@dotenvx/dotenvx 1.7.0 → 1.8.0

package/CHANGELOG.md

@@ -2,7 +2,24 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
-## [Unreleased](https://github.com/dotenvx/dotenvx/compare/v1.7.0...main)
+## [Unreleased](https://github.com/dotenvx/dotenvx/compare/v1.8.0...main)
+
+### Added
+
+* warn when decryption fails on `run` or `get` ([#339](https://github.com/dotenvx/dotenvx/pull/339))
+* decrypt expanded values as necessary ([#336](https://github.com/dotenvx/dotenvx/pull/336))
+
+### Changed
+
+* use `ansi` colors over `rgb` - for wider terminal coverage ([#340](https://github.com/dotenvx/dotenvx/pull/340))
+* replace `chalk` with `picocolors` and `color-name` - cutting down on 5 dependencies ([#335](https://github.com/dotenvx/dotenvx/pull/335))
+* replace `execa` with `tinyexec` - cutting down on 15 dependencies ([#328](https://github.com/dotenvx/dotenvx/pull/328))
+* optimize `Ls._filepaths` ([#317](https://github.com/dotenvx/dotenvx/pull/317/))
+
+### Removed
+
+* remove `picocolors` and `color-name` - cutting down on 2 dependencies ([#340](https://github.com/dotenvx/dotenvx/pull/340))
+* remove `ext hub` from extension list (you can still install it as an extension [here](https://github.com/dotenvx/dotenvx-ext-hub)) ([#337](https://github.com/dotenvx/dotenvx/pull/337))
 
 ## 1.7.0
 

package/package.json

@@ -1,5 +1,5 @@
 {
-  "version": "1.7.0",
+  "version": "1.8.0",
   "name": "@dotenvx/dotenvx",
   "description": "a better dotenv–from the creator of `dotenv`",
   "author": "@motdotla",
@@ -36,16 +36,15 @@
   },
   "funding": "https://dotenvx.com",
   "dependencies": {
-    "chalk": "^4.1.2",
     "commander": "^11.1.0",
     "diff": "^5.2.0",
     "dotenv": "^16.4.5",
     "eciesjs": "^0.4.6",
-    "execa": "^5.1.1",
-    "fdir": "^6.1.1",
+    "fdir": "^6.2.0",
     "ignore": "^5.3.0",
     "object-treeify": "1.1.33",
-    "picomatch": "^3.0.1",
+    "picomatch": "^4.0.2",
+    "tinyexec": "^0.2.0",
     "which": "^4.0.0",
     "winston": "^3.11.0",
     "xxhashjs": "^0.2.2"

package/src/cli/actions/ext/vault/status.js

@@ -58,7 +58,7 @@ function status (directory) {
 
     if (untrackedFilenames.length > 0) {
       logger.warn(`untracked (${untrackedFilenames.join(', ')})`)
-      logger.help(`? track them with [dotenvx encrypt ${directory}]`)
+      logger.help(`? track them with [dotenvx ext vault encrypt ${directory}]`)
     }
   } catch (error) {
     logger.error(error.message)

package/src/cli/actions/run.js

@@ -60,6 +60,15 @@ async function run () {
           logger.warnv(processedEnv.error.message)
         }
       } else {
+        if (processedEnv.warnings) {
+          for (const warning of processedEnv.warnings) {
+            logger.warn(warning.message)
+            if (warning.help) {
+              logger.help(warning.help)
+            }
+          }
+        }
+
         // debug parsed
         const parsed = processedEnv.parsed
         logger.debug(parsed)

package/src/cli/commands/ext.js

@@ -9,8 +9,6 @@ ext
   .description('🔌 extensions')
   .allowUnknownOption()
 
