@dotenvx/primitives 0.8.0 → 0.10.0

package/dist/index.cjs

@@ -6031,9 +6031,9 @@ var require_evaluate = __commonJS({
     function chomp(value) {
       return value.replace(/[\r\n]+$/, "");
     }
-    function evaluate2(value, opts) {
-      const processEnv = opts.processEnv || process.env;
-      const runningParsed = opts.runningParsed || {};
+    function evaluate2(value, options) {
+      const processEnv = options.processEnv || process.env;
+      const runningParsed = options.runningParsed || {};
       const matches = value.match(/\$\(([^)]+(?:\)[^(]*)*)\)/g) || [];
       return matches.reduce((newValue, match) => {
         const command = match.slice(2, -1);
@@ -6054,11 +6054,11 @@ var require_evaluate = __commonJS({
 // src/expand.js
 var require_expand = __commonJS({
   "src/expand.js"(exports2, module2) {
-    function expand2(value, opts) {
-      const overload = opts.overload;
-      const processEnv = opts.processEnv || process.env;
-      const runningParsed = opts.runningParsed || {};
-      const literals = opts.literals || {};
+    function expand2(value, options) {
+      const overload = options.overload;
+      const processEnv = options.processEnv || process.env;
+      const runningParsed = options.runningParsed || {};
+      const literals = options.literals || {};
       let env = { ...runningParsed, ...processEnv };
       if (overload) {
         env = { ...processEnv, ...runningParsed };
@@ -6146,25 +6146,25 @@ var require_scan = __commonJS({
       }
       return q;
     }
-    function clean(value, quote, opts) {
+    function clean(value, quote, options) {
       let v = trimmer(value);
       v = v.replace(/^(['"`])([\s\S]*)\1$/mg, "$2");
-      if (quote === '"' && opts.expandDoubleQuotedNewlines !== false) {
+      if (quote === '"' && options.expandDoubleQuotedNewlines !== false) {
         v = v.replace(/\\n/g, "\n");
         v = v.replace(/\\r/g, "\r");
         v = v.replace(/\\t/g, "	");
       }
       return v;
     }
-    function scan2(src, opts = {}, transform) {
-      if (typeof opts === "function") {
-        transform = opts;
-        opts = {};
+    function scan2(src, options = {}, transform) {
+      if (typeof options === "function") {
+        transform = options;
+        options = {};
       }
       const LINE = /(?:^|^)\s*(?:export\s+)?([\w.-]+)(?:\s*=\s*?|:\s+?)(\s*'(?:\\'|[^'])*'|\s*"(?:\\"|[^"])*"|\s*`(?:\\`|[^`])*`|[^#\r\n]+)?\s*(?:#.*)?(?:$|$)/mg;
       const parsed = {};
       let lines = (src || "").toString();
-      if (opts.convertWindowsNewlines !== false) {
+      if (options.convertWindowsNewlines !== false) {
         lines = lines.replace(/\r\n?/mg, "\n");
       }
       let match;
@@ -6172,7 +6172,7 @@ var require_scan = __commonJS({
         const name = match[1];
         const raw = match[2];
         const quote = getQuote(raw);
-        const value = clean(raw, quote, opts);
+        const value = clean(raw, quote, options);
         let parsedValue = value;
         if (typeof transform === "function") {
           parsedValue = transform({
@@ -6202,40 +6202,72 @@ var require_keyring = __commonJS({
       try {
         const src = fs.readFileSync(filepath, "utf8");
         const { parsed } = scan2(src);
-        const result = {};
+        const result = [];
         for (const name in parsed) {
-          result[name] = parsed[name][parsed[name].length - 1];
+          if (name.startsWith("DOTENV_PRIVATE_KEY")) {
+            result.push(parsed[name][parsed[name].length - 1]);
+          }
         }
         return result;
       } catch (_e) {
-        return {};
-      }
-    }
-    function keyring2() {
-      const mem = {};
-      const processEnv = process.env;
-      const keysFilepath = ".env.keys";
-      const sources = {
-        ...keysFromFile(keysFilepath),
-        ...processEnv
-        // process.env wins
-      };
-      for (const name in sources) {
+        return [];
+      }
+    }
+    function keyring2(options = {}) {
+      const ring = options.ring || {};
+      const provider = options.provider;
+      const processEnv = options.processEnv || process.env;
+      const keysFilepaths = Array.isArray(options.fk) ? options.fk : [options.fk || ".env.keys"];
+      const privateKeyValues = keysFilepaths.reduce((acc, filepath) => {
+        return acc.concat(keysFromFile(filepath));
+      }, []);
+      for (const name in processEnv) {
         if (name.startsWith("DOTENV_PRIVATE_KEY")) {
-          try {
-            const privateKeyHex = sources[name];
-            const publicKeyHex = derive2(privateKeyHex);
-            mem[publicKeyHex] = privateKeyHex;
-          } catch (_e) {
+          privateKeyValues.push(processEnv[name]);
+        }
+      }
+      for (const privateKeyHex of privateKeyValues) {
+        try {
+          const publicKeyHex = derive2(privateKeyHex);
+          ring[publicKeyHex] = privateKeyHex;
+        } catch (_e) {
+        }
+      }
+      if (typeof provider === "function") {
+        for (const publicKeyHex in ring) {
+          if (ring[publicKeyHex]) {
+            continue;
+          }
+          const privateKeyHex = provider(publicKeyHex);
+          if (privateKeyHex) {
+            ring[publicKeyHex] = privateKeyHex;
           }
         }
       }
-      return mem;
+      return ring;
     }
     module2.exports = keyring2;
   }
 });
 
