js

@@ -1,7 +1,50 @@
 const path = require('path')
+const fs = require('fs')
 const childProcess = require('child_process')
 const { logger } = require('../../shared/logger')
 
+function installCommandForOps () {
+  const userAgent = process.env.npm_config_user_agent || ''
+  if (userAgent.startsWith('pnpm/')) return 'pnpm add -g @dotenvx/dotenvx-ops'
+  if (userAgent.startsWith('yarn/')) return 'yarn global add @dotenvx/dotenvx-ops'
+  if (userAgent.startsWith('npm/')) return 'npm i -g @dotenvx/dotenvx-ops'
+
+  const cwd = process.cwd()
+  if (fs.existsSync(path.join(cwd, 'pnpm-lock.yaml'))) return 'pnpm add -g @dotenvx/dotenvx-ops'
+  if (fs.existsSync(path.join(cwd, 'yarn.lock'))) return 'yarn global add @dotenvx/dotenvx-ops'
+  if (
+    fs.existsSync(path.join(cwd, 'package-lock.json')) ||
+    fs.existsSync(path.join(cwd, 'npm-shrinkwrap.json'))
+  ) return 'npm i -g @dotenvx/dotenvx-ops'
+
+  if (fs.existsSync(path.join(cwd, 'package.json'))) return 'npm i -g @dotenvx/dotenvx-ops'
+
+  return 'curl -sfS https://dotenvx.sh/ops | sh'
+}
+
+function opsBanner (installCommand) {
+  const lines = [
+    '',
+    '   ██████╗ ██████╗ ███████╗',
+    '  ██╔═══██╗██╔══██╗██╔════╝',
+    '  ██║   ██║██████╔╝███████╗',
+    '  ██║   ██║██╔═══╝ ╚════██║',
+    '  ╚██████╔╝██║     ███████║',
+    '   ╚═════╝ ╚═╝     ╚══════╝',
+    '',
+    '  KEYS OFF COMPUTER: Add hardened key protection with dotenvx-ops.',
+    `  Install now: [${installCommand}]`,
+    '  Learn more: [https://dotenvx.com/ops]'
+  ]
+
+  const innerWidth = Math.max(67, ...lines.map((line) => line.length))
+  const top = ` ${'_'.repeat(innerWidth)}`
+  const middle = lines.map((line) => `|${line.padEnd(innerWidth)}|`).join('\n')
+  const bottom = `|${'_'.repeat(innerWidth)}|`
+
+  return `${top}\n${middle}\n${bottom}`
+}
+
 function executeDynamic (program, command, rawArgs) {
   if (!command) {
     program.outputHelp()
@@ -23,26 +66,8 @@ function executeDynamic (program, command, rawArgs) {
   const result = childProcess.spawnSync(`dotenvx-${command}`, forwardedArgs, { stdio: 'inherit', env })
   if (result.error) {
     if (command === 'ops') {
-      const ops = ` _______________________________________________________________________
-|                                                                       |
-|  dotenvx-ops: production grade dotenvx–with operational primitives    |
-|                                                                       |
-|  ░▒▓██████▓▒░░▒▓███████▓▒░ ░▒▓███████▓▒░                              |
-| ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░                                     |
-| ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░                                     |
-| ░▒▓█▓▒░░▒▓█▓▒░▒▓███████▓▒░ ░▒▓██████▓▒░                               |
-| ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░             ░▒▓█▓▒░                              |
-| ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░             ░▒▓█▓▒░                              |
-|  ░▒▓██████▓▒░░▒▓█▓▒░      ░▒▓███████▓▒░                               |
-|                                                                       |
-|  Learn more at https://dotenvx.com/ops                                |
-|_______________________________________________________________________|`
-
-      console.log(ops)
-      console.log('')
-      logger.warn(`[INSTALLATION_NEEDED] install dotenvx-${command} to use [dotenvx ${command}] 🛡️`)
-      logger.help('⮕  next run: [curl -sfS https://dotenvx.sh/ops | sh]')
-      logger.help('⮕  see more: [https://dotenvx.com/ops]')
+      const installCommand = installCommandForOps()
+      console.log(opsBanner(installCommand))
     } else {
       logger.info(`error: unknown command '${command}'`)
     }

package/src/lib/helpers/findEnvFiles.js

@@ -1,4 +1,5 @@
 const fsx = require('./fsx')
+const Errors = require('./errors')
 
 const RESERVED_ENV_FILES = ['.env.project', '.env.keys', '.env.me', '.env.x', '.env.example']
 
