@puristic/env 1.1.0 → 1.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +6 -6
- package/package.json +2 -2
package/README.md
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
# @puristic/env
|
|
2
2
|
|
|
3
|
-
**
|
|
3
|
+
**A config loader built on one Zod schema — the same schema that powers CI validation, codegen, and a [VSCode editor](https://github.com/radarsu/puristic-env/tree/main/_libs/vscode).**
|
|
4
4
|
|
|
5
|
-
`@puristic/env` loads configuration
|
|
5
|
+
`@puristic/env` loads your configuration at runtime. It merges CLI flags, environment variables, and `.env` files (in that order of precedence), validates the result against a [Zod](https://zod.dev) schema, and decrypts any secrets. The schema is plain TypeScript that your app already imports — not a separate DSL or a cloud API. The same definition also powers the [`purenv` CLI](https://www.npmjs.com/package/@puristic/env-cli) and the VSCode extension, so the three can't drift.
|
|
6
6
|
|
|
7
7
|
## Install
|
|
8
8
|
|
|
@@ -14,7 +14,7 @@ Requires **Node 24+** and `zod` v4.
|
|
|
14
14
|
|
|
15
15
|
## Quickstart
|
|
16
16
|
|
|
17
|
-
Define your configuration once
|
|
17
|
+
Define your configuration once. Export the **raw `ConfigDefinition`** (schema + sources), not the result of `loadConfig(...)`. `loadConfig` loads immediately, so it would fail on encrypted secrets without a key:
|
|
18
18
|
|
|
19
19
|
```ts
|
|
20
20
|
// env.config.ts — the single source of truth
|
|
@@ -46,9 +46,9 @@ const config = loadConfig(definition);
|
|
|
46
46
|
config.server.port; // number
|
|
47
47
|
```
|
|
48
48
|
|
|
49
|
-
Use `createConfig(definition)`
|
|
49
|
+
Use `createConfig(definition)` when you want a handle instead: call `.load()` once in your bootstrap, then `.get()` anywhere. `.get()` throws if called before `.load()`.
|
|
50
50
|
|
|
51
|
-
Nested schema paths map to env var names
|
|
51
|
+
Nested schema paths map to env var names: `["server", "httpsPort"]` → `SERVER_HTTPS_PORT` (and `--server-https-port` for CLI flags):
|
|
52
52
|
|
|
53
53
|
```sh
|
|
54
54
|
# .env
|
|
@@ -72,7 +72,7 @@ DATABASE_URL=encrypted:v1:… # secret — encrypted in place
|
|
|
72
72
|
|
|
73
73
|
## Secrets
|
|
74
74
|
|
|
75
|
-
Mark a field secret with `.meta({ secret: true })`. Its value is encrypted **in place** with the project's public key (`.config/purenv-pub.key`)
|
|
75
|
+
Mark a field secret with `.meta({ secret: true })`. Its value is encrypted **in place** with the project's public key (`.config/purenv-pub.key`), producing an `encrypted:v1:…` envelope sealed with **ML-KEM-512** (a post-quantum KEM) and **AES-256-GCM**. Encryption needs only the public key; loading or decrypting needs the private key. It's fully local, with no cloud account. Generate a keypair with `purenv keygen`.
|
|
76
76
|
|
|
77
77
|
## Learn more
|
|
78
78
|
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@puristic/env",
|
|
3
|
-
"version": "1.
|
|
4
|
-
"description": "
|
|
3
|
+
"version": "1.3.0",
|
|
4
|
+
"description": "A config loader built on one Zod schema — the same schema drives CI validation, codegen, and post-quantum encrypted secrets. No DSL, no cloud.",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"env",
|
|
7
7
|
"dotenv",
|