npm - @dotenvx/primitives - Versions diffs - 0.8.0 → 0.9.0 - Mend

@dotenvx/primitives 0.8.0 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.cjs +95 -55
package/package.json +1 -1

package/dist/index.cjs CHANGED Viewed

@@ -6031,9 +6031,9 @@ var require_evaluate = __commonJS({
     function chomp(value) {
       return value.replace(/[\r\n]+$/, "");
     }
-    function evaluate2(value, opts) {
-      const processEnv = opts.processEnv || process.env;
-      const runningParsed = opts.runningParsed || {};
+    function evaluate2(value, options) {
+      const processEnv = options.processEnv || process.env;
+      const runningParsed = options.runningParsed || {};
       const matches = value.match(/\$\(([^)]+(?:\)[^(]*)*)\)/g) || [];
       return matches.reduce((newValue, match) => {
         const command = match.slice(2, -1);
@@ -6054,11 +6054,11 @@ var require_evaluate = __commonJS({
 // src/expand.js
 var require_expand = __commonJS({
   "src/expand.js"(exports2, module2) {
-    function expand2(value, opts) {
-      const overload = opts.overload;
-      const processEnv = opts.processEnv || process.env;
-      const runningParsed = opts.runningParsed || {};
-      const literals = opts.literals || {};
+    function expand2(value, options) {
+      const overload = options.overload;
+      const processEnv = options.processEnv || process.env;
+      const runningParsed = options.runningParsed || {};
+      const literals = options.literals || {};
       let env = { ...runningParsed, ...processEnv };
       if (overload) {
         env = { ...processEnv, ...runningParsed };
@@ -6146,25 +6146,25 @@ var require_scan = __commonJS({
       }
       return q;
     }
-    function clean(value, quote, opts) {
+    function clean(value, quote, options) {
       let v = trimmer(value);
       v = v.replace(/^(['"`])([\s\S]*)\1$/mg, "$2");
-      if (quote === '"' && opts.expandDoubleQuotedNewlines !== false) {
+      if (quote === '"' && options.expandDoubleQuotedNewlines !== false) {
         v = v.replace(/\\n/g, "\n");
         v = v.replace(/\\r/g, "\r");
         v = v.replace(/\\t/g, "	");
       }
       return v;
     }
-    function scan2(src, opts = {}, transform) {
-      if (typeof opts === "function") {
-        transform = opts;
-        opts = {};
+    function scan2(src, options = {}, transform) {
+      if (typeof options === "function") {
+        transform = options;
+        options = {};
       }
       const LINE = /(?:^|^)\s*(?:export\s+)?([\w.-]+)(?:\s*=\s*?|:\s+?)(\s*'(?:\\'|[^'])*'|\s*"(?:\\"|[^"])*"|\s*`(?:\\`|[^`])*`|[^#\r\n]+)?\s*(?:#.*)?(?:$|$)/mg;
       const parsed = {};
       let lines = (src || "").toString();
-      if (opts.convertWindowsNewlines !== false) {
+      if (options.convertWindowsNewlines !== false) {
         lines = lines.replace(/\r\n?/mg, "\n");
       }
       let match;
@@ -6172,7 +6172,7 @@ var require_scan = __commonJS({
         const name = match[1];
         const raw = match[2];
         const quote = getQuote(raw);
-        const value = clean(raw, quote, opts);
+        const value = clean(raw, quote, options);
         let parsedValue = value;
         if (typeof transform === "function") {
           parsedValue = transform({
@@ -6202,40 +6202,60 @@ var require_keyring = __commonJS({
       try {
         const src = fs.readFileSync(filepath, "utf8");
         const { parsed } = scan2(src);
-        const result = {};
+        const result = [];
         for (const name in parsed) {
-          result[name] = parsed[name][parsed[name].length - 1];
+          if (name.startsWith("DOTENV_PRIVATE_KEY")) {
+            result.push(parsed[name][parsed[name].length - 1]);
+          }
         }
         return result;
       } catch (_e) {
-        return {};
+        return [];
       }
     }
-    function keyring2() {
-      const mem = {};
-      const processEnv = process.env;
-      const keysFilepath = ".env.keys";
-      const sources = {
-        ...keysFromFile(keysFilepath),
-        ...processEnv
-        // process.env wins
-      };
-      for (const name in sources) {
+    function keyring2(options = {}) {
+      const ring = options.ring || {};
+      const processEnv = options.processEnv || process.env;
+      const keysFilepaths = Array.isArray(options.fk) ? options.fk : [options.fk || ".env.keys"];
+      const privateKeyValues = keysFilepaths.reduce((acc, filepath) => {
+        return acc.concat(keysFromFile(filepath));
+      }, []);
+      for (const name in processEnv) {
         if (name.startsWith("DOTENV_PRIVATE_KEY")) {
-          try {
-            const privateKeyHex = sources[name];
-            const publicKeyHex = derive2(privateKeyHex);
-            mem[publicKeyHex] = privateKeyHex;
