npm - @saasak/tool-env - Versions diffs - 1.2.2 → 1.4.0 - Mend

@saasak/tool-env 1.2.2 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/bin/index.js CHANGED Viewed

@@ -16,10 +16,14 @@ import {
 	load,
 } from "../src/core.js";
-const args = minimist(process.argv.slice(2), { "--": true });
+const args = minimist(process.argv.slice(2), {
+	"--": true,
+	boolean: ["strict", "expose", "help", "h"],
+});
 const __root = process.cwd();
-const command = args._[0] || "write";
+let command = args._[0] || "help";
+if (args.help || args.h) command = "help";
 const secret = resolveSecret(args.secret ? `file://${args.secret}` : '');
@@ -33,6 +37,15 @@ if (commandsRequiringEnvFile.includes(command) && !fs.existsSync(envFile)) {
 	process.exit(1);
 }
+if (args.strict && commandsRequiringEnvFile.includes(command)) {
+	const env = JSON.parse(fs.readFileSync(envFile, "utf8"));
+	const result = verifyCanDecrypt(env, secret);
+	if (!result.success) {
+		console.error(`Strict mode: ${result.error}`);
+		process.exit(1);
+	}
+}
 async function showCommand() {
 	if (!secret) {
 		console.log(
@@ -280,6 +293,7 @@ async function addCommand() {
 async function runCommand() {
 	const commandParts = args["--"] || [];
 	const [cmd, ...cmdArgs] = commandParts;
+	const expose = !!args.expose
 	if (!cmd) {
 		console.error("Usage: wrenv run [options] -- <command> [args...]");
@@ -294,6 +308,8 @@ async function runCommand() {
 			targetEnv: args.target,
 			envPath: args.env,
 			applyToProcess: false,
+			expose,
+			strict: !!args.strict
 		});
 	} catch (error) {
 		console.error(`wrenv: ${error.message}`);
@@ -320,7 +336,7 @@ async function runCommand() {
 function helpCommand() {
 	console.log("Usage: wrenv [command] [options]\n");
 	console.log("Commands:");
-	console.log("  write          Write .env files for all packages (default)");
+	console.log("  write          Write .env files for all packages");
 	console.log(
 		"  show           Show environment variables without writing files",
 	);
@@ -343,7 +359,10 @@ function helpCommand() {
 		"  --target <env>         Target environment (dev, staging, prod, all)",
 	);
 	console.log(
-		"  --env <path>           Path to env file (default: .env.json)\n",
+		"  --env <path>           Path to env file (default: .env.json)",
+	);
+	console.log(
+		"  --strict               Error if encrypted values cannot be decrypted\n",
 	);
 	console.log("Environment Variables:");
 	console.log("  WRENV_SECRET           Secret for encryption/decryption");

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@saasak/tool-env",
   "license": "MIT",
-  "version": "1.2.2",
+  "version": "1.4.0",
   "author": "dev@saasak.studio",
   "description": "A small util to manage environment variables for your monorepo",
   "keywords": [