+// src/publickeys.js
+var require_publickeys = __commonJS({
+  "src/publickeys.js"(exports2, module2) {
+    var scan2 = require_scan();
+    function publickeys2(src) {
+      const { parsed } = scan2(src);
+      const result = [];
+      for (const name in parsed) {
+        if (name.startsWith("DOTENV_PUBLIC_KEY")) {
+          result.push(parsed[name][parsed[name].length - 1]);
+        }
+      }
+      return result;
+    }
+    module2.exports = publickeys2;
+  }
+});
+
 // src/parse.js
 var require_parse = __commonJS({
   "src/parse.js"(exports2, module2) {
@@ -6244,39 +6276,56 @@ var require_parse = __commonJS({
     var encrypted2 = require_encrypted();
     var evaluate2 = require_evaluate();
     var expand2 = require_expand();
+    var publickeys2 = require_publickeys();
     var scan2 = require_scan();
     function resolveEscapeSequences(value) {
       return value.replace(/\\\$/g, "$");
     }
-    function collapse(parsed) {
-      const result = {};
-      for (const name in parsed) {
-        result[name] = parsed[name][parsed[name].length - 1];
+    function decryptWithKeyring(ring, value, publicKeyHexes) {
+      const tried = {};
+      for (const publicKeyHex of publicKeyHexes) {
+        const privateKeyHex = ring[publicKeyHex];
+        if (!privateKeyHex) {
+          continue;
+        }
+        tried[privateKeyHex] = true;
+        try {
+          return decrypt2(privateKeyHex, value);
+        } catch (_e) {
+        }
       }
-      return result;
+      for (const privateKeyHex of Object.values(ring)) {
+        if (!privateKeyHex || tried[privateKeyHex]) {
+          continue;
+        }
+        try {
+          return decrypt2(privateKeyHex, value);
+        } catch (_e) {
+        }
+      }
+      return value;
     }
-    function parse2(src, opts = {}) {
-      const overload = opts.overload;
-      const processEnv = opts.processEnv || process.env;
-      const ring = keyring2();
+    function parse2(src, options = {}) {
+      const overload = options.overload;
+      const processEnv = options.processEnv || process.env;
+      const publicKeyHexes = publickeys2(src);
+      let ring = {};
+      for (const publicKeyHex of publicKeyHexes) {
+        ring[publicKeyHex] = "";
+      }
+      ring = keyring2({ processEnv, ring });
       function inProcessEnv(name) {
         return Object.prototype.hasOwnProperty.call(processEnv, name);
       }
-      let publicKeyHex;
       const runningParsed = {};
       const literals = {};
-      const { parsed } = scan2(src, ({ name, value, quote }) => {
+      const parsed = {};
+      scan2(src, ({ name, value, quote }) => {
         let parsedValue = value;
-        if (name.startsWith("DOTENV_PUBLIC_KEY")) {
-          publicKeyHex = parsedValue;
-        }
         if (!overload && inProcessEnv(name)) {
           parsedValue = processEnv[name];
         }
-        try {
-          parsedValue = decrypt2(ring[publicKeyHex], parsedValue);
-        } catch (_e) {
-        }
+        parsedValue = decryptWithKeyring(ring, parsedValue, publicKeyHexes);
         const encryptedPrefixed = encrypted2(parsedValue);
         let evaled = false;
         if (!encryptedPrefixed && quote !== "'" && (!inProcessEnv(name) || processEnv[name] === parsedValue)) {
@@ -6296,13 +6345,14 @@ var require_parse = __commonJS({
           literals[name] = parsedValue;
         }
         runningParsed[name] = parsedValue;
+        parsed[name] = parsedValue;
         if (Object.prototype.hasOwnProperty.call(processEnv, name) && !overload) {
         } else {
         }
         return parsedValue;
       });
       return {
-        parsed: collapse(parsed)
+        parsed
       };
     }
     module2.exports = parse2;
@@ -6342,6 +6392,7 @@ var expand = require_expand();
 var keypair = require_keypair();
 var keyring = require_keyring();
 var parse = require_parse();
+var publickeys = require_publickeys();
 var scan = require_scan();
 var sealed = require_sealed();
 module.exports = {
@@ -6354,6 +6405,7 @@ module.exports = {
   keypair,
   keyring,
   parse,
+  publickeys,
   scan,
   sealed
 };

package/package.json

@@ -1,5 +1,5 @@
 {
-  "version": "0.8.0",
+  "version": "0.10.0",
   "name": "@dotenvx/primitives",
   "description": "a secure dotenv–from the creator of `dotenv`",
   "author": "@motdotla",