@dotenvx/next-env 2.0.2 → 2.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist/index.cjs +172 -56
  2. package/package.json +2 -2
package/dist/index.cjs CHANGED
@@ -5350,7 +5350,7 @@ var require_dist = __commonJS({
5350
5350
  const isAEAD = algorithm === "aes-256-gcm" || algorithm === "chacha20-poly1305";
5351
5351
  const authTagLength = isAEAD ? AEAD_TAG_LENGTH : 0;
5352
5352
  const options = isAEAD ? { authTagLength } : void 0;
5353
- const encrypt = (plainText) => {
5353
+ const encrypt2 = (plainText) => {
5354
5354
  const cipher = (0, node_crypto_1.createCipheriv)(algorithm, key, nonce, options);
5355
5355
  if (isAEAD && AAD !== void 0) {
5356
5356
  cipher.setAAD(AAD);
@@ -5375,7 +5375,7 @@ var require_dist = __commonJS({
5375
5375
  return (0, utils_1.concatBytes)(updated, finalized);
5376
5376
  };
5377
5377
  return {
5378
- encrypt,
5378
+ encrypt: encrypt2,
5379
5379
  decrypt: decrypt2
5380
5380
  };
5381
5381
  };
@@ -5768,13 +5768,13 @@ var require_dist = __commonJS({
5768
5768
  "use strict";
5769
5769
  Object.defineProperty(exports22, "__esModule", { value: true });
5770
5770
  exports22.PublicKey = exports22.PrivateKey = exports22.ECIES_CONFIG = void 0;
5771
- exports22.encrypt = encrypt;
5771
+ exports22.encrypt = encrypt2;
5772
5772
  exports22.decrypt = decrypt2;
5773
5773
  var utils_1 = require_utils();
5774
5774
  var config_js_1 = require_config();
5775
5775
  var index_js_1 = require_keys();
5776
5776
  var index_js_2 = require_utils4();
5777
- function encrypt(receiverRawPK, data, config = config_js_1.ECIES_CONFIG) {
5777
+ function encrypt2(receiverRawPK, data, config = config_js_1.ECIES_CONFIG) {
5778
5778
  const curve = config.ellipticCurve;
5779
5779
  const ephemeralSK = new index_js_1.PrivateKey(void 0, curve);
5780
5780
  const receiverPK = receiverRawPK instanceof Uint8Array ? new index_js_1.PublicKey(receiverRawPK, curve) : index_js_1.PublicKey.fromHex(receiverRawPK, curve);
@@ -5889,6 +5889,9 @@ var require_dist = __commonJS({
5889
5889
  "src/encrypted.js"(exports22, module22) {
5890
5890
  var PREFIX = "encrypted:";
5891
5891
  function encrypted2(value) {
5892
+ if (!value) {
5893
+ return false;
5894
+ }
5892
5895
  return value.startsWith(PREFIX);
5893
5896
  }
5894
5897
  module22.exports = encrypted2;
@@ -5900,8 +5903,9 @@ var require_dist = __commonJS({
5900
5903
  var { decrypt: eciesDecrypt } = require_dist2();
5901
5904
  var Errors = require_errors();
5902
5905
  var encrypted2 = require_encrypted();
5903
- function decrypt2(privateKeyHex, encryptedValue) {
5904
- if (!encrypted2(encryptedValue)) {
5906
+ function decrypt2(privateKeyHex, encryptedValue, options = {}) {
5907
+ const value = options.prefix === false ? `${encrypted2.PREFIX}${encryptedValue}` : encryptedValue;
5908
+ if (!encrypted2(value)) {
5905
5909
  return encryptedValue;
5906
5910
  }
5907
5911
  if (!privateKeyHex || privateKeyHex.length < 1) {
@@ -5909,7 +5913,7 @@ var require_dist = __commonJS({
5909
5913
  }
5910
5914
  try {
5911
5915
  const privateKey = Buffer.from(privateKeyHex, "hex");
5912
- const ciphertext = Buffer.from(encryptedValue.substring(encrypted2.PREFIX.length), "base64");