@@ -14,10 +15,7 @@ function findEnvFiles (directory) {
     return envFiles
   } catch (e) {
     if (e.code === 'ENOENT') {
-      const error = new Error(`missing directory (${directory})`)
-      error.code = 'MISSING_DIRECTORY'
-
-      throw error
+      throw new Errors({ directory }).missingDirectory()
     } else {
       throw e
     }

package/src/lib/helpers/installPrecommitHook.js

@@ -1,5 +1,6 @@
 const fsx = require('./fsx')
 const path = require('path')
+const Errors = require('./errors')
 
 const HOOK_SCRIPT = `#!/bin/sh
 
@@ -45,8 +46,7 @@ class InstallPrecommitHook {
         successMessage
       }
     } catch (err) {
-      const error = new Error(`failed to modify pre-commit hook: ${err.message}`)
-      throw error
+      throw new Errors({ error: err }).precommitHookModifyFailed()
     }
   }
 

package/src/lib/helpers/localDisplayPath.js

@@ -0,0 +1,11 @@
+const path = require('path')
+
+function localDisplayPath (filepath) {
+  if (!filepath) return '.env.keys'
+  if (!path.isAbsolute(filepath)) return filepath
+
+  const relative = path.relative(process.cwd(), filepath)
+  return relative || path.basename(filepath)
+}
+
+module.exports = localDisplayPath

package/src/lib/main.js

@@ -17,7 +17,7 @@ const Genexample = require('./services/genexample')
 const buildEnvs = require('./helpers/buildEnvs')
 const Parse = require('./helpers/parse')
 const fsx = require('./helpers/fsx')
-const isIgnoringDotenvKeys = require('./helpers/isIgnoringDotenvKeys')
+const localDisplayPath = require('./helpers/localDisplayPath')
 
 /** @type {import('./main').config} */
 const config = function (options = {}) {
@@ -81,16 +81,10 @@ const config = function (options = {}) {
 
         if (error.code === 'MISSING_ENV_FILE') {
           if (!options.convention) { // do not output error for conventions (too noisy)
-            logger.error(error.message)
-            if (error.help) {
-              logger.error(error.help)
-            }
+            logger.error(error.messageWithHelp)
           }
         } else {
-          logger.error(error.message)
-          if (error.help) {
-            logger.error(error.help)
-          }
+          logger.error(error.messageWithHelp)
         }
       }
 
@@ -127,10 +121,7 @@ const config = function (options = {}) {
   } catch (error) {
     if (strict) throw error // throw immediately if strict
 
-    logger.error(error.message)
-    if (error.help) {
-      logger.help(error.help)
-    }
+    logger.error(error.messageWithHelp)
 
     return { parsed: {}, error }
   }
@@ -154,10 +145,7 @@ const parse = function (src, options = {}) {
 
   // display any errors
   for (const error of errors) {
-    logger.error(error.message)
-    if (error.help) {
-      logger.error(error.help)
-    }
+    logger.error(error.messageWithHelp)
   }
 
   return parsed
@@ -199,15 +187,9 @@ const set = function (key, value, options = {}) {
     logger.verbose(`setting for ${processedEnv.envFilepath}`)
 
     if (processedEnv.error) {
-      if (processedEnv.error.code === 'MISSING_ENV_FILE') {
-        logger.warn(processedEnv.error.message)
-        logger.help(`? add one with [echo "HELLO=World" > ${processedEnv.envFilepath}] and re-run [dotenvx set]`)
-      } else {
-        logger.warn(processedEnv.error.message)
-        if (processedEnv.error.help) {
-          logger.help(processedEnv.error.help)
-        }
-      }
+      const error = processedEnv.error
+      const message = error.messageWithHelp || (error.help ? `${error.message}. ${error.help}` : error.message)
+      logger.warn(message)
     } else {
       fsx.writeFileX(processedEnv.filepath, processedEnv.envSrc)
 
@@ -216,26 +198,25 @@ const set = function (key, value, options = {}) {
     }
   }
 
