@karmaniverous/get-dotenv 6.3.0 → 6.5.0

package/README.md

@@ -22,7 +22,7 @@ See full guides:
 
 - [Getting started](./guides/getting-started.md)
 - [Config and overlays](./guides/config.md) (dynamic, validation, defaults):
-- [Dotenv editor (format-preserving)](./guides/dotenv-editor.md)
+- [Dotenv editor (format-preserving)](./guides/dotenv-editor.md)
 - [Shell execution behavior, quoting, capture](./guides/shell.md)
 - [Shipped plugins](./guides/shipped/index.md)
 - [Authoring plugins](./guides/authoring/index.md) (host, lifecycle, exec, diagnostics)

package/dist/chunks/{AwsRestJsonProtocol-Dv5q8CFK.mjs → AwsRestJsonProtocol-D_GDWyaH.mjs}

@@ -1,5 +1,5 @@
-import { av as HttpProtocol, aw as NormalizedSchema, H as HttpRequest, ax as translateTraits, ay as extendedEncodeURIComponent, az as collectBody, aA as splitHeader, aB as SerdeContext, aC as FromStringShapeDeserializer, t as toUtf8, i as fromUtf8, aD as v4, aE as LazyJsonString, n as toBase64, aF as determineTimestampFormat, aG as dateToUtcString, aH as NumericValue, aI as SerdeContextConfig, aJ as deserializingStructIterator, m as fromBase64, aK as parseEpochTimestamp, aL as parseRfc7231DateTime, aM as parseRfc3339DateTimeWithOffset, aN as serializingStructIterator, aO as ProtocolLib, an as TypeRegistry } from './index-BNcKuiBy.mjs';
-import { s as sdkStreamMixin } from './sdk-stream-mixin-DCdC70Up.mjs';
+import { av as HttpProtocol, aw as NormalizedSchema, H as HttpRequest, ax as translateTraits, ay as extendedEncodeURIComponent, az as collectBody, aA as splitHeader, aB as SerdeContext, aC as FromStringShapeDeserializer, t as toUtf8, i as fromUtf8, aD as v4, aE as LazyJsonString, n as toBase64, aF as determineTimestampFormat, aG as dateToUtcString, aH as NumericValue, aI as SerdeContextConfig, aJ as deserializingStructIterator, m as fromBase64, aK as parseEpochTimestamp, aL as parseRfc7231DateTime, aM as parseRfc3339DateTimeWithOffset, aN as serializingStructIterator, aO as ProtocolLib, an as TypeRegistry } from './index-BCVlyd0W.mjs';
+import { s as sdkStreamMixin } from './sdk-stream-mixin-BDitDomf.mjs';
 
 function quoteHeader(part) {
     if (part.includes(",") || part.includes('"')) {

package/dist/chunks/{createCli-BSn6Be40.mjs → createCli-Ct22WCEC.mjs}

@@ -1,21 +1,24 @@
 import 'zod';
 import 'path';
-import { r as resolveGetDotenvConfigSources } from './loader-CePOf74i.mjs';
+import { r as resolveGetDotenvConfigSources } from './loader-CE4HSRN4.mjs';
+import 'nanoid';
 import 'fs-extra';
-import { a as defaultsDeep, g as getDotenvCliOptions2Options, b as baseRootOptionDefaults, G as GetDotenvCli, c as attachRootOptions } from './readMergedOptions-DLBDzpXX.mjs';
 import 'node:path';
+import 'radash';
+import 'node:buffer';
+import { a as defaultsDeep, g as getDotenvCliOptions2Options, b as baseRootOptionDefaults, G as GetDotenvCli, c as attachRootOptions } from './readMergedOptions-DLRFU2qO.mjs';
 import 'crypto';
 import 'url';
-import 'nanoid';
+import '@commander-js/extra-typings';
 import 'dotenv';
 import 'execa';
 import { t as toHelpConfig } from './helpConfig-CGejgwWW.mjs';
-import { r as resolveCliOptions } from './resolveCliOptions-_qtsVxda.mjs';
+import { r as resolveCliOptions } from './resolveCliOptions-C6oeNl9S.mjs';
 import { v as validateEnvAgainstSources } from './validate-CDl0rE6k.mjs';
 import { awsPlugin } from '../plugins-aws.mjs';
-import { a as awsWhoamiPlugin } from './index-BNcKuiBy.mjs';
+import { a as awsWhoamiPlugin } from './index-BCVlyd0W.mjs';
 import { batchPlugin } from '../plugins-batch.mjs';
-import { c as cmdPlugin } from './index-BqZ3PB6c.mjs';
+import { c as cmdPlugin } from './index-BzOeGJbq.mjs';
 import { initPlugin } from '../plugins-init.mjs';
 
 const dbg = (...args) => {

package/dist/chunks/{externalDataInterceptor-pqHO-Qmn.mjs → externalDataInterceptor-BRIxrVUl.mjs}