5916
+ const ciphertext = Buffer.from(value.substring(encrypted2.PREFIX.length), "base64");
5913
5917
  return Buffer.from(eciesDecrypt(privateKey, ciphertext)).toString("utf8");
5914
5918
  } catch (e) {
5915
5919
  if (e.message === "Invalid private key") {
@@ -5935,6 +5939,21 @@ var require_dist = __commonJS({
5935
5939
  module22.exports = derive2;
5936
5940
  }
5937
5941
  });
5942
+ var require_encrypt = __commonJS2({
5943
+ "src/encrypt.js"(exports22, module22) {
5944
+ var { encrypt: eciesEncrypt } = require_dist2();
5945
+ var { PREFIX } = require_encrypted();
5946
+ function encrypt2(publicKeyHex, value, options = {}) {
5947
+ const ciphertext = eciesEncrypt(publicKeyHex, Buffer.from(value));
5948
+ const encoded = Buffer.from(ciphertext, "hex").toString("base64");
5949
+ if (options.prefix === false) {
5950
+ return encoded;
5951
+ }
5952
+ return `${PREFIX}${encoded}`;
5953
+ }
5954
+ module22.exports = encrypt2;
5955
+ }
5956
+ });
5938
5957
  var require_evaluate = __commonJS2({
5939
5958
  "src/evaluate.js"(exports22, module22) {
5940
5959
  var { execSync } = require("child_process");
@@ -5942,9 +5961,9 @@ var require_dist = __commonJS({
5942
5961
  function chomp(value) {
5943
5962
  return value.replace(/[\r\n]+$/, "");
5944
5963
  }
5945
- function evaluate2(value, opts) {
5946
- const processEnv2 = opts.processEnv || process.env;
5947
- const runningParsed = opts.runningParsed || {};
5964
+ function evaluate2(value, options) {
5965
+ const processEnv2 = options.processEnv || process.env;
5966
+ const runningParsed = options.runningParsed || {};
5948
5967
  const matches = value.match(/\$\(([^)]+(?:\)[^(]*)*)\)/g) || [];
5949
5968
  return matches.reduce((newValue, match) => {
5950
5969
  const command = match.slice(2, -1);
@@ -5963,11 +5982,11 @@ var require_dist = __commonJS({
5963
5982
  });
5964
5983
  var require_expand = __commonJS2({
5965
5984
  "src/expand.js"(exports22, module22) {
5966
- function expand2(value, opts) {
5967
- const overload = opts.overload;
5968
- const processEnv2 = opts.processEnv || process.env;
5969
- const runningParsed = opts.runningParsed || {};
5970
- const literals = opts.literals || {};
5985
+ function expand2(value, options) {
5986
+ const overload = options.overload;
5987
+ const processEnv2 = options.processEnv || process.env;
5988
+ const runningParsed = options.runningParsed || {};
5989
+ const literals = options.literals || {};
5971
5990
  let env = { ...runningParsed, ...processEnv2 };
5972
5991
  if (overload) {
5973
5992
  env = { ...processEnv2, ...runningParsed };
@@ -6010,6 +6029,19 @@ var require_dist = __commonJS({
6010
6029
  module22.exports = expand2;
6011
6030
  }
6012
6031
  });
6032
+ var require_keypair = __commonJS2({
6033
+ "src/keypair.js"(exports22, module22) {
6034
+ var { PrivateKey } = require_dist2();
6035
+ function keypair2() {
6036
+ const kp = new PrivateKey();
6037
+ return {
6038
+ publicKey: kp.publicKey.toHex(),
6039
+ privateKey: Buffer.from(kp.secret).toString("hex")
6040
+ };
6041
+ }
6042
+ module22.exports = keypair2;
6043
+ }
6044
+ });
6013
6045
  var require_scan = __commonJS2({