+  const keyAddedEnv = processedEnvs.find((processedEnv) => processedEnv.privateKeyAdded)
+  const keyAddedSuffix = keyAddedEnv ? ` + key (${localDisplayPath(keyAddedEnv.envKeysFilepath)})` : ''
+
   if (changedFilepaths.length > 0) {
-    logger.success(`✔ set ${key}${withEncryption} (${changedFilepaths.join(',')})`)
+    if (encrypt) {
+      logger.success(`◈ encrypted ${key} (${changedFilepaths.join(',')})${keyAddedSuffix}`)
+    } else {
+      logger.success(`◇ set ${key} (${changedFilepaths.join(',')})`)
+    }
+  } else if (encrypt && keyAddedEnv) {
+    const keyAddedEnvFilepath = keyAddedEnv.envFilepath || changedFilepaths[0] || '.env'
+    logger.success(`◈ encrypted ${key} (${keyAddedEnvFilepath})${keyAddedSuffix}`)
   } else if (unchangedFilepaths.length > 0) {
-    logger.info(`no changes (${unchangedFilepaths})`)
+    logger.info(`○ no changes (${unchangedFilepaths})`)
   } else {
     // do nothing
   }
 
-  for (const processedEnv of processedEnvs) {
-    if (processedEnv.privateKeyAdded) {
-      logger.success(`✔ key added to ${processedEnv.envKeysFilepath} (${processedEnv.privateKeyName})`)
-      // logger.help('⮕  optional: [dotenvx ops backup] to securely backup private key')
-
-      if (!isIgnoringDotenvKeys()) {
-        logger.help('⮕  next run: [dotenvx ext gitignore --pattern .env.keys] to gitignore .env.keys')
-      }
-
-      logger.help(`⮕  next run: [${processedEnv.privateKeyName}='${processedEnv.privateKey}' dotenvx get ${key}] to test decryption locally`)
-    }
-  }
+  // intentionally quiet: success line communicates key creation
 
   return {
     processedEnvs,
@@ -261,10 +242,7 @@ const get = function (key, options = {}) {
 
     if (options.strict) throw error // throw immediately if strict
 
-    logger.error(error.message)
-    if (error.help) {
-      logger.error(error.help)
-    }
+    logger.error(error.messageWithHelp)
   }
 
   if (key) {

package/src/lib/services/encrypt.js

@@ -122,7 +122,12 @@ class Encrypt {
         if (!encrypted) {
           row.keys.push(key) // track key(s)
 
-          const encryptedValue = encryptValue(value, publicKey)
+          let encryptedValue
+          try {
+            encryptedValue = encryptValue(value, publicKey)
+          } catch {
+            throw new Errors({ publicKeyName, publicKey }).invalidPublicKey()
+          }
 
           // once newSrc is built write it out
           envSrc = replace(envSrc, key, encryptedValue)

package/src/lib/services/genexample.js

@@ -17,14 +17,7 @@ class Genexample {
 
   run () {
     if (this.envFile.length < 1) {
-      const code = 'MISSING_ENV_FILES'
-      const message = 'no .env* files found'
-      const help = '? add one with [echo "HELLO=World" > .env] and then run [dotenvx genexample]'
-
-      const error = new Error(message)
-      error.code = code
-      error.help = help
-      throw error
+      throw new Errors().missingEnvFiles()
     }
 
     const keys = new Set()

package/src/lib/services/prebuild.js

@@ -4,6 +4,7 @@ const path = require('path')
 const ignore = require('ignore')
 
 const Ls = require('../services/ls')
+const Errors = require('../helpers/errors')
 
 const isFullyEncrypted = require('./../helpers/isFullyEncrypted')
 const packageJson = require('./../helpers/packageJson')
@@ -24,7 +25,10 @@ class Prebuild {
 
