npm - @saasak/tool-env - Versions diffs - 1.4.0 → 1.5.0 - Mend

@saasak/tool-env 1.4.0 → 1.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/bin/index.js CHANGED Viewed

@@ -5,8 +5,8 @@ import fs from "fs-extra";
 import path from "path";
 import { execa } from "execa";
-import { encrypt, isEncrypted } from "../src/utils-crypto.js";
-import { buildEnv } from "../src/utils-env.js";
+import { encrypt, decrypt, isEncrypted } from "../src/utils-crypto.js";
+import { buildEnv, walkEnvValues } from "../src/utils-env.js";
 import { findMonorepoPackages } from "../src/utils-pkg.js";
 import {
 	resolveTarget,
@@ -14,24 +14,27 @@ import {
 	verifyCanDecrypt,
 	getOutputName,
 	load,
+	findMonorepoRoot,
 } from "../src/core.js";
 const args = minimist(process.argv.slice(2), {
 	"--": true,
 	boolean: ["strict", "expose", "help", "h"],
+	string: ["format", "package"],
 });
-const __root = process.cwd();
+const __cwd = process.cwd();
+const envPath = args.env || ".env.json";
+const __root = findMonorepoRoot(__cwd, envPath) || __cwd;
 let command = args._[0] || "help";
 if (args.help || args.h) command = "help";
 const secret = resolveSecret(args.secret ? `file://${args.secret}` : '');
-const envPath = args.env || ".env.json";
 const envFile = path.resolve(__root, envPath);
 // Check env file exists for commands that need it
-const commandsRequiringEnvFile = ["write", "show", "encrypt", "besafe", "add"];
+const commandsRequiringEnvFile = ["write", "show", "encrypt", "decrypt", "besafe", "add", "get"];
 if (commandsRequiringEnvFile.includes(command) && !fs.existsSync(envFile)) {
 	console.error("No env file found.");
 	process.exit(1);
@@ -46,102 +49,113 @@ if (args.strict && commandsRequiringEnvFile.includes(command)) {
 	}
 }
-async function showCommand() {
-	if (!secret) {
-		console.log(
-			"Secret not provided. Use --secret flag or WRENV_SECRET env variable.",
-		);
-	}
+function loadWorkspace() {
 	const target = resolveTarget(args.target);
-	const envContent = fs.readFileSync(envFile, "utf8");
-	const env = JSON.parse(envContent);
-	const rootPkgPath = path.resolve(__root, "package.json");
-	const rootPkgContent = fs.readFileSync(rootPkgPath, "utf8");
-	const rootPkg = JSON.parse(rootPkgContent);
+	const env = JSON.parse(fs.readFileSync(envFile, "utf8"));
+	const rootPkg = JSON.parse(
+		fs.readFileSync(path.resolve(__root, "package.json"), "utf8"),
+	);
 	const scope = rootPkg.name.split("/")[0];
 	const [_, ...foundPackages] = findMonorepoPackages(__root, scope);
 	const deps = [
 		...foundPackages.filter(Boolean).map((pkg) => ({
 			name: pkg.name.replace(`${scope}/`, ""),
 			dir: pkg.dir,
 		})),
-		{
-			name: "root",
-			dir: __root,
-		},
+		{ name: "root", dir: __root },
 	];
+	const depsName = deps.map((d) => d.name);
+	const allowedEnvs =
+		env?.envs && Array.isArray(env.envs) ? env.envs : ["dev"];
+	return { env, deps, depsName, allowedEnvs, target };
+}
-	const depsName = deps.map((dep) => dep.name);
+function detectCurrentPackage(deps) {
+	for (const dep of deps) {
+		if (dep.name === "root") continue;
+		const depDir = path.resolve(dep.dir);
+		if (__cwd === depDir || __cwd.startsWith(depDir + path.sep)) {
+			return dep.name;
+		}
+	}
+	return null;
+}
-	const allowedEnvs =
-		env && env.envs && Array.isArray(env.envs) ? env.envs : ["dev"];
-	const targetEnv = allowedEnvs.find((env) => env === target);
-	if (!targetEnv) {
+function validateTarget(target, allowedEnvs) {
+	if (!allowedEnvs.includes(target)) {
 		console.error(`Target env "${target}" is not allowed.`);
 		process.exit(1);
 	}
+	return target;
+}
-	const allEnvs = buildEnv(secret, targetEnv, env, depsName);
+function printJson(allEnvs, deps, isSinglePackage) {
+	if (isSinglePackage) {
+		console.log(JSON.stringify(allEnvs[deps[0].name] || {}, null, 2));
+	} else {
+		const out = {};
+		for (const dep of deps) out[dep.name] = allEnvs[dep.name] || {};
+		console.log(JSON.stringify(out, null, 2));
+	}
+}
-	for await (const dep of deps) {
+function printKeyValue(allEnvs, deps, targetEnv) {
+	for (const dep of deps) {
 		const pkgEnv = Object.entries(allEnvs[dep.name] || {})
 			.map(([key, value]) => `${key}=${value}`)