-ext.addHelpText('after', '  hub                               🚫 DEPRECATED: to be replaced by [dotenvx pro]')
-
 ext
   .argument('[command]', 'dynamic ext command')
   .argument('[args...]', 'dynamic ext command arguments')

package/src/lib/helpers/colorDepth.js

@@ -0,0 +1,4 @@
+const { WriteStream } = require('tty')
+const getColorDepth = () => WriteStream.prototype.getColorDepth()
+
+module.exports = { getColorDepth }

package/src/lib/helpers/decryptValue.js

@@ -10,6 +10,7 @@ function decryptValue (value, privateKey) {
   const privateKeys = privateKey.split(',')
 
   let decryptedValue
+  let decryptionError
   for (const key of privateKeys) {
     const secret = Buffer.from(key, 'hex')
     const encoded = value.substring(PREFIX.length)
@@ -17,15 +18,25 @@ function decryptValue (value, privateKey) {
 
     try {
       decryptedValue = decrypt(secret, ciphertext).toString()
+      decryptionError = null // reset to null error (scenario for multiple private keys)
       break
-    } catch (_error) {
-      // TODO: somehow surface these errors to the user's logs
+    } catch (e) {
+      if (e.message === 'Invalid private key') {
+        decryptionError = new Error('private key looks invalid')
+      } else if (e.message === 'Unsupported state or unable to authenticate data') {
+        decryptionError = new Error('private key looks wrong')
+      } else if (e.message === 'Point of length 65 was invalid. Expected 33 compressed bytes or 65 uncompressed bytes') {
+        decryptionError = new Error('encrypted data looks malformed')
+      } else {
+        decryptionError = new Error(`${e.message}`)
+      }
+
+      decryptionError.code = 'DECRYPTION_FAILED'
     }
   }
 
-  // return 'encrypted:string' value if undefined or null
-  if (decryptedValue === undefined || decryptedValue === null) {
-    return value
+  if (decryptionError) {
+    throw decryptionError
   }
 
   return decryptedValue

package/src/lib/helpers/dotenvExpand.js

@@ -42,30 +42,27 @@ function interpolate (value, lookups) {
 }
 
 function expand (options) {
-  let processEnv = process.env
-  if (options && options.processEnv != null) {
-    processEnv = options.processEnv
-  }
+  const processEnv = options.processEnv || {}
+  const parsed = options.parsed || {}
 
-  const combined = { ...processEnv, ...options.parsed }
-  const combinedReversed = { ...options.parsed, ...processEnv }
+  const combined = { ...processEnv, ...parsed }
+  const combinedReversed = { ...parsed, ...processEnv }
 
-  for (const key in options.parsed) {
-    const value = options.parsed[key]
+  for (const key in parsed) {
+    const value = parsed[key]
 
     // interpolate using both file and processEnv (file interpolation wins. used for --overload later)
     const fileValue = _resolveEscapeSequences(interpolate(value, combined))
-    options.parsed[key] = fileValue
+    parsed[key] = fileValue
 
     if (fileValue === _resolveEscapeSequences(value)) {
       continue // no change means no expansion, move on
     }
 
     if (processEnv[key]) {
-      continue // already has a value in process.env, move on
+      continue // already has a value in processEnv, move on
     }
 
-    // interpolate with processEnv only (used for default no overload)
     const processEnvValue = interpolate(value, combinedReversed) // could be empty string ''
     if (processEnvValue) {
       processEnv[key] = _resolveEscapeSequences(processEnvValue) // set it
@@ -73,7 +70,7 @@ function expand (options) {
   }
 
   return {
-    parsed: options.parsed,
+    parsed,
     processEnv
   }
 }

package/src/lib/helpers/execute.js

@@ -1,9 +1,3 @@
-const execa = require('execa')
+const { exec } = require('tinyexec')
 