@@ -1,5 +1,5 @@
-import { t as tokenIntercept } from './getSSOTokenFromFile-otmZHSRV.mjs';
-import { h as fileIntercept } from './index-BNcKuiBy.mjs';
+import { t as tokenIntercept } from './getSSOTokenFromFile-TYPZln9_.mjs';
+import { h as fileIntercept } from './index-BCVlyd0W.mjs';
 
 const externalDataInterceptor = {
     getFileRecord() {

package/dist/chunks/{getSSOTokenFromFile-otmZHSRV.mjs → getSSOTokenFromFile-TYPZln9_.mjs}

@@ -1,7 +1,7 @@
 import { readFile } from 'fs/promises';
 import { createHash } from 'crypto';
 import { join } from 'path';
-import { j as getHomeDir } from './index-BNcKuiBy.mjs';
+import { j as getHomeDir } from './index-BCVlyd0W.mjs';
 
 const getSSOTokenFilepath = (id) => {
     const hasher = createHash("sha1");

package/dist/chunks/{index-C4Ac6feq.mjs → index-5AyAFomx.mjs}

@@ -1,20 +1,22 @@
-import { aq as ProviderError, ar as IniSectionType, as as CONFIG_PREFIX_SEPARATOR, v as readFile, at as getConfigFilepath, au as parseIni, k as getProfileName, C as CredentialsProviderError, s as setCredentialFeature } from './index-BNcKuiBy.mjs';
+import { aq as ProviderError, ar as IniSectionType, as as CONFIG_PREFIX_SEPARATOR, v as readFile, at as getConfigFilepath, au as parseIni, k as getProfileName, C as CredentialsProviderError, s as setCredentialFeature } from './index-BCVlyd0W.mjs';
 import { promises } from 'fs';
-import { g as getSSOTokenFilepath, a as getSSOTokenFromFile } from './getSSOTokenFromFile-otmZHSRV.mjs';
-import { p as parseKnownFiles } from './parseKnownFiles-B6x1cUmR.mjs';
-import './readMergedOptions-DLBDzpXX.mjs';
+import { g as getSSOTokenFilepath, a as getSSOTokenFromFile } from './getSSOTokenFromFile-TYPZln9_.mjs';
+import { p as parseKnownFiles } from './parseKnownFiles-CejYPe7q.mjs';
+import './readMergedOptions-DLRFU2qO.mjs';
 import 'zod';
 import '@commander-js/extra-typings';
-import './overlayEnv-Bqh_kPGA.mjs';
+import './readDotenvCascade-Bymjvyit.mjs';
 import 'fs-extra';
+import 'radash';
+import 'node:buffer';
 import 'node:path';
 import './loadModuleDefault-Dj8B3Stt.mjs';
 import 'crypto';
 import 'path';
 import 'url';
-import 'nanoid';
 import 'dotenv';
-import './loader-CePOf74i.mjs';
+import 'nanoid';
+import './loader-CE4HSRN4.mjs';
 import 'package-directory';
 import 'yaml';
 import 'execa';
@@ -57,7 +59,7 @@ const EXPIRE_WINDOW_MS = 5 * 60 * 1000;
 const REFRESH_MESSAGE = `To refresh this SSO session run 'aws sso login' with the corresponding profile.`;
 
 const getSsoOidcClient = async (ssoRegion, init = {}) => {
-    const { SSOOIDCClient } = await import('./index-CXpZ0pei.mjs');
+    const { SSOOIDCClient } = await import('./index-5NxTUVel.mjs');
     const coalesce = (prop) => init.clientConfig?.[prop] ?? init.parentClientConfig?.[prop];
     const ssoOidcClient = new SSOOIDCClient(Object.assign({}, init.clientConfig ?? {}, {
         region: ssoRegion ?? init.clientConfig?.region,
@@ -68,7 +70,7 @@ const getSsoOidcClient = async (ssoRegion, init = {}) => {
 };
 
 const getNewSsoOidcToken = async (ssoToken, ssoRegion, init = {}) => {
-    const { CreateTokenCommand } = await import('./index-CXpZ0pei.mjs');
+    const { CreateTokenCommand } = await import('./index-5NxTUVel.mjs');
     const ssoOidcClient = await getSsoOidcClient(ssoRegion, init);
     return ssoOidcClient.send(new CreateTokenCommand({
         clientId: ssoToken.clientId,
@@ -221,7 +223,7 @@ const resolveSSOCredentials = async ({ ssoStartUrl, ssoSession, ssoAccountId, ss
         });
     }
     const { accessToken } = token;
-    const { SSOClient, GetRoleCredentialsCommand } = await import('./loadSso-CJ_XUhEj.mjs');
+    const { SSOClient, GetRoleCredentialsCommand } = await import('./loadSso-BnjVSVhE.mjs');
     const sso = ssoClient ||
         new SSOClient(Object.assign({}, clientConfig ?? {}, {
             logger: clientConfig?.logger ?? parentClientConfig?.logger,