6014
6046
  "src/scan.js"(exports22, module22) {
6015
6047
  function trimmer(value) {
@@ -6038,26 +6070,33 @@ var require_dist = __commonJS({
6038
6070
  }
6039
6071
  return q;
6040
6072
  }
6041
- function clean(value, quote) {
6073
+ function clean(value, quote, options) {
6042
6074
  let v = trimmer(value);
6043
6075
  v = v.replace(/^(['"`])([\s\S]*)\1$/mg, "$2");
6044
- if (quote === '"') {
6076
+ if (quote === '"' && options.expandDoubleQuotedNewlines !== false) {
6045
6077
  v = v.replace(/\\n/g, "\n");
6046
6078
  v = v.replace(/\\r/g, "\r");
6047
6079
  v = v.replace(/\\t/g, " ");
6048
6080
  }
6049
6081
  return v;
6050
6082
  }
6051
- function scan2(src, transform) {
6083
+ function scan2(src, options = {}, transform) {
6084
+ if (typeof options === "function") {
6085
+ transform = options;
6086
+ options = {};
6087
+ }
6052
6088
  const LINE = /(?:^|^)\s*(?:export\s+)?([\w.-]+)(?:\s*=\s*?|:\s+?)(\s*'(?:\\'|[^'])*'|\s*"(?:\\"|[^"])*"|\s*`(?:\\`|[^`])*`|[^#\r\n]+)?\s*(?:#.*)?(?:$|$)/mg;
6053
6089
  const parsed = {};
6054
- const lines = (src || "").toString().replace(/\r\n?/mg, "\n");
6090
+ let lines = (src || "").toString();
6091
+ if (options.convertWindowsNewlines !== false) {
6092
+ lines = lines.replace(/\r\n?/mg, "\n");
6093
+ }
6055
6094
  let match;
6056
6095
  while ((match = LINE.exec(lines)) !== null) {
6057
6096
  const name = match[1];
6058
6097
  const raw = match[2];
6059
6098
  const quote = getQuote(raw);
6060
- const value = clean(raw, quote);
6099
+ const value = clean(raw, quote, options);
6061
6100
  let parsedValue = value;
6062
6101
  if (typeof transform === "function") {
6063
6102
  parsedValue = transform({
@@ -6066,7 +6105,8 @@ var require_dist = __commonJS({
6066
6105
  quote
6067
6106
  });
6068
6107
  }
6069
- parsed[name] = parsedValue;
6108
+ parsed[name] = parsed[name] || [];
6109
+ parsed[name].push(parsedValue);
6070
6110
  }
6071
6111
  return {
6072
6112
  parsed
@@ -6084,35 +6124,57 @@ var require_dist = __commonJS({
6084
6124
  try {
6085
6125
  const src = fs2.readFileSync(filepath, "utf8");
6086
6126
  const { parsed } = scan2(src);
6087
- return parsed;
6127
+ const result = [];
6128
+ for (const name in parsed) {
6129
+ if (name.startsWith("DOTENV_PRIVATE_KEY")) {
6130
+ result.push(parsed[name][parsed[name].length - 1]);
6131
+ }
6132
+ }
6133
+ return result;
6088
6134
  } catch (_e) {
6089
- return {};
6135
+ return [];
6090
6136
  }
6091
6137
  }
6092
- function keyring2() {
6093
- const mem = {};
6094
- const processEnv2 = process.env;
6095
- const keysFilepath = ".env.keys";
6096
- const sources = {
6097
- ...keysFromFile(keysFilepath),
6098
- ...processEnv2
6099
- // process.env wins
6100
- };
6101
- for (const name in sources) {
6138
+ function keyring2(options = {}) {
6139
+ const ring = options.ring || {};
6140
+ const processEnv2 = options.processEnv || process.env;
6141
+ const keysFilepaths = Array.isArray(options.fk) ? options.fk : [options.fk || ".env.keys"];
6142
+ const privateKeyValues = keysFilepaths.reduce((acc, filepath) => {
6143
+ return acc.concat(keysFromFile(filepath));
6144
+ }, []);
6145