-const execute = {
-  execa (command, args, options) {
-    return execa(command, args, options)
-  }
-}
-
-module.exports = execute
+module.exports = { exec }

package/src/lib/helpers/executeCommand.js

@@ -13,6 +13,8 @@ async function executeCommand (commandArgs, env) {
 
   // handler for SIGINT
   let commandProcess
+  // workaround until error.signal gets added https://github.com/tinylibs/tinyexec/issues/28
+  let signal
   const sigintHandler = () => {
     logger.debug('received SIGINT')
     logger.debug('checking command process')
@@ -20,6 +22,7 @@ async function executeCommand (commandArgs, env) {
 
     if (commandProcess) {
       logger.debug('sending SIGINT to command process')
+      signal = 'SIGINT'
       commandProcess.kill('SIGINT') // Send SIGINT to the command process
     /* c8 ignore start */
     } else {
@@ -37,6 +40,7 @@ async function executeCommand (commandArgs, env) {
 
     if (commandProcess) {
       logger.debug('sending SIGTERM to command process')
+      signal = 'SIGTERM'
       commandProcess.kill('SIGTERM') // Send SIGTEM to the command process
     } else {
       logger.debug('no command process to send SIGTERM to')
@@ -73,9 +77,11 @@ async function executeCommand (commandArgs, env) {
       }
     }
 
-    commandProcess = execute.execa(commandArgs[0], commandArgs.slice(1), {
-      stdio: 'inherit',
-      env: { ...process.env, ...env }
+    commandProcess = execute.exec(commandArgs[0], commandArgs.slice(1), {
+      nodeOptions: {
+        stdio: 'inherit',
+        env: { ...process.env, ...env }
+      }
     })
 
     process.on('SIGINT', sigintHandler)
@@ -86,7 +92,9 @@ async function executeCommand (commandArgs, env) {
     })
 
     // Wait for the command process to finish
-    const { exitCode } = await commandProcess
+    // exitCode is not in the awaited result, see https://github.com/tinylibs/tinyexec/issues/27
+    await commandProcess
+    const { exitCode } = commandProcess
 
     if (exitCode !== 0) {
       logger.debug(`received exitCode ${exitCode}`)
@@ -94,11 +102,11 @@ async function executeCommand (commandArgs, env) {
     }
   } catch (error) {
     // no color on these errors as they can be standard errors for things like jest exiting with exitCode 1 for a single failed test.
-    if (error.signal !== 'SIGINT' && error.signal !== 'SIGTERM') {
+    if (signal !== 'SIGINT' && signal !== 'SIGTERM') {
       if (error.code === 'ENOENT') {
-        logger.errornocolor(`Unknown command: ${error.command}`)
+        logger.errornocolor(`Unknown command: ${error.path}${error.spawnargs ? ' ' + error.spawnargs.join(' ') : ''}`)
       } else if (error.message.includes('Command failed with exit code 1')) {
-        logger.errornocolor(`Command exited with exit code 1: ${error.command}`)
+        logger.errornocolor(`Command exited with exit code 1: ${error.path}${error.spawnargs ? ' ' + error.spawnargs.join(' ') : ''}`)
       } else {
         logger.errornocolor(error.message)
       }

package/src/lib/helpers/executeExtension.js

@@ -22,9 +22,10 @@ function executeExtension (ext, command, rawArgs) {
 
   const result = childProcess.spawnSync(`dotenvx-ext-${command}`, forwardedArgs, { stdio: 'inherit', env })
   if (result.error) {
-    if (command === 'hub') {
-      logger.warn(`[INSTALLATION_NEEDED] install dotenvx-ext-${command} to use [dotenvx ext ${command}] commands`)
-      logger.help('? see installation instructions [https://github.com/dotenvx/dotenvx-ext-hub]')
+    if (command === 'vault') {
+      // when ready, uncomment to deprecate ext vault
+      // logger.warn(`[INSTALLATION_NEEDED] install dotenvx-ext-${command} to use [dotenvx ext ${command}] commands`)
+      // logger.help('? see installation instructions [https://github.com/dotenvx/dotenvx-ext-vault]')
     } else {
       logger.info(`error: unknown command '${command}'`)
     }

package/src/lib/helpers/inject.js

@@ -1,16 +1,16 @@
-function inject (processEnv = {}, parsed = {}, overload = false) {
+function inject (clonedProcessEnv = {}, parsed = {}, overload = false, processEnv = process.env) {
   const injected = {}
   const preExisted = {}
 