package/dist/chunks/{index-CXpZ0pei.mjs → index-5NxTUVel.mjs}

@@ -1,19 +1,21 @@
-import { w as resolveAwsSdkSigV4Config, x as normalizeProvider, y as getSmithyContext, z as EndpointCache, A as resolveEndpoint, B as awsEndpointFunctions, D as customEndpointFunctions, t as toUtf8, i as fromUtf8, F as parseUrl, G as NoOpLogger, I as AwsSdkSigV4Signer, J as NoAuthSigner, n as toBase64, m as fromBase64, K as emitWarningIfUnsupportedVersion, L as resolveDefaultsModeConfig, M as emitWarningIfUnsupportedVersion$1, O as loadConfig, r as streamCollector, P as Hash, N as NodeHttpHandler, Q as createDefaultUserAgentProvider, R as calculateBodyLength, S as NODE_APP_ID_CONFIG_OPTIONS, T as NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS, U as NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS, V as NODE_RETRY_MODE_CONFIG_OPTIONS, W as DEFAULT_RETRY_MODE, X as NODE_REGION_CONFIG_FILE_OPTIONS, Y as NODE_REGION_CONFIG_OPTIONS, Z as NODE_MAX_ATTEMPT_CONFIG_OPTIONS, _ as NODE_AUTH_SCHEME_PREFERENCE_OPTIONS, $ as loadConfigsForDefaultMode, a0 as getAwsRegionExtensionConfiguration, a1 as getDefaultExtensionConfiguration, a2 as getHttpHandlerExtensionConfiguration, a3 as resolveAwsRegionExtensionConfiguration, a4 as resolveDefaultRuntimeConfig, a5 as resolveHttpHandlerRuntimeConfig, a6 as Client, a7 as resolveUserAgentConfig, a8 as resolveRetryConfig, a9 as resolveRegionConfig, aa as resolveEndpointConfig, ab as resolveHostHeaderConfig, ac as getSchemaSerdePlugin, ad as getUserAgentPlugin, ae as getRetryPlugin, af as getContentLengthPlugin, ag as getHostHeaderPlugin, ah as getLoggerPlugin, ai as getRecursionDetectionPlugin, aj as getHttpAuthSchemeEndpointRuleSetPlugin, ak as DefaultIdentityProviderConfig, al as getHttpSigningPlugin, am as ServiceException, an as TypeRegistry, ao as Command, ap as getEndpointPlugin } from './index-BNcKuiBy.mjs';
+import { w as resolveAwsSdkSigV4Config, x as normalizeProvider, y as getSmithyContext, z as EndpointCache, A as resolveEndpoint, B as awsEndpointFunctions, D as customEndpointFunctions, t as toUtf8, i as fromUtf8, F as parseUrl, G as NoOpLogger, I as AwsSdkSigV4Signer, J as NoAuthSigner, n as toBase64, m as fromBase64, K as emitWarningIfUnsupportedVersion, L as resolveDefaultsModeConfig, M as emitWarningIfUnsupportedVersion$1, O as loadConfig, r as streamCollector, P as Hash, N as NodeHttpHandler, Q as createDefaultUserAgentProvider, R as calculateBodyLength, S as NODE_APP_ID_CONFIG_OPTIONS, T as NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS, U as NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS, V as NODE_RETRY_MODE_CONFIG_OPTIONS, W as DEFAULT_RETRY_MODE, X as NODE_REGION_CONFIG_FILE_OPTIONS, Y as NODE_REGION_CONFIG_OPTIONS, Z as NODE_MAX_ATTEMPT_CONFIG_OPTIONS, _ as NODE_AUTH_SCHEME_PREFERENCE_OPTIONS, $ as loadConfigsForDefaultMode, a0 as getAwsRegionExtensionConfiguration, a1 as getDefaultExtensionConfiguration, a2 as getHttpHandlerExtensionConfiguration, a3 as resolveAwsRegionExtensionConfiguration, a4 as resolveDefaultRuntimeConfig, a5 as resolveHttpHandlerRuntimeConfig, a6 as Client, a7 as resolveUserAgentConfig, a8 as resolveRetryConfig, a9 as resolveRegionConfig, aa as resolveEndpointConfig, ab as resolveHostHeaderConfig, ac as getSchemaSerdePlugin, ad as getUserAgentPlugin, ae as getRetryPlugin, af as getContentLengthPlugin, ag as getHostHeaderPlugin, ah as getLoggerPlugin, ai as getRecursionDetectionPlugin, aj as getHttpAuthSchemeEndpointRuleSetPlugin, ak as DefaultIdentityProviderConfig, al as getHttpSigningPlugin, am as ServiceException, an as TypeRegistry, ao as Command, ap as getEndpointPlugin } from './index-BCVlyd0W.mjs';
 import { p as packageInfo } from './package-boo9EyYs.mjs';
-import { A as AwsRestJsonProtocol } from './AwsRestJsonProtocol-Dv5q8CFK.mjs';
-import './readMergedOptions-DLBDzpXX.mjs';
+import { A as AwsRestJsonProtocol } from './AwsRestJsonProtocol-D_GDWyaH.mjs';
+import './readMergedOptions-DLRFU2qO.mjs';
 import 'zod';
 import '@commander-js/extra-typings';
-import './overlayEnv-Bqh_kPGA.mjs';
+import './readDotenvCascade-Bymjvyit.mjs';
 import 'fs-extra';
+import 'radash';
+import 'node:buffer';
 import 'node:path';
 import './loadModuleDefault-Dj8B3Stt.mjs';
 import 'crypto';
 import 'path';
 import 'url';
-import 'nanoid';
 import 'dotenv';
-import './loader-CePOf74i.mjs';
+import 'nanoid';
+import './loader-CE4HSRN4.mjs';
 import 'package-directory';
 import 'yaml';
 import 'execa';
@@ -25,7 +27,7 @@ import 'https';
 import 'stream';
 import 'process';
 import 'node:fs';
-import './sdk-stream-mixin-DCdC70Up.mjs';
+import './sdk-stream-mixin-BDitDomf.mjs';
 