     // 1. check for .dockerignore file
     if (!fsx.existsSync('.dockerignore')) {
-      const warning = new Error(`[dotenvx@${packageJson.version}][prebuild] .dockerignore missing`)
+      const warning = new Errors({
+        message: `[dotenvx@${packageJson.version}][prebuild] .dockerignore missing`,
+        help: 'fix: [touch .dockerignore]'
+      }).custom()
       warnings.push(warning)
     } else {
       dockerignore = fsx.readFileX('.dockerignore')
@@ -42,8 +46,10 @@ class Prebuild {
       // check if that file is being ignored
       if (ig.ignores(file)) {
         if (file === '.env.example' || file === '.env.x') {
-          const warning = new Error(`[dotenvx@${packageJson.version}][prebuild] ${file} (currently ignored but should not be)`)
-          warning.help = `[dotenvx@${packageJson.version}][prebuild] ⮕  run [dotenvx ext gitignore --pattern !${file}]`
+          const warning = new Errors({
+            message: `[dotenvx@${packageJson.version}][prebuild] ${file} (currently ignored but should not be)`,
+            help: `fix: [dotenvx ext gitignore --pattern !${file}]`
+          }).custom()
           warnings.push(warning)
         }
       } else {
@@ -54,15 +60,13 @@ class Prebuild {
           // if contents are encrypted don't raise an error
           if (!encrypted) {
             let errorMsg = `[dotenvx@${packageJson.version}][prebuild] ${file} not protected (encrypted or dockerignored)`
-            let errorHelp = `[dotenvx@${packageJson.version}][prebuild] ⮕  run [dotenvx encrypt -f ${file}] or [dotenvx ext gitignore --pattern ${file}]`
+            let errorHelp = `fix: [dotenvx encrypt -f ${file}] or [dotenvx ext gitignore --pattern ${file}]`
             if (file.includes('.env.keys')) {
               errorMsg = `[dotenvx@${packageJson.version}][prebuild] ${file} not protected (dockerignored)`
-              errorHelp = `[dotenvx@${packageJson.version}][prebuild] ⮕  run [dotenvx ext gitignore --pattern ${file}]`
+              errorHelp = `fix: [dotenvx ext gitignore --pattern ${file}]`
             }
 
-            const error = new Error(errorMsg)
-            error.help = errorHelp
-            throw error
+            throw new Errors({ message: errorMsg, help: errorHelp }).custom()
           }
         }
       }

package/src/lib/services/precommit.js

@@ -8,6 +8,7 @@ const Ls = require('../services/ls')
 const isFullyEncrypted = require('./../helpers/isFullyEncrypted')
 const packageJson = require('./../helpers/packageJson')
 const InstallPrecommitHook = require('./../helpers/installPrecommitHook')
+const Errors = require('./../helpers/errors')
 const childProcess = require('child_process')
 const MISSING_GITIGNORE = '.env.keys' // by default only ignore .env.keys. all other .env* files COULD be included - as long as they are encrypted
 
@@ -37,7 +38,10 @@ class Precommit {
 
       // 1. check for .gitignore file
       if (!fsx.existsSync('.gitignore')) {
-        const warning = new Error(`[dotenvx@${packageJson.version}][precommit] .gitignore missing`)
+        const warning = new Errors({
+          message: `[dotenvx@${packageJson.version}][precommit] .gitignore missing`,
+          help: 'fix: [touch .gitignore]'
+        }).custom()
         warnings.push(warning)
       } else {
         gitignore = fsx.readFileX('.gitignore')
@@ -58,8 +62,10 @@ class Precommit {
           // check if that file is being ignored
           if (ig.ignores(file)) {
             if (file === '.env.example' || file === '.env.x') {
-              const warning = new Error(`[dotenvx@${packageJson.version}][precommit] ${file} (currently ignored but should not be)`)
-              warning.help = `[dotenvx@${packageJson.version}][precommit] ⮕  run [dotenvx ext gitignore --pattern !${file}]`
+              const warning = new Errors({
+                message: `[dotenvx@${packageJson.version}][precommit] ${file} (currently ignored but should not be)`,
+                help: `fix: [dotenvx ext gitignore --pattern !${file}]`
+              }).custom()
               warnings.push(warning)
             }
           } else {
@@ -70,15 +76,13 @@ class Precommit {
               // if contents are encrypted don't raise an error
               if (!encrypted) {
                 let errorMsg = `[dotenvx@${packageJson.version}][precommit] ${file} not protected (encrypted or gitignored)`
-                let errorHelp = `[dotenvx@${packageJson.version}][precommit] ⮕  run [dotenvx encrypt -f ${file}] or [dotenvx ext gitignore --pattern ${file}]`
+                let errorHelp = `fix: [dotenvx encrypt -f ${file}] or [dotenvx ext gitignore --pattern ${file}]`
                 if (file.includes('.env.keys')) {
                   errorMsg = `[dotenvx@${packageJson.version}][precommit] ${file} not protected (gitignored)`
-                  errorHelp = `[dotenvx@${packageJson.version}][precommit] ⮕  run [dotenvx ext gitignore --pattern ${file}]`
+                  errorHelp = `fix: [dotenvx ext gitignore --pattern ${file}]`
                 }
 