   // set processEnv
   for (const key of Object.keys(parsed)) {
-    if (Object.prototype.hasOwnProperty.call(processEnv, key)) {
+    if (Object.prototype.hasOwnProperty.call(clonedProcessEnv, key)) {
       if (overload === true) {
         processEnv[key] = parsed[key]
-
         injected[key] = parsed[key] // track injected key/value
       } else {
-        preExisted[key] = processEnv[key] // track preExisted key/value
+        processEnv[key] = clonedProcessEnv[key]
+        preExisted[key] = clonedProcessEnv[key] // track preExisted key/value
       }
     } else {
       processEnv[key] = parsed[key]

package/src/lib/helpers/packageJson.js

@@ -1,8 +1,3 @@
-const fs = require('fs')
-const path = require('path')
+const { name, version, description } = require('../../../package.json')
 
-const packageJsonPath = path.join(__dirname, '../../../package.json')
-
-const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, 'utf8'))
-
-module.exports = packageJson
+module.exports = { name, version, description }

package/src/lib/helpers/parseDecryptEvalExpand.js

@@ -2,16 +2,29 @@ const dotenv = require('dotenv')
 const dotenvEval = require('./dotenvEval')
 const dotenvExpand = require('./dotenvExpand')
 const decryptValue = require('./decryptValue')
+const truncate = require('./truncate')
+
+function warning (e, key, privateKey) {
+  const warning = new Error(`[${e.code}] could not decrypt ${key} using private key ${truncate(privateKey)}`)
+  warning.code = e.code
+  warning.help = `[${e.code}] ? ${e.message}`
+
+  return warning
+}
 
 function parseDecryptEvalExpand (src, privateKey = null, processEnv = process.env) {
+  const warnings = []
+
   // parse
   const parsed = dotenv.parse(src)
-
-  // handle inline encrypted values
   if (privateKey && privateKey.length > 0) {
     for (const key in parsed) {
-      const value = parsed[key]
-      parsed[key] = decryptValue(value, privateKey)
+      try {
+        const decryptedValue = decryptValue(parsed[key], privateKey)
+        parsed[key] = decryptedValue
+      } catch (_e) {
+        // do nothing. warnings tracked further below.
+      }
     }
   }
 
@@ -28,6 +41,24 @@ function parseDecryptEvalExpand (src, privateKey = null, processEnv = process.en
     parsed: evaled
   }
   const expanded = dotenvExpand.expand(inputEvaled)
+  if (privateKey && privateKey.length > 0) {
+    for (const key in expanded.parsed) {
+      try {
+        const decryptedValue = decryptValue(expanded.parsed[key], privateKey)
+        expanded.parsed[key] = decryptedValue
+      } catch (e) {
+        warnings.push(warning(e, key, privateKey))
+      }
+    }
+    for (const key in processEnv) {
+      try {
+        const decryptedValue = decryptValue(processEnv[key], privateKey)
+        processEnv[key] = decryptedValue
+      } catch (e) {
+        warnings.push(warning(e, key, privateKey))
+      }
+    }
+  }
 
   // for logging only log the original keys existing in parsed. this feels unnecessarily complex - like dotenv-expand should support the ability to inject additional `process.env` or objects as it sees fit to the object it wants to expand
   const result = {}
@@ -35,7 +66,7 @@ function parseDecryptEvalExpand (src, privateKey = null, processEnv = process.en
     result[key] = expanded.parsed[key]
   }
 
-  return { parsed: result, processEnv }
+  return { parsed: result, processEnv, warnings }
 }
 
 module.exports = parseDecryptEvalExpand

package/src/lib/helpers/truncate.js

@@ -0,0 +1,6 @@
+function truncate (str, showChar = 7) {
+  const visiblePart = str.slice(0, showChar)
+  return visiblePart + '…'
+}
+
+module.exports = truncate

package/src/lib/services/decrypt.js

@@ -54,9 +54,9 @@ class Decrypt {
             if (encrypted) {
               row.keys.push(key) // track key(s)
 