 const defaultSSOOIDCHttpAuthSchemeParametersProvider = async (config, context, input) => {
     return {

package/dist/chunks/{index-BNcKuiBy.mjs → index-BCVlyd0W.mjs}

@@ -1,5 +1,7 @@
-import { d as definePlugin } from './readMergedOptions-DLBDzpXX.mjs';
+import { d as definePlugin } from './readMergedOptions-DLRFU2qO.mjs';
 import 'execa';
+import 'radash';
+import 'node:buffer';
 import 'fs-extra';
 import 'node:path';
 import crypto$1, { createHmac, createHash } from 'crypto';
@@ -8,7 +10,7 @@ import 'url';
 import '@commander-js/extra-typings';
 import 'nanoid';
 import 'dotenv';
-import './loader-CePOf74i.mjs';
+import './loader-CE4HSRN4.mjs';
 import 'package-directory';
 import 'yaml';
 import 'zod';
@@ -2182,7 +2184,7 @@ class HttpProtocol extends SerdeContext {
         });
     }
     async loadEventStreamCapability() {
-        const { EventStreamSerde } = await import('./index-B18W-ELX.mjs');
+        const { EventStreamSerde } = await import('./index-CR4cJOVz.mjs');
         return new EventStreamSerde({
             marshaller: this.getEventStreamMarshaller(),
             serializer: this.serializer,
@@ -8483,10 +8485,10 @@ const fromEnv = (init) => async () => {
 
 const ENV_IMDS_DISABLED$1 = "AWS_EC2_METADATA_DISABLED";
 const remoteProvider = async (init) => {
-    const { ENV_CMDS_FULL_URI, ENV_CMDS_RELATIVE_URI, fromContainerMetadata, fromInstanceMetadata } = await import('./index-DtRaL61T.mjs');
+    const { ENV_CMDS_FULL_URI, ENV_CMDS_RELATIVE_URI, fromContainerMetadata, fromInstanceMetadata } = await import('./index-jLjEQoIi.mjs');
     if (process.env[ENV_CMDS_RELATIVE_URI] || process.env[ENV_CMDS_FULL_URI]) {
         init.logger?.debug("@aws-sdk/credential-provider-node - remoteProvider::fromHttp/fromContainerMetadata");
-        const { fromHttp } = await import('./index-CGg5wWCm.mjs');
+        const { fromHttp } = await import('./index-BNWgREzT.mjs');
         return chain(fromHttp(init), fromContainerMetadata(init));
     }
     if (process.env[ENV_IMDS_DISABLED$1] && process.env[ENV_IMDS_DISABLED$1] !== "false") {
@@ -8590,22 +8592,22 @@ const defaultProvider = (init = {}) => memoizeChain([
         if (!ssoStartUrl && !ssoAccountId && !ssoRegion && !ssoRoleName && !ssoSession) {
             throw new CredentialsProviderError("Skipping SSO provider in default chain (inputs do not include SSO fields).", { logger: init.logger });
         }
-        const { fromSSO } = await import('./index-C4Ac6feq.mjs');
+        const { fromSSO } = await import('./index-5AyAFomx.mjs');
         return fromSSO(init)(awsIdentityProperties);
     },
     async (awsIdentityProperties) => {
         init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromIni");
-        const { fromIni } = await import('./index-eZMlmESW.mjs');
+        const { fromIni } = await import('./index-BSO6unyj.mjs');
         return fromIni(init)(awsIdentityProperties);
     },
     async (awsIdentityProperties) => {
         init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromProcess");
-        const { fromProcess } = await import('./index-CYoFYXZv.mjs');
+        const { fromProcess } = await import('./index-BMb3Lxzl.mjs');
         return fromProcess(init)(awsIdentityProperties);
     },
     async (awsIdentityProperties) => {
         init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromTokenFile");
-        const { fromTokenFile } = await import('./index-DLQEHTw4.mjs');
+        const { fromTokenFile } = await import('./index-Be7QY_7N.mjs');
         return fromTokenFile(init)(awsIdentityProperties);
     },
     async () => {
@@ -8778,7 +8780,7 @@ const inferPhysicalRegion = async () => {
     }
     if (!process.env[ENV_IMDS_DISABLED]) {
         try {
-            const { getInstanceMetadataEndpoint, httpRequest } = await import('./index-DtRaL61T.mjs');
+            const { getInstanceMetadataEndpoint, httpRequest } = await import('./index-jLjEQoIi.mjs');
             const endpoint = await getInstanceMetadataEndpoint();
             return (await httpRequest({ ...endpoint, path: IMDS_REGION_PATH })).toString();
         }