-          } catch (_e) {
-          }
+          privateKeyValues.push(processEnv[name]);
         }
       }
-      return mem;
+      for (const privateKeyHex of privateKeyValues) {
+        try {
+          const publicKeyHex = derive2(privateKeyHex);
+          ring[publicKeyHex] = privateKeyHex;
+        } catch (_e) {
+        }
+      }
+      return ring;
     }
     module2.exports = keyring2;
   }
 });
+// src/publickeys.js
+var require_publickeys = __commonJS({
+  "src/publickeys.js"(exports2, module2) {
+    var scan2 = require_scan();
+    function publickeys2(src) {
+      const { parsed } = scan2(src);
+      const result = [];
+      for (const name in parsed) {
+        if (name.startsWith("DOTENV_PUBLIC_KEY")) {
+          result.push(parsed[name][parsed[name].length - 1]);
+        }
+      }
+      return result;
+    }
+    module2.exports = publickeys2;
+  }
+});
 // src/parse.js
 var require_parse = __commonJS({
   "src/parse.js"(exports2, module2) {
@@ -6244,39 +6264,56 @@ var require_parse = __commonJS({
     var encrypted2 = require_encrypted();
     var evaluate2 = require_evaluate();
     var expand2 = require_expand();
+    var publickeys2 = require_publickeys();
     var scan2 = require_scan();
     function resolveEscapeSequences(value) {
       return value.replace(/\\\$/g, "$");
     }
-    function collapse(parsed) {
-      const result = {};
-      for (const name in parsed) {
-        result[name] = parsed[name][parsed[name].length - 1];
+    function decryptWithKeyring(ring, value, publicKeyHexes) {
+      const tried = {};
+      for (const publicKeyHex of publicKeyHexes) {
+        const privateKeyHex = ring[publicKeyHex];
+        if (!privateKeyHex) {
+          continue;
+        }
+        tried[privateKeyHex] = true;
+        try {
+          return decrypt2(privateKeyHex, value);
+        } catch (_e) {
+        }
       }
-      return result;
+      for (const privateKeyHex of Object.values(ring)) {
+        if (!privateKeyHex || tried[privateKeyHex]) {
+          continue;
+        }
+        try {
+          return decrypt2(privateKeyHex, value);
+        } catch (_e) {
+        }
+      }
+      return value;
     }
-    function parse2(src, opts = {}) {
-      const overload = opts.overload;
-      const processEnv = opts.processEnv || process.env;
-      const ring = keyring2();
+    function parse2(src, options = {}) {
+      const overload = options.overload;
+      const processEnv = options.processEnv || process.env;
+      const publicKeyHexes = publickeys2(src);
+      let ring = {};
+      for (const publicKeyHex of publicKeyHexes) {
+        ring[publicKeyHex] = "";
+      }
+      ring = keyring2({ processEnv, ring });
       function inProcessEnv(name) {
         return Object.prototype.hasOwnProperty.call(processEnv, name);
       }
-      let publicKeyHex;
       const runningParsed = {};
       const literals = {};
-      const { parsed } = scan2(src, ({ name, value, quote }) => {
+      const parsed = {};
+      scan2(src, ({ name, value, quote }) => {
         let parsedValue = value;
-        if (name.startsWith("DOTENV_PUBLIC_KEY")) {
-          publicKeyHex = parsedValue;
-        }
         if (!overload && inProcessEnv(name)) {
           parsedValue = processEnv[name];
         }
-        try {
-          parsedValue = decrypt2(ring[publicKeyHex], parsedValue);
-        } catch (_e) {
-        }
+        parsedValue = decryptWithKeyring(ring, parsedValue, publicKeyHexes);
         const encryptedPrefixed = encrypted2(parsedValue);
         let evaled = false;
         if (!encryptedPrefixed && quote !== "'" && (!inProcessEnv(name) || processEnv[name] === parsedValue)) {
@@ -6296,13 +6333,14 @@ var require_parse = __commonJS({
           literals[name] = parsedValue;
         }
         runningParsed[name] = parsedValue;
+        parsed[name] = parsedValue;
         if (Object.prototype.hasOwnProperty.call(processEnv, name) && !overload) {
         } else {
         }
         return parsedValue;
       });
       return {
-        parsed: collapse(parsed)
+        parsed
       };
     }
     module2.exports = parse2;
@@ -6342,6 +6380,7 @@ var expand = require_expand();
 var keypair = require_keypair();
 var keyring = require_keyring();
 var parse = require_parse();
+var publickeys = require_publickeys();
 var scan = require_scan();
 var sealed = require_sealed();
 module.exports = {
@@ -6354,6 +6393,7 @@ module.exports = {
   keypair,
   keyring,
   parse,
+  publickeys,
   scan,
   sealed
 };

package/package.json CHANGED Viewed

@@ -1,5 +1,5 @@
 {
-  "version": "0.8.0",
+  "version": "0.9.0",
   "name": "@dotenvx/primitives",
   "description": "a secure dotenv–from the creator of `dotenv`",
   "author": "@motdotla",