package/src/core.js CHANGED Viewed

@@ -16,6 +16,8 @@ import { findMonorepoPackages } from "./utils-pkg.js";
  * @property {string} [envPath] - Path to env.json file (default: '.env.json')
  * @property {string} [cwd] - Working directory (default: process.cwd())
  * @property {boolean} [applyToProcess] - Whether to apply to process.env (default: true)
+ * @property {boolean} [expose] - wether to expose the secret or not
+ * @property {boolean} [strict] - Error if encrypted values cannot be decrypted
  */
 /**
@@ -24,6 +26,8 @@ import { findMonorepoPackages } from "./utils-pkg.js";
  * @property {string} [targetEnv] - Target environment
  * @property {string} [envPath] - Path to env.json file (default: '.env.json')
  * @property {string} [cwd] - Working directory (default: process.cwd())
+ * @property {boolean} [expose] - wether to expose the secret or not
+ * @property {boolean} [strict] - Error if encrypted values cannot be decrypted
  */
 /**
@@ -288,6 +292,8 @@ export function loadEnvJson(options = {}) {
 		secret: secretParam,
 		envPath = ".env.json",
 		cwd = process.cwd(),
+		expose = false,
+		strict = false
 	} = options;
 	const secret = resolveSecret(secretParam);
@@ -303,6 +309,13 @@ export function loadEnvJson(options = {}) {
 	const envContent = fs.readFileSync(envFile, "utf8");
 	const env = JSON.parse(envContent);
+	if (strict) {
+		const result = verifyCanDecrypt(env, secret);
+		if (!result.success) {
+			throw new Error(`Strict mode: ${result.error}`);
+		}
+	}
 	const allowedEnvs =
 		env && env.envs && Array.isArray(env.envs) ? env.envs : [DEFAULT_ENV];
 	const resolvedTarget = allowedEnvs.find((e) => e === targetEnv);
@@ -341,7 +354,13 @@ export function loadEnvJson(options = {}) {
 	const currentPackageName = findNearestPackageName(cwd, scope);
 	// Return env for current package (with fallback to root)
-	return allEnvs[currentPackageName] || allEnvs.root || {};
+	const finalEnv = allEnvs[currentPackageName] || allEnvs.root || {};
+	return expose ? {
+		...finalEnv,
+		WRENV_TARGET: resolvedTarget,
+		WRENV_SECRET: secret
+	} : finalEnv;
 }
 /**
@@ -369,6 +388,8 @@ export function load(options = {}) {
 		envPath,
 		cwd = process.cwd(),
 		applyToProcess = true,
+		expose = false,
+		strict = false
 	} = options;
 	// Resolve target first to determine if we're in dev mode
@@ -380,6 +401,8 @@ export function load(options = {}) {
 		targetEnv: resolvedTarget,
 		envPath,
 		cwd,
+		expose,
+		strict
 	});
 	// Load .env.local overrides only in dev mode (security: prevent local overrides in production)
@@ -398,10 +421,12 @@ export function load(options = {}) {
 	}
 	// - Reserved vars (WRENV_*, TARGET_*) are never injected
-	// - NODE_ENV is only injected if not already set
-	for (const key of RESERVED_ENV_VARS) {
-		delete finalConfig[key];
+	if (!expose) {
+		for (const key of RESERVED_ENV_VARS) {
+			delete finalConfig[key];
+		}
 	}
+	// - NODE_ENV is only injected if not already set
 	if (process.env.NODE_ENV) {
 		delete finalConfig.NODE_ENV;
 	}
@@ -433,10 +458,6 @@ export function verifyCanDecrypt(env, secret) {
 	/** @type {EncryptedValueInfo[]} */
 	const encryptedValues = [];
-	if (!secret) {
-		return { success: false, path: null, error: "No secret provided" };
-	}
 	// Collect all encrypted values from variables
 	if (env.variables) {
 		for (const [varName, varValue] of Object.entries(env.variables)) {
@@ -472,6 +493,10 @@ export function verifyCanDecrypt(env, secret) {
 		return { success: true };
 	}
+	if (!secret) {
+		return { success: false, path: null, error: "No secret provided" };
+	}
 	// Try to decrypt each encrypted value
 	for (const { path, value } of encryptedValues) {
 		try {

package/src/index.d.ts CHANGED Viewed

@@ -12,6 +12,10 @@ export interface LoadOptions {
   cwd?: string;
   /** Whether to apply resolved vars to process.env (default: true) */
   applyToProcess?: boolean;
+  /** Whether to expose WRENV_TARGET and WRENV_SECRET in the output (default: false) */
+  expose?: boolean;
+  /** Error if encrypted values cannot be decrypted (default: false) */
+  strict?: boolean;
 }
 /**
@@ -28,6 +32,10 @@ export function loadEnvJson(options?: {
   targetEnv?: string;
   envPath?: string;
   cwd?: string;
+  /** Whether to expose WRENV_TARGET and WRENV_SECRET in the output (default: false) */
+  expose?: boolean;
+  /** Error if encrypted values cannot be decrypted (default: false) */
+  strict?: boolean;
 }): EnvRecord;
 /** Load .env.local overrides if the file exists */