package/dist/chunks/{index-CYoFYXZv.mjs → index-BMb3Lxzl.mjs}

@@ -1,21 +1,23 @@
 import { exec } from 'child_process';
 import { promisify } from 'util';
-import { s as setCredentialFeature, C as CredentialsProviderError, k as getProfileName } from './index-BNcKuiBy.mjs';
-import { e as externalDataInterceptor } from './externalDataInterceptor-pqHO-Qmn.mjs';
-import { p as parseKnownFiles } from './parseKnownFiles-B6x1cUmR.mjs';
-import './readMergedOptions-DLBDzpXX.mjs';
+import { s as setCredentialFeature, C as CredentialsProviderError, k as getProfileName } from './index-BCVlyd0W.mjs';
+import { e as externalDataInterceptor } from './externalDataInterceptor-BRIxrVUl.mjs';
+import { p as parseKnownFiles } from './parseKnownFiles-CejYPe7q.mjs';
+import './readMergedOptions-DLRFU2qO.mjs';
 import 'zod';
 import '@commander-js/extra-typings';
-import './overlayEnv-Bqh_kPGA.mjs';
+import './readDotenvCascade-Bymjvyit.mjs';
 import 'fs-extra';
+import 'radash';
+import 'node:buffer';
 import 'node:path';
 import './loadModuleDefault-Dj8B3Stt.mjs';
 import 'crypto';
 import 'path';
 import 'url';
-import 'nanoid';
 import 'dotenv';
-import './loader-CePOf74i.mjs';
+import 'nanoid';
+import './loader-CE4HSRN4.mjs';
 import 'package-directory';
 import 'yaml';
 import 'execa';
@@ -27,7 +29,7 @@ import 'https';
 import 'stream';
 import 'process';
 import 'node:fs';
-import './getSSOTokenFromFile-otmZHSRV.mjs';
+import './getSSOTokenFromFile-TYPZln9_.mjs';
 import 'fs/promises';
 
 const getValidatedProcessCredentials = (profileName, data, profiles) => {

package/dist/chunks/{index-CGg5wWCm.mjs → index-BNWgREzT.mjs}

@@ -1,19 +1,21 @@
 import fs from 'fs/promises';
-import { C as CredentialsProviderError, H as HttpRequest, p as parseRfc3339DateTime, N as NodeHttpHandler, s as setCredentialFeature } from './index-BNcKuiBy.mjs';
-import { s as sdkStreamMixin } from './sdk-stream-mixin-DCdC70Up.mjs';
-import './readMergedOptions-DLBDzpXX.mjs';
+import { C as CredentialsProviderError, H as HttpRequest, p as parseRfc3339DateTime, N as NodeHttpHandler, s as setCredentialFeature } from './index-BCVlyd0W.mjs';
+import { s as sdkStreamMixin } from './sdk-stream-mixin-BDitDomf.mjs';
+import './readMergedOptions-DLRFU2qO.mjs';
 import 'zod';
 import '@commander-js/extra-typings';
-import './overlayEnv-Bqh_kPGA.mjs';
+import './readDotenvCascade-Bymjvyit.mjs';
 import 'fs-extra';
+import 'radash';
+import 'node:buffer';
 import 'node:path';
 import './loadModuleDefault-Dj8B3Stt.mjs';
 import 'crypto';
 import 'path';
 import 'url';
-import 'nanoid';
 import 'dotenv';
-import './loader-CePOf74i.mjs';
+import 'nanoid';
+import './loader-CE4HSRN4.mjs';
 import 'package-directory';
 import 'yaml';
 import 'execa';