-              const plainValue = decryptValue(value, privateKey)
+              const decryptedValue = decryptValue(value, privateKey)
               // once newSrc is built write it out
-              src = replace(src, key, plainValue)
+              src = replace(src, key, decryptedValue)
 
               row.changed = true // track change
             }

package/src/lib/services/ls.js

@@ -15,15 +15,17 @@ class Ls {
   }
 
   _filepaths () {
-    const ignoreMatchers = this.ignore.map(pattern => picomatch(pattern))
-    const pathMatchers = this._patterns().map(pattern => picomatch(pattern))
+    const exclude = picomatch(this.ignore)
+    const include = picomatch(this._patterns(), {
+      ignore: this.ignore
+    })
 
-    const api = new Fdir()
+    return new Fdir()
       .withRelativePaths()
-      .exclude((dir, path) => ignoreMatchers.some(matcher => matcher(path)))
-      .filter((path) => pathMatchers.some(matcher => matcher(path)))
-
-    return api.crawl(this.cwd).sync()
+      .exclude((dir, path) => exclude(path))
+      .filter((path) => include(path))
+      .crawl(this.cwd)
+      .sync()
   }
 
   _patterns () {

package/src/lib/services/run.js

@@ -63,12 +63,12 @@ class Run {
     row.string = env
 
     try {
-      const { parsed } = parseDecryptEvalExpand(env, null, this.processEnv)
-
+      const { parsed, processEnv, warnings } = parseDecryptEvalExpand(env, null, this.processEnv)
       row.parsed = parsed
+      row.warnings = warnings
       this.readableStrings.add(env)
 
-      const { injected, preExisted } = this._inject(this.processEnv, parsed, this.overload)
+      const { injected, preExisted } = this._inject(processEnv, parsed, this.overload, this.processEnv)
       row.injected = injected
       row.preExisted = preExisted
 
@@ -94,10 +94,11 @@ class Run {
 
       // if DOTENV_PRIVATE_KEY_* already set in process.env then use it
       const privateKey = smartDotenvPrivateKey(envFilepath)
-      const { parsed } = parseDecryptEvalExpand(src, privateKey, this.processEnv)
+      const { parsed, processEnv, warnings } = parseDecryptEvalExpand(src, privateKey, this.processEnv)
       row.parsed = parsed
+      row.warnings = warnings
 
-      const { injected, preExisted } = this._inject(this.processEnv, parsed, this.overload)
+      const { injected, preExisted } = this._inject(processEnv, parsed, this.overload, this.processEnv)
       row.injected = injected
       row.preExisted = preExisted
 
@@ -163,10 +164,11 @@ class Run {
 
     try {
       // parse this. it's the equivalent of the .env file
-      const { parsed } = parseDecryptEvalExpand(decrypted, null, this.processEnv)
+      const { parsed, processEnv, warnings } = parseDecryptEvalExpand(decrypted, null, this.processEnv)
       row.parsed = parsed
+      row.warnings = warnings
 
-      const { injected, preExisted } = this._inject(this.processEnv, parsed, this.overload)
+      const { injected, preExisted } = this._inject(processEnv, parsed, this.overload, this.processEnv)
       row.injected = injected
       row.preExisted = preExisted
 
@@ -180,8 +182,8 @@ class Run {
     this.processedEnvs.push(row)
   }
 
-  _inject (processEnv, parsed, overload) {
-    return inject(processEnv, parsed, overload)
+  _inject (clonedProcessEnv, parsed, overload, processEnv) {
+    return inject(clonedProcessEnv, parsed, overload, processEnv)
   }
 
   _determineEnvsFromDotenvPrivateKey () {

package/src/lib/services/status.js

@@ -1,13 +1,13 @@
 const fs = require('fs')
 const path = require('path')
 const diff = require('diff')
-const chalk = require('chalk')
 
 const Ls = require('./ls')
 const VaultDecrypt = require('./vaultDecrypt')
 
 const containsDirectory = require('./../helpers/containsDirectory')
 const guessEnvironment = require('./../helpers/guessEnvironment')
+const { getColor } = require('./../../shared/colors')
 
 const ENCODING = 'utf8'
 
