@dotenvx/primitives 0.7.1 → 0.9.0

package/dist/index.cjs

@@ -6031,9 +6031,9 @@ var require_evaluate = __commonJS({
     function chomp(value) {
       return value.replace(/[\r\n]+$/, "");
     }
-    function evaluate2(value, opts) {
-      const processEnv = opts.processEnv || process.env;
-      const runningParsed = opts.runningParsed || {};
+    function evaluate2(value, options) {
+      const processEnv = options.processEnv || process.env;
+      const runningParsed = options.runningParsed || {};
       const matches = value.match(/\$\(([^)]+(?:\)[^(]*)*)\)/g) || [];
       return matches.reduce((newValue, match) => {
         const command = match.slice(2, -1);
@@ -6054,11 +6054,11 @@ var require_evaluate = __commonJS({
 // src/expand.js
 var require_expand = __commonJS({
   "src/expand.js"(exports2, module2) {
-    function expand2(value, opts) {
-      const overload = opts.overload;
-      const processEnv = opts.processEnv || process.env;
-      const runningParsed = opts.runningParsed || {};
-      const literals = opts.literals || {};
+    function expand2(value, options) {
+      const overload = options.overload;
+      const processEnv = options.processEnv || process.env;
+      const runningParsed = options.runningParsed || {};
+      const literals = options.literals || {};
       let env = { ...runningParsed, ...processEnv };
       if (overload) {
         env = { ...processEnv, ...runningParsed };
@@ -6146,26 +6146,33 @@ var require_scan = __commonJS({
       }
       return q;
     }
-    function clean(value, quote) {
+    function clean(value, quote, options) {
       let v = trimmer(value);
       v = v.replace(/^(['"`])([\s\S]*)\1$/mg, "$2");
-      if (quote === '"') {
+      if (quote === '"' && options.expandDoubleQuotedNewlines !== false) {
         v = v.replace(/\\n/g, "\n");
         v = v.replace(/\\r/g, "\r");
         v = v.replace(/\\t/g, "	");
       }
       return v;
     }
-    function scan2(src, transform) {
+    function scan2(src, options = {}, transform) {
+      if (typeof options === "function") {
+        transform = options;
+        options = {};
+      }
       const LINE = /(?:^|^)\s*(?:export\s+)?([\w.-]+)(?:\s*=\s*?|:\s+?)(\s*'(?:\\'|[^'])*'|\s*"(?:\\"|[^"])*"|\s*`(?:\\`|[^`])*`|[^#\r\n]+)?\s*(?:#.*)?(?:$|$)/mg;
       const parsed = {};
-      const lines = (src || "").toString().replace(/\r\n?/mg, "\n");
+      let lines = (src || "").toString();
+      if (options.convertWindowsNewlines !== false) {
+        lines = lines.replace(/\r\n?/mg, "\n");
+      }
       let match;
       while ((match = LINE.exec(lines)) !== null) {
         const name = match[1];
         const raw = match[2];
         const quote = getQuote(raw);
-        const value = clean(raw, quote);
+        const value = clean(raw, quote, options);
         let parsedValue = value;
         if (typeof transform === "function") {
           parsedValue = transform({
@@ -6174,7 +6181,8 @@ var require_scan = __commonJS({
             quote
           });
         }
-        parsed[name] = parsedValue;
+        parsed[name] = parsed[name] || [];
+        parsed[name].push(parsedValue);
       }
       return {
         parsed
@@ -6194,36 +6202,60 @@ var require_keyring = __commonJS({
       try {
         const src = fs.readFileSync(filepath, "utf8");
         const { parsed } = scan2(src);
-        return parsed;
+        const result = [];
+        for (const name in parsed) {
+          if (name.startsWith("DOTENV_PRIVATE_KEY")) {
+            result.push(parsed[name][parsed[name].length - 1]);
+          }
+        }
+        return result;
       } catch (_e) {
-        return {};
+        return [];
       }
     }
-    function keyring2() {
-      const mem = {};
-      const processEnv = process.env;
-      const keysFilepath = ".env.keys";
-      const sources = {
-        ...keysFromFile(keysFilepath),
-        ...processEnv
-        // process.env wins
-      };
-      for (const name in sources) {
+    function keyring2(options = {}) {
+      const ring = options.ring || {};
+      const processEnv = options.processEnv || process.env;
+      const keysFilepaths = Array.isArray(options.fk) ? options.fk : [options.fk || ".env.keys"];
+      const privateKeyValues = keysFilepaths.reduce((acc, filepath) => {
+        return acc.concat(keysFromFile(filepath));
+      }, []);
+      for (const name in processEnv) {
         if (name.startsWith("DOTENV_PRIVATE_KEY")) {
-          try {
-            const privateKeyHex = sources[name];
-            const publicKeyHex = derive2(privateKeyHex);
-            mem[publicKeyHex] = privateKeyHex;
-          } catch (_e) {
-          }
+          privateKeyValues.push(processEnv[name]);
         }
       }
-      return mem;
+      for (const privateKeyHex of privateKeyValues) {
+        try {
+          const publicKeyHex = derive2(privateKeyHex);
+          ring[publicKeyHex] = privateKeyHex;
+        } catch (_e) {
+        }
+      }
+      return ring;
     }
     module2.exports = keyring2;
   }
 });
 