package/dist/chunks/{index-eZMlmESW.mjs → index-BSO6unyj.mjs}

@@ -1,21 +1,23 @@
-import { C as CredentialsProviderError, s as setCredentialFeature, u as chain, k as getProfileName, v as readFile, H as HttpRequest } from './index-BNcKuiBy.mjs';
+import { C as CredentialsProviderError, s as setCredentialFeature, u as chain, k as getProfileName, v as readFile, H as HttpRequest } from './index-BCVlyd0W.mjs';
 import { createHash, createPrivateKey, createPublicKey, sign } from 'node:crypto';
 import { promises } from 'node:fs';
 import { homedir } from 'node:os';
 import { dirname, join } from 'node:path';
-import { p as parseKnownFiles } from './parseKnownFiles-B6x1cUmR.mjs';
-import './readMergedOptions-DLBDzpXX.mjs';
+import { p as parseKnownFiles } from './parseKnownFiles-CejYPe7q.mjs';
+import './readMergedOptions-DLRFU2qO.mjs';
 import 'zod';
 import '@commander-js/extra-typings';
-import './overlayEnv-Bqh_kPGA.mjs';
+import './readDotenvCascade-Bymjvyit.mjs';
 import 'fs-extra';
+import 'radash';
+import 'node:buffer';
 import './loadModuleDefault-Dj8B3Stt.mjs';
 import 'crypto';
 import 'path';
 import 'url';
-import 'nanoid';
 import 'dotenv';
-import './loader-CePOf74i.mjs';
+import 'nanoid';
+import './loader-CE4HSRN4.mjs';
 import 'package-directory';
 import 'yaml';
 import 'execa';
@@ -30,19 +32,19 @@ import 'process';
 const resolveCredentialSource = (credentialSource, profileName, logger) => {
     const sourceProvidersMap = {
         EcsContainer: async (options) => {
-            const { fromHttp } = await import('./index-CGg5wWCm.mjs');
-            const { fromContainerMetadata } = await import('./index-DtRaL61T.mjs');
+            const { fromHttp } = await import('./index-BNWgREzT.mjs');
+            const { fromContainerMetadata } = await import('./index-jLjEQoIi.mjs');
             logger?.debug("@aws-sdk/credential-provider-ini - credential_source is EcsContainer");
             return async () => chain(fromHttp(options ?? {}), fromContainerMetadata(options))().then(setNamedProvider);
         },
         Ec2InstanceMetadata: async (options) => {
             logger?.debug("@aws-sdk/credential-provider-ini - credential_source is Ec2InstanceMetadata");
-            const { fromInstanceMetadata } = await import('./index-DtRaL61T.mjs');
+            const { fromInstanceMetadata } = await import('./index-jLjEQoIi.mjs');
             return async () => fromInstanceMetadata(options)().then(setNamedProvider);
         },
         Environment: async (options) => {
             logger?.debug("@aws-sdk/credential-provider-ini - credential_source is Environment");
-            const { fromEnv } = await import('./index-Bi0RIILn.mjs');
+            const { fromEnv } = await import('./index-LKToAIhZ.mjs');
             return async () => fromEnv(options)().then(setNamedProvider);
         },
     };
@@ -84,7 +86,7 @@ const resolveAssumeRoleCredentials = async (profileName, profiles, options, visi
     const profileData = profiles[profileName];
     const { source_profile, region } = profileData;
     if (!options.roleAssumer) {
-        const { getDefaultRoleAssumer } = await import('./index-C6uLiKpC.mjs');
+        const { getDefaultRoleAssumer } = await import('./index-Dz-kRqKN.mjs');
         options.roleAssumer = getDefaultRoleAssumer({
             ...options.clientConfig,
             credentialProviderLogger: options.logger,
@@ -169,7 +171,7 @@ class LoginCredentialsFetcher {
         return this.profileData.login_session;
     }
     async refresh(token) {
-        const { SigninClient, CreateOAuth2TokenCommand } = await import('./index-DFNcs3pR.mjs');
+        const { SigninClient, CreateOAuth2TokenCommand } = await import('./index-G-U0Dimh.mjs');
         const { logger, userAgentAppId } = this.callerClientConfig ?? {};
         const isH2 = (requestHandler) => {
             return requestHandler?.metadata?.handlerProtocol === "h2";
@@ -418,13 +420,13 @@ const resolveLoginCredentials = async (profileName, options) => {
 };
 
 const isProcessProfile = (arg) => Boolean(arg) && typeof arg === "object" && typeof arg.credential_process === "string";
-const resolveProcessCredentials = async (options, profile) => import('./index-CYoFYXZv.mjs').then(({ fromProcess }) => fromProcess({
+const resolveProcessCredentials = async (options, profile) => import('./index-BMb3Lxzl.mjs').then(({ fromProcess }) => fromProcess({
     ...options,
     profile,
 })().then((creds) => setCredentialFeature(creds, "CREDENTIALS_PROFILE_PROCESS", "v")));
 
 const resolveSsoCredentials = async (profile, profileData, options = {}) => {
-    const { fromSSO } = await import('./index-C4Ac6feq.mjs');
+    const { fromSSO } = await import('./index-5AyAFomx.mjs');
     return fromSSO({
         profile,
         logger: options.logger,
@@ -469,7 +471,7 @@ const isWebIdentityProfile = (arg) => Boolean(arg) &&
     typeof arg.web_identity_token_file === "string" &&
     typeof arg.role_arn === "string" &&
     ["undefined", "string"].indexOf(typeof arg.role_session_name) > -1;
-const resolveWebIdentityCredentials = async (profile, options) => import('./index-DLQEHTw4.mjs').then(({ fromTokenFile }) => fromTokenFile({
+const resolveWebIdentityCredentials = async (profile, options) => import('./index-Be7QY_7N.mjs').then(({ fromTokenFile }) => fromTokenFile({
     webIdentityTokenFile: profile.web_identity_token_file,
     roleArn: profile.role_arn,
     roleSessionName: profile.role_session_name,