@@ -94,12 +94,12 @@ class Status {
   _colorizeDiff (part) {
     // If the part was added, color it green
     if (part.added) {
-      return chalk.green(part.value)
+      return getColor('green')(part.value)
     }
 
     // If the part was removed, color it red
     if (part.removed) {
-      return chalk.red(part.value)
+      return getColor('red')(part.value)
     }
 
     // No color for unchanged parts

package/src/lib/services/vaultDecrypt.js

@@ -23,7 +23,7 @@ class VaultDecrypt {
     if (!fs.existsSync(this.envVaultFilepath)) {
       const code = 'MISSING_ENV_VAULT_FILE'
       const message = `missing .env.vault (${this.envVaultFilepath})`
-      const help = `? generate one with [dotenvx encrypt ${this.directory}]`
+      const help = `? generate one with [dotenvx ext vault encrypt ${this.directory}]`
 
       const error = new Error(message)
       error.code = code

package/src/shared/colors.js

@@ -0,0 +1,50 @@
+const depth = require('../lib/helpers/colorDepth')
+
+const colors16 = new Map([
+  ['blue', 34],
+  ['gray', 37],
+  ['green', 32],
+  ['olive', 33],
+  ['orangered', 31], // mapped to red
+  ['plum', 35], // mapped to magenta
+  ['red', 31]
+])
+
+const colors256 = new Map([
+  ['blue', 21],
+  ['gray', 244],
+  ['green', 34],
+  ['olive', 142],
+  ['orangered', 202],
+  ['plum', 182],
+  ['red', 196]
+])
+
+function getColor (color) {
+  const colorDepth = depth.getColorDepth()
+  if (!colors256.has(color)) {
+    throw new Error(`Invalid color ${color}`)
+  }
+  if (colorDepth >= 8) {
+    const code = colors256.get(color)
+    return (message) => `\x1b[38;5;${code}m${message}\x1b[39m`
+  }
+  if (colorDepth >= 4) {
+    const code = colors16.get(color)
+    return (message) => `\x1b[${code}m${message}\x1b[39m`
+  }
+  return (message) => message
+}
+
+function bold (message) {
+  if (depth.getColorDepth() >= 4) {
+    return `\x1b[1m${message}\x1b[22m`
+  }
+
+  return message
+}
+
+module.exports = {
+  getColor,
+  bold
+}

package/src/shared/logger.js

@@ -1,12 +1,12 @@
 const winston = require('winston')
-const chalk = require('chalk')
 
 const printf = winston.format.printf
 const combine = winston.format.combine
 const createLogger = winston.createLogger
 const transports = winston.transports
 
-const packageJson = require('./../lib/helpers/packageJson')
+const packageJson = require('../lib/helpers/packageJson')
+const { getColor, bold } = require('./colors')
 
 const levels = {
   error: 0,
@@ -32,15 +32,15 @@ const levels = {
   silly: 6
 }
 
-const error = chalk.bold.red
-const warn = chalk.keyword('orangered')
-const success = chalk.keyword('green')
-const successv = chalk.keyword('olive') // yellow-ish tint that 'looks' like dotenv
-const help = chalk.keyword('blue')
-const help2 = chalk.keyword('gray')
-const http = chalk.keyword('green')
-const verbose = chalk.keyword('plum')
-const debug = chalk.keyword('plum')
+const error = (m) => bold(getColor('red')(m))
+const warn = getColor('orangered')
+const success = getColor('green')
+const successv = getColor('olive') // yellow-ish tint that 'looks' like dotenv
+const help = getColor('blue')
+const help2 = getColor('gray')
+const http = getColor('green')
+const verbose = getColor('plum')
+const debug = getColor('plum')
 
 const dotenvxFormat = printf(({ level, message, label, timestamp }) => {
   const formattedMessage = typeof message === 'object' ? JSON.stringify(message) : message
@@ -119,5 +119,6 @@ const setLogLevel = options => {
 
 module.exports = {
   logger,
+  getColor,
   setLogLevel
 }