+ for (const name in processEnv2) {
6102
6146
  if (name.startsWith("DOTENV_PRIVATE_KEY")) {
6103
- try {
6104
- const privateKeyHex = sources[name];
6105
- const publicKeyHex = derive2(privateKeyHex);
6106
- mem[publicKeyHex] = privateKeyHex;
6107
- } catch (_e) {
6108
- }
6147
+ privateKeyValues.push(processEnv2[name]);
6148
+ }
6149
+ }
6150
+ for (const privateKeyHex of privateKeyValues) {
6151
+ try {
6152
+ const publicKeyHex = derive2(privateKeyHex);
6153
+ ring[publicKeyHex] = privateKeyHex;
6154
+ } catch (_e) {
6109
6155
  }
6110
6156
  }
6111
- return mem;
6157
+ return ring;
6112
6158
  }
6113
6159
  module22.exports = keyring2;
6114
6160
  }
6115
6161
  });
6162
+ var require_publickeys = __commonJS2({
6163
+ "src/publickeys.js"(exports22, module22) {
6164
+ var scan2 = require_scan();
6165
+ function publickeys2(src) {
6166
+ const { parsed } = scan2(src);
6167
+ const result = [];
6168
+ for (const name in parsed) {
6169
+ if (name.startsWith("DOTENV_PUBLIC_KEY")) {
6170
+ result.push(parsed[name][parsed[name].length - 1]);
6171
+ }
6172
+ }
6173
+ return result;
6174
+ }
6175
+ module22.exports = publickeys2;
6176
+ }
6177
+ });
6116
6178
  var require_parse = __commonJS2({
6117
6179
  "src/parse.js"(exports22, module22) {
6118
6180
  var decrypt2 = require_decrypt();
@@ -6120,32 +6182,56 @@ var require_dist = __commonJS({
6120
6182
  var encrypted2 = require_encrypted();
6121
6183
  var evaluate2 = require_evaluate();
6122
6184
  var expand2 = require_expand();
6185
+ var publickeys2 = require_publickeys();
6123
6186
  var scan2 = require_scan();
6124
6187
  function resolveEscapeSequences(value) {
6125
6188
  return value.replace(/\\\$/g, "$");
6126
6189
  }
6127
- function parse22(src, opts = {}) {
6128
- const overload = opts.overload;
6129
- const processEnv2 = opts.processEnv || process.env;
6130
- const ring = keyring2();
6190
+ function decryptWithKeyring(ring, value, publicKeyHexes) {
6191
+ const tried = {};
6192
+ for (const publicKeyHex of publicKeyHexes) {
6193
+ const privateKeyHex = ring[publicKeyHex];
6194
+ if (!privateKeyHex) {
6195
+ continue;
6196
+ }
6197
+ tried[privateKeyHex] = true;
6198
+ try {
6199
+ return decrypt2(privateKeyHex, value);
6200
+ } catch (_e) {
6201
+ }
6202
+ }
6203
+ for (const privateKeyHex of Object.values(ring)) {
6204
+ if (!privateKeyHex || tried[privateKeyHex]) {
6205
+ continue;
6206
+ }
6207
+ try {
6208
+ return decrypt2(privateKeyHex, value);
6209
+ } catch (_e) {
6210
+ }
6211
+ }
6212
+ return value;
6213
+ }
6214
+ function parse22(src, options = {}) {
6215
+ const overload = options.overload;
6216
+ const processEnv2 = options.processEnv || process.env;
6217
+ const publicKeyHexes = publickeys2(src);
6218
+ let ring = {};
6219
+ for (const publicKeyHex of publicKeyHexes) {
6220
+ ring[publicKeyHex] = "";
6221
+ }
6222
+ ring = keyring2({ processEnv: processEnv2, ring });
6131
6223
  function inProcessEnv(name) {
6132
6224
  return Object.prototype.hasOwnProperty.call(processEnv2, name);
6133
6225
  }
6134
- let publicKeyHex;
6135
- let runningParsed = {};
6136
- let literals = {};
6137
- const { parsed } = scan2(src, ({ name, value, quote }) => {