package/dist/chunks/{index-DLQEHTw4.mjs → index-Be7QY_7N.mjs}

@@ -1,21 +1,23 @@
 import { readFileSync } from 'fs';
-import { e as externalDataInterceptor } from './externalDataInterceptor-pqHO-Qmn.mjs';
-import { C as CredentialsProviderError, s as setCredentialFeature } from './index-BNcKuiBy.mjs';
-import './getSSOTokenFromFile-otmZHSRV.mjs';
+import { e as externalDataInterceptor } from './externalDataInterceptor-BRIxrVUl.mjs';
+import { C as CredentialsProviderError, s as setCredentialFeature } from './index-BCVlyd0W.mjs';
+import './getSSOTokenFromFile-TYPZln9_.mjs';
 import 'fs/promises';
 import 'crypto';
 import 'path';
-import './readMergedOptions-DLBDzpXX.mjs';
+import './readMergedOptions-DLRFU2qO.mjs';
 import 'zod';
 import '@commander-js/extra-typings';
-import './overlayEnv-Bqh_kPGA.mjs';
+import './readDotenvCascade-Bymjvyit.mjs';
 import 'fs-extra';
+import 'radash';
+import 'node:buffer';
 import 'node:path';
 import './loadModuleDefault-Dj8B3Stt.mjs';
 import 'url';
-import 'nanoid';
 import 'dotenv';
-import './loader-CePOf74i.mjs';
+import 'nanoid';
+import './loader-CE4HSRN4.mjs';
 import 'package-directory';
 import 'yaml';
 import 'execa';
@@ -33,7 +35,7 @@ const fromWebToken = (init) => async (awsIdentityProperties) => {
     const { roleArn, roleSessionName, webIdentityToken, providerId, policyArns, policy, durationSeconds } = init;
     let { roleAssumerWithWebIdentity } = init;
     if (!roleAssumerWithWebIdentity) {
-        const { getDefaultRoleAssumerWithWebIdentity } = await import('./index-C6uLiKpC.mjs');
+        const { getDefaultRoleAssumerWithWebIdentity } = await import('./index-Dz-kRqKN.mjs');
         roleAssumerWithWebIdentity = getDefaultRoleAssumerWithWebIdentity({
             ...init.clientConfig,
             credentialProviderLogger: init.logger,

package/dist/chunks/{index-BqZ3PB6c.mjs → index-BzOeGJbq.mjs}

@@ -1,5 +1,7 @@
-import { l as redactTriple, m as maybeWarnEntropy, r as readMergedOptions, g as getDotenvCliOptions2Options, d as definePlugin } from './readMergedOptions-DLBDzpXX.mjs';
+import { camel } from 'radash';
+import { r as readMergedOptions, g as getDotenvCliOptions2Options, d as definePlugin } from './readMergedOptions-DLRFU2qO.mjs';
 import 'execa';
+import 'node:buffer';
 import 'fs-extra';
 import 'node:path';
 import 'crypto';
@@ -8,14 +10,119 @@ import 'url';
 import '@commander-js/extra-typings';
 import 'nanoid';
 import 'dotenv';
-import './loader-CePOf74i.mjs';
+import './loader-CE4HSRN4.mjs';
 import 'package-directory';
 import 'yaml';
 import { z } from 'zod';
-import { b as resolveCommand, c as resolveShell, t as tokenize, s as shouldCapture, r as runCommand, d as buildSpawnEnv } from './spawnEnv-CQwFu7ZJ.mjs';
+import { b as resolveCommand, c as resolveShell, t as tokenize, s as shouldCapture, r as runCommand, d as buildSpawnEnv } from './spawnEnv-5kdIVv0x.mjs';
 import { m as maybePreserveNodeEvalArgv, c as composeNestedEnv, s as stripOne } from './invoke-DuRPU1oC.mjs';
-import { c as dotenvExpandFromProcessEnv } from './overlayEnv-Bqh_kPGA.mjs';
-import { r as resolveCliOptions, b as baseGetDotenvCliOptions } from './resolveCliOptions-_qtsVxda.mjs';
+import { h as dotenvExpandFromProcessEnv } from './readDotenvCascade-Bymjvyit.mjs';
+import { r as resolveCliOptions, b as baseGetDotenvCliOptions } from './resolveCliOptions-C6oeNl9S.mjs';
+
+/** src/diagnostics/entropy.ts
+ * Entropy diagnostics (presentation-only).
+ * - Gated by min length and printable ASCII.
+ * - Warn once per key per run when bits/char \>= threshold.
+ * - Supports whitelist patterns to suppress known-noise keys.
+ */
+const warned = new Set();
+const isPrintableAscii = (s) => /^[\x20-\x7E]+$/.test(s);
+const compile$1 = (patterns) => (patterns ?? []).map((p) => (typeof p === 'string' ? new RegExp(p, 'i') : p));
+const whitelisted = (key, regs) => regs.some((re) => re.test(key));
+const shannonBitsPerChar = (s) => {
+    const freq = new Map();
+    for (const ch of s)
+        freq.set(ch, (freq.get(ch) ?? 0) + 1);
+    const n = s.length;
+    let h = 0;
+    for (const c of freq.values()) {
+        const p = c / n;
+        h -= p * Math.log2(p);
+    }
+    return h;
+};
+/**
+ * Maybe emit a one-line entropy warning for a key.
+ * Caller supplies an `emit(line)` function; the helper ensures once-per-key.
+ */
+const maybeWarnEntropy = (key, value, origin, opts, emit) => {
+    if (!opts || opts.warnEntropy === false)
+        return;
+    if (warned.has(key))
+        return;
+    const v = value ?? '';
+    const minLen = Math.max(0, opts.entropyMinLength ?? 16);
+    const threshold = opts.entropyThreshold ?? 3.8;
+    if (v.length < minLen)
+        return;
+    if (!isPrintableAscii(v))
+        return;
+    const wl = compile$1(opts.entropyWhitelist);
+    if (whitelisted(key, wl))
+        return;
+    const bpc = shannonBitsPerChar(v);
+    if (bpc >= threshold) {
+        warned.add(key);
+        emit(`[entropy] key=${key} score=${bpc.toFixed(2)} len=${String(v.length)} origin=${origin}`);
+    }
+};
+
+const DEFAULT_PATTERNS = [
+    '\\bsecret\\b',
+    '\\btoken\\b',
+    '\\bpass(word)?\\b',
+    '\\bapi[_-]?key\\b',
+    '\\bkey\\b',
+];
+const compile = (patterns) => (patterns && patterns.length > 0 ? patterns : DEFAULT_PATTERNS).map((p) => typeof p === 'string' ? new RegExp(p, 'i') : p);
+const shouldRedactKey = (key, regs) => regs.some((re) => re.test(key));
+const MASK = '[redacted]';
+/**
+ * Redact a single displayed value according to key/patterns.
+ * Returns the original value when redaction is disabled or key is not matched.
+ */
+const redactDisplay = (key, value, opts) => {
+    if (!value)
+        return value;
+    if (!opts?.redact)
+        return value;
+    const regs = compile(opts.redactPatterns);
+    return shouldRedactKey(key, regs) ? MASK : value;
+};
+/**
+ * Produce a shallow redacted copy of an env-like object for display.
+ */
+const redactObject = (obj, opts) => {
+    if (!opts?.redact)
+        return { ...obj };
+    const regs = compile(opts.redactPatterns);
+    const out = {};
+    for (const [k, v] of Object.entries(obj)) {
+        out[k] = v && shouldRedactKey(k, regs) ? MASK : v;
+    }
+    return out;
+};
+/**
+ * Utility to redact three related displayed values (parent/dotenv/final)
+ * consistently for trace lines.
+ */
+const redactTriple = (key, triple, opts) => {
+    if (!opts?.redact)
+        return triple;
+    const regs = compile(opts.redactPatterns);
+    const maskIf = (v) => (v && shouldRedactKey(key, regs) ? MASK : v);
+    const out = {};
+    const p = maskIf(triple.parent);
+    const d = maskIf(triple.dotenv);
+    const f = maskIf(triple.final);
+    if (p !== undefined)
+        out.parent = p;
+    if (d !== undefined)
+        out.dotenv = d;
+    if (f !== undefined)
+        out.final = f;
+    return out;
+};
 