-                const error = new Error(errorMsg)
-                error.help = errorHelp
-                throw error
+                throw new Errors({ message: errorMsg, help: errorHelp }).custom()
               }
             }
           }

package/src/lib/services/rotate.js

@@ -131,7 +131,12 @@ class Rotate {
           row.keys.push(key) // track key(s)
 
           const decryptedValue = decryptKeyValue(key, value, privateKeyName, privateKeyValue) // get decrypted value
-          const encryptedValue = encryptValue(decryptedValue, newPublicKey) // encrypt with the new publicKey
+          let encryptedValue
+          try {
+            encryptedValue = encryptValue(decryptedValue, newPublicKey) // encrypt with the new publicKey
+          } catch {
+            throw new Errors({ publicKeyName, publicKey: newPublicKey }).invalidPublicKey()
+          }
 
           envSrc = replace(envSrc, key, encryptedValue)
         }

package/src/lib/services/sets.js

@@ -109,7 +109,11 @@ class Sets {
 
         row.publicKey = publicKey
         row.privateKey = privateKey
-        row.encryptedValue = encryptValue(this.value, publicKey)
+        try {
+          row.encryptedValue = encryptValue(this.value, publicKey)
+        } catch {
+          throw new Errors({ publicKeyName, publicKey }).invalidPublicKey()
+        }
         row.privateKeyName = privateKeyName
       }
 

package/src/shared/colors.js

@@ -1,11 +1,13 @@
 const depth = require('../lib/helpers/colorDepth')
+const Errors = require('../lib/helpers/errors')
 
 const colors16 = new Map([
+  ['amber', 33],
   ['blue', 34],
   ['gray', 37],
   ['green', 32],
   ['olive', 33],
-  ['orangered', 31], // mapped to red
+  ['orangered', 33], // mapped to yellow/brown
   ['plum', 35], // mapped to magenta
   ['red', 31],
   ['electricblue', 36],
@@ -13,21 +15,32 @@ const colors16 = new Map([
 ])
 
 const colors256 = new Map([
+  ['amber', 136],
   ['blue', 21],
   ['gray', 244],
   ['green', 34],
   ['olive', 142],
-  ['orangered', 202],
+  ['orangered', 130], // burnished copper
   ['plum', 182],
-  ['red', 196],
+  ['red', 124], // brighter garnet
   ['electricblue', 45],
   ['dodgerblue', 33]
 ])
 
+const colorsTrueColor = new Map([
+  ['amber', [236, 213, 63]],
+  ['orangered', [138, 90, 43]], // #8A5A2B burnished copper
+  ['red', [140, 35, 50]] // #8C2332 brighter garnet
+])
+
 function getColor (color) {
   const colorDepth = depth.getColorDepth()
   if (!colors256.has(color)) {
-    throw new Error(`Invalid color ${color}`)
+    throw new Errors({ color }).invalidColor()
+  }
+  if (colorDepth >= 24 && colorsTrueColor.has(color)) {
+    const [r, g, b] = colorsTrueColor.get(color)
+    return (message) => `\x1b[38;2;${r};${g};${b}m${message}\x1b[39m`
   }
   if (colorDepth >= 8) {
     const code = colors256.get(color)

package/src/shared/logger.js

@@ -1,4 +1,5 @@
 const packageJson = require('../lib/helpers/packageJson')
+const Errors = require('../lib/helpers/errors')
 const { getColor, bold } = require('./colors')
 
 const levels = {
@@ -13,10 +14,11 @@ const levels = {
   silly: 6
 }
 
-const error = (m) => bold(getColor('red')(m))
-const warn = getColor('orangered')
-const success = getColor('green')
-const successv = getColor('olive') // yellow-ish tint that 'looks' like dotenv
+const error = (m) => bold(getColor('red')(`☠ ${m}`))
+const warn = (m) => getColor('orangered')(`⚠ ${m}`)
+const success = getColor('amber')
+const successv = getColor('amber')
+const info = getColor('gray')
 const help = getColor('dodgerblue')
 const verbose = getColor('plum')
 const debug = getColor('plum')
@@ -32,7 +34,7 @@ function stderr (level, message) {
 
 function stdout (level, message) {
   if (levels[level] === undefined) {
-    throw new Error(`MISSING_LOG_LEVEL: '${level}'. implement in logger.`)
+    throw new Errors({ level }).missingLogLevel()
   }
 
   if (levels[level] <= currentLevel) {
@@ -58,7 +60,7 @@ function formatMessage (level, message) {
       return successv(`[${currentName}@${currentVersion}] ${formattedMessage}`)
     // info
     case 'info':
-      return formattedMessage
+      return info(formattedMessage)
     // help
     case 'help':
       return help(formattedMessage)