6226
+ const runningParsed = {};
6227
+ const literals = {};
6228
+ const parsed = {};
6229
+ scan2(src, ({ name, value, quote }) => {
6138
6230
  let parsedValue = value;
6139
- if (name.startsWith("DOTENV_PUBLIC_KEY")) {
6140
- publicKeyHex = parsedValue;
6141
- }
6142
6231
  if (!overload && inProcessEnv(name)) {
6143
6232
  parsedValue = processEnv2[name];
6144
6233
  }
6145
- try {
6146
- parsedValue = decrypt2(ring[publicKeyHex], parsedValue);
6147
- } catch (_e) {
6148
- }
6234
+ parsedValue = decryptWithKeyring(ring, parsedValue, publicKeyHexes);
6149
6235
  const encryptedPrefixed = encrypted2(parsedValue);
6150
6236
  let evaled = false;
6151
6237
  if (!encryptedPrefixed && quote !== "'" && (!inProcessEnv(name) || processEnv2[name] === parsedValue)) {
@@ -6165,6 +6251,7 @@ var require_dist = __commonJS({
6165
6251
  literals[name] = parsedValue;
6166
6252
  }
6167
6253
  runningParsed[name] = parsedValue;
6254
+ parsed[name] = parsedValue;
6168
6255
  if (Object.prototype.hasOwnProperty.call(processEnv2, name) && !overload) {
6169
6256
  } else {
6170
6257
  }
@@ -6177,23 +6264,52 @@ var require_dist = __commonJS({
6177
6264
  module22.exports = parse22;
6178
6265
  }
6179
6266
  });
6267
+ var require_sealed = __commonJS2({
6268
+ "src/sealed.js"(exports22, module22) {
6269
+ var encrypted2 = require_encrypted();
6270
+ var scan2 = require_scan();
6271
+ function publicKey(name) {
6272
+ return name.startsWith("DOTENV_PUBLIC_KEY");
6273
+ }
6274
+ function sealed2(src) {
6275
+ const { parsed } = scan2(src);
6276
+ for (const [name, values] of Object.entries(parsed)) {
6277
+ for (const value of values) {
6278
+ if (!encrypted2(value) && !publicKey(name)) {
6279
+ return false;
6280
+ }
6281
+ }
6282
+ }
6283
+ return true;
6284
+ }
6285
+ module22.exports = sealed2;
6286
+ }
6287
+ });
6180
6288
  var decrypt = require_decrypt();
6181
6289
  var derive = require_derive();
6290
+ var encrypt = require_encrypt();
6182
6291
  var encrypted = require_encrypted();
6183
6292
  var evaluate = require_evaluate();
6184
6293
  var expand = require_expand();
6294
+ var keypair = require_keypair();
6185
6295
  var keyring = require_keyring();
6186
6296
  var parse2 = require_parse();
6297
+ var publickeys = require_publickeys();
6187
6298
  var scan = require_scan();
6299
+ var sealed = require_sealed();
6188
6300
  module2.exports = {
6189
6301
  decrypt,
6190
6302
  derive,
6303
+ encrypt,
6191
6304
  encrypted,
6192
6305
  evaluate,
6193
6306
  expand,
6307
+ keypair,
6194
6308
  keyring,
6195
6309
  parse: parse2,
6196
- scan
6310
+ publickeys,
6311
+ scan,
6312
+ sealed
6197
6313
  };
6198
6314
  }
6199
6315
  });
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@dotenvx/next-env",
3
- "version": "2.0.2",
3
+ "version": "2.1.0",
4
4
  "description": "dotenvx drop-in replacement for @next/env",
5
5
  "license": "BSD-3-Clause",
6
6
  "repository": {
@@ -23,7 +23,7 @@
23
23
  "prepublishOnly": "npm pack --dry-run"
24
24
  },
25
25
  "devDependencies": {
26
- "@dotenvx/primitives": "0.4.0",
26
+ "@dotenvx/primitives": "^0.9.0",
27
27
  "esbuild": "^0.28.1"
28
28
  }
29
29
  }