 /**
  * Trace child env composition with redaction and entropy warnings.
@@ -239,8 +346,7 @@ const attachCmdParentInvoker = (cli, options, plugin) => {
             console.error('[getdotenv:alias] install alias option', flags);
         }
         const long = flags.split(/[ ,|]+/).find((f) => f.startsWith('--')) ?? '--cmd';
-        const name = long.replace(/^--/, '');
-        return name.replace(/-([a-z])/g, (_m, c) => c.toUpperCase());
+        return camel(long.replace(/^--/, ''));
     };
     const aliasKey = deriveKey(aliasSpec.flags);
     // Expose the option on the parent (root) command.
@@ -353,8 +459,7 @@ const cmdPlugin = (options = {}) => {
                 : options.optionAlias;
             const deriveKey = (flags) => {
                 const long = flags.split(/[ ,|]+/).find((f) => f.startsWith('--')) ?? '--cmd';
-                const name = long.replace(/^--/, '');
-                return name.replace(/-([a-z])/g, (_m, c) => c.toUpperCase());
+                return camel(long.replace(/^--/, ''));
             };
             const aliasKey = aliasSpec ? deriveKey(aliasSpec.flags) : undefined;
             // Mount is the command ('cmd'); attach default action.
@@ -372,4 +477,4 @@ const cmdPlugin = (options = {}) => {
     return plugin;
 };
 
-export { cmdPlugin as c, traceChildEnv as t };
+export { redactDisplay as a, cmdPlugin as c, maybeWarnEntropy as m, redactObject as r, traceChildEnv as t };

package/dist/chunks/{index-B18W-ELX.mjs → index-CR4cJOVz.mjs}

@@ -1,17 +1,19 @@
-import { t as toUtf8, i as fromUtf8 } from './index-BNcKuiBy.mjs';
-import './readMergedOptions-DLBDzpXX.mjs';
+import { t as toUtf8, i as fromUtf8 } from './index-BCVlyd0W.mjs';
+import './readMergedOptions-DLRFU2qO.mjs';
 import 'zod';
 import '@commander-js/extra-typings';
-import './overlayEnv-Bqh_kPGA.mjs';
+import './readDotenvCascade-Bymjvyit.mjs';
 import 'fs-extra';
+import 'radash';
+import 'node:buffer';
 import 'node:path';
 import './loadModuleDefault-Dj8B3Stt.mjs';
 import 'crypto';
 import 'path';
 import 'url';
-import 'nanoid';
 import 'dotenv';
-import './loader-CePOf74i.mjs';
+import 'nanoid';
+import './loader-CE4HSRN4.mjs';
 import 'package-directory';
 import 'yaml';
 import 'execa';