+// src/publickeys.js
+var require_publickeys = __commonJS({
+  "src/publickeys.js"(exports2, module2) {
+    var scan2 = require_scan();
+    function publickeys2(src) {
+      const { parsed } = scan2(src);
+      const result = [];
+      for (const name in parsed) {
+        if (name.startsWith("DOTENV_PUBLIC_KEY")) {
+          result.push(parsed[name][parsed[name].length - 1]);
+        }
+      }
+      return result;
+    }
+    module2.exports = publickeys2;
+  }
+});
+
 // src/parse.js
 var require_parse = __commonJS({
   "src/parse.js"(exports2, module2) {
@@ -6232,32 +6264,56 @@ var require_parse = __commonJS({
     var encrypted2 = require_encrypted();
     var evaluate2 = require_evaluate();
     var expand2 = require_expand();
+    var publickeys2 = require_publickeys();
     var scan2 = require_scan();
     function resolveEscapeSequences(value) {
       return value.replace(/\\\$/g, "$");
     }
-    function parse2(src, opts = {}) {
-      const overload = opts.overload;
-      const processEnv = opts.processEnv || process.env;
-      const ring = keyring2();
+    function decryptWithKeyring(ring, value, publicKeyHexes) {
+      const tried = {};
+      for (const publicKeyHex of publicKeyHexes) {
+        const privateKeyHex = ring[publicKeyHex];
+        if (!privateKeyHex) {
+          continue;
+        }
+        tried[privateKeyHex] = true;
+        try {
+          return decrypt2(privateKeyHex, value);
+        } catch (_e) {
+        }
+      }
+      for (const privateKeyHex of Object.values(ring)) {
+        if (!privateKeyHex || tried[privateKeyHex]) {
+          continue;
+        }
+        try {
+          return decrypt2(privateKeyHex, value);
+        } catch (_e) {
+        }
+      }
+      return value;
+    }
+    function parse2(src, options = {}) {
+      const overload = options.overload;
+      const processEnv = options.processEnv || process.env;
+      const publicKeyHexes = publickeys2(src);
+      let ring = {};
+      for (const publicKeyHex of publicKeyHexes) {
+        ring[publicKeyHex] = "";
+      }
+      ring = keyring2({ processEnv, ring });
       function inProcessEnv(name) {
         return Object.prototype.hasOwnProperty.call(processEnv, name);
       }
-      let publicKeyHex;
       const runningParsed = {};
       const literals = {};
-      const { parsed } = scan2(src, ({ name, value, quote }) => {
+      const parsed = {};
+      scan2(src, ({ name, value, quote }) => {
         let parsedValue = value;
-        if (name.startsWith("DOTENV_PUBLIC_KEY")) {
-          publicKeyHex = parsedValue;
-        }
         if (!overload && inProcessEnv(name)) {
           parsedValue = processEnv[name];
         }
-        try {
-          parsedValue = decrypt2(ring[publicKeyHex], parsedValue);
-        } catch (_e) {
-        }
+        parsedValue = decryptWithKeyring(ring, parsedValue, publicKeyHexes);
         const encryptedPrefixed = encrypted2(parsedValue);
         let evaled = false;
         if (!encryptedPrefixed && quote !== "'" && (!inProcessEnv(name) || processEnv[name] === parsedValue)) {
@@ -6277,6 +6333,7 @@ var require_parse = __commonJS({
           literals[name] = parsedValue;
         }
         runningParsed[name] = parsedValue;
+        parsed[name] = parsedValue;
         if (Object.prototype.hasOwnProperty.call(processEnv, name) && !overload) {
         } else {
         }
@@ -6290,6 +6347,29 @@ var require_parse = __commonJS({
   }
 });
 
+// src/sealed.js
+var require_sealed = __commonJS({
+  "src/sealed.js"(exports2, module2) {
+    var encrypted2 = require_encrypted();
+    var scan2 = require_scan();
+    function publicKey(name) {
+      return name.startsWith("DOTENV_PUBLIC_KEY");
+    }
+    function sealed2(src) {
+      const { parsed } = scan2(src);
+      for (const [name, values] of Object.entries(parsed)) {
+        for (const value of values) {
+          if (!encrypted2(value) && !publicKey(name)) {
+            return false;
+          }
+        }
+      }
+      return true;
+    }
+    module2.exports = sealed2;
+  }
+});
+
 // src/index.js
 var decrypt = require_decrypt();
 var derive = require_derive();
@@ -6300,7 +6380,9 @@ var expand = require_expand();
 var keypair = require_keypair();
 var keyring = require_keyring();
 var parse = require_parse();
+var publickeys = require_publickeys();
 var scan = require_scan();
+var sealed = require_sealed();
 module.exports = {
   decrypt,
   derive,
@@ -6311,5 +6393,7 @@ module.exports = {
   keypair,
   keyring,
   parse,
-  scan
+  publickeys,
+  scan,
+  sealed
 };

package/package.json

@@ -1,5 +1,5 @@
 {
-  "version": "0.7.1",
+  "version": "0.9.0",
   "name": "@dotenvx/primitives",
   "description": "a secure dotenv–from the creator of `dotenv`",
   "author": "@motdotla",