 			.join("\n");
-		console.log("~~~~~~~~~~~~~~~~~~~~~~~~~~~~");
+		console.log("# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~");
 		console.log(
-			`=== ENV for ${dep.name} in ${dep.dir} with target ${targetEnv}`,
+			`# ===> ${dep.name} : in ${dep.dir} with target ${targetEnv}`,
 		);
+		console.log("# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~");
 		console.log(pkgEnv);
 	}
 }
-async function writeCommand() {
+async function showCommand() {
 	if (!secret) {
-		console.log(
+		console.error(
 			"Secret not provided. Use --secret flag or WRENV_SECRET env variable.",
 		);
 	}
-	const target = resolveTarget(args.target);
+	const { env, deps, depsName, allowedEnvs, target } = loadWorkspace();
+	const targetEnv = validateTarget(target, allowedEnvs);
-	const envContent = fs.readFileSync(envFile, "utf8");
-	const env = JSON.parse(envContent);
+	const selectedPkg = args.package || detectCurrentPackage(deps);
+	const filteredDeps = selectedPkg
+		? deps.filter((d) => d.name === selectedPkg)
+		: deps;
+	if (selectedPkg && filteredDeps.length === 0) {
+		console.error(`Package "${selectedPkg}" not found.`);
+		process.exit(1);
+	}
-	const rootPkgPath = path.resolve(__root, "package.json");
-	const rootPkgContent = fs.readFileSync(rootPkgPath, "utf8");
-	const rootPkg = JSON.parse(rootPkgContent);
-	const scope = rootPkg.name.split("/")[0];
+	const allEnvs = buildEnv(secret, targetEnv, env, depsName);
-	const [_, ...foundPackages] = await findMonorepoPackages(__root, scope);
-	const deps = [
-		...foundPackages.map((pkg) => ({
-			name: pkg.name.replace(`${scope}/`, ""),
-			dir: pkg.dir,
-		})),
-		{
-			name: "root",
-			dir: __root,
-		},
-	];
-	const depsName = deps.map((dep) => dep.name);
+	if (args.format === "json") {
+		printJson(allEnvs, filteredDeps, !!selectedPkg);
+	} else {
+		printKeyValue(allEnvs, filteredDeps, targetEnv);
+	}
+}
-	const allowedEnvs =
-		env && env.envs && Array.isArray(env.envs) ? env.envs : ["dev"];
+async function writeCommand() {
+	if (!secret) {
+		console.log(
+			"Secret not provided. Use --secret flag or WRENV_SECRET env variable.",
+		);
+	}
+	const { env, deps, depsName, allowedEnvs, target } = loadWorkspace();
 	// Handle 'all' target: write all environments with suffixed filenames
 	const isAllTarget = target === "all";
 	const targetEnvs = isAllTarget ? allowedEnvs : [target];
 	for (const targetEnv of targetEnvs) {
-		if (!allowedEnvs.includes(targetEnv)) {
-			console.error(`Target env "${targetEnv}" is not allowed.`);
-			process.exit(1);
-		}
+		validateTarget(targetEnv, allowedEnvs);
 		const allEnvs = buildEnv(secret, targetEnv, env, depsName);
@@ -160,8 +174,7 @@ async function writeCommand() {
 }
 async function encryptCommand() {
-	const envContent = fs.readFileSync(envFile, "utf8");
-	const env = JSON.parse(envContent);
+	const env = JSON.parse(fs.readFileSync(envFile, "utf8"));
 	if (!secret) {
 		console.error(
@@ -185,31 +198,65 @@ async function encryptCommand() {
 		process.exit(1);
 	}
-	if (env.variables) {
-		for (const [varName, varValue] of Object.entries(env.variables)) {
-			for (const [envKey, envVal] of Object.entries(varValue)) {
-				if (typeof envVal === "string" && !isEncrypted(envVal)) {
-					env.variables[varName][envKey] = encrypt(envVal, secret);
-				}
-			}
-		}
+	walkEnvValues(
+		env,
+		(v) => typeof v === "string" && !isEncrypted(v),
+		(v) => encrypt(v, secret),
+	);
+	await fs.writeFile(envFile, JSON.stringify(env, null, 2));
+}
+async function decryptCommand() {
+	const env = JSON.parse(fs.readFileSync(envFile, "utf8"));
+	if (!secret) {
+		console.error(
+			"Cannot decrypt env file: secret not provided. Doing nothing",
+		);
+		return;
 	}
-	if (env.overrides) {
-		for (const [pkgName, pkgOverrides] of Object.entries(env.overrides)) {
-			for (const [varName, varValue] of Object.entries(pkgOverrides)) {
-				for (const [envKey, envVal] of Object.entries(varValue)) {
-					if (typeof envVal === "string" && !isEncrypted(envVal)) {
-						env.overrides[pkgName][varName][envKey] = encrypt(envVal, secret);
-					}
-				}
-			}
-		}
+	const verification = verifyCanDecrypt(env, secret);
+	if (!verification.success) {
+		console.error(
+			`Cannot decrypt: the provided secret cannot decrypt encrypted value at "${verification.path}".`,
+		);
+		process.exit(1);
 	}
+	walkEnvValues(env, isEncrypted, (v) => decrypt(v, secret));
 	await fs.writeFile(envFile, JSON.stringify(env, null, 2));
 }
+async function getCommand() {
+	const varName = args._[1];
+	if (!varName) {
+		console.error("Variable name is required.");
+		process.exit(1);
+	}
+	const { env, deps, depsName, allowedEnvs, target } = loadWorkspace();
+	const targetEnv = validateTarget(target, allowedEnvs);
+	const selectedPkg = args.package || detectCurrentPackage(deps) || "root";
+	if (!depsName.includes(selectedPkg)) {
+		console.error(`Package "${selectedPkg}" not found.`);
+		process.exit(1);
+	}
+	const allEnvs = buildEnv(secret, targetEnv, env, depsName);
+	const pkgEnv = allEnvs[selectedPkg] || {};
+	if (!Object.prototype.hasOwnProperty.call(pkgEnv, varName)) {
+		console.error(`Variable "${varName}" not found.`);
+		process.exit(1);
+	}
+	process.stdout.write(pkgEnv[varName]);
+}
 async function besafeCommand() {
 	// Find git root to ensure we're in a repository and use correct base path
 	const { stdout: gitRoot, exitCode: gitCheck } = await execa(
@@ -346,10 +393,16 @@ function helpCommand() {
 	console.log(
 		"  encrypt        Encrypt all unencrypted variables in .env.json",
 	);
+	console.log(
+		"  decrypt        Decrypt all encrypted variables in .env.json",
+	);
 	console.log("  besafe         Encrypt and stage .env.json if it has changes");
 	console.log(
 		"  add <var>      Add a new variable with environment-specific values",
 	);
+	console.log(
+		"  get <var>      Get the value of a specific variable",
+	);
 	console.log("  help           Show this help message\n");
 	console.log("Options:");
 	console.log(
@@ -362,7 +415,13 @@ function helpCommand() {
 		"  --env <path>           Path to env file (default: .env.json)",
 	);
 	console.log(
-		"  --strict               Error if encrypted values cannot be decrypted\n",
+		"  --strict               Error if encrypted values cannot be decrypted",
+	);
+	console.log(
+		"  --format <fmt>         Output format for show (json)",
+	);
+	console.log(
+		"  --package <name>       Show/get variables for a specific package\n",
 	);
 	console.log("Environment Variables:");
 	console.log("  WRENV_SECRET           Secret for encryption/decryption");
@@ -373,6 +432,8 @@ function helpCommand() {
 	console.log("  wrenv --secret ~/.big-secret write --target dev");
 	console.log("  wrenv --secret stdin write < ~/.big-secret");
 	console.log("  wrenv show --target prod");
+	console.log("  wrenv show --format json --package root");
+	console.log("  wrenv get API_URL --target prod --package pkg-a");
 	console.log("  wrenv run --target prod -- node server.js");
 	console.log("  wrenv run -- npm test --coverage");
 	console.log(
@@ -388,7 +449,9 @@ const commands = {
 	show: showCommand,
 	besafe: besafeCommand,
 	encrypt: encryptCommand,
+	decrypt: decryptCommand,
 	add: addCommand,
+	get: getCommand,
 	run: runCommand,
 	help: helpCommand,
 };

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@saasak/tool-env",
   "license": "MIT",
-  "version": "1.4.0",
+  "version": "1.5.0",
   "author": "dev@saasak.studio",
   "description": "A small util to manage environment variables for your monorepo",
   "keywords": [

package/src/core.js CHANGED Viewed

@@ -265,7 +265,7 @@ export function loadLocalOverrides(cwd = process.cwd()) {
  * @param {string} envPath - Name of the env file (e.g. '.env.json')
  * @returns {string|null} - Path to monorepo root, or null if not found
  */
-function findMonorepoRoot(cwd, envPath) {
+export function findMonorepoRoot(cwd, envPath) {
 	let currentDir = cwd;
 	while (currentDir !== path.dirname(currentDir)) {
@@ -338,7 +338,7 @@ export function loadEnvJson(options = {}) {
 			const rootPkg = JSON.parse(rootPkgContent);
 			scope = rootPkg.name.split("/")[0];
-			const foundPackages = findMonorepoPackages(monorepoRoot, scope);
+			const [, ...foundPackages] = findMonorepoPackages(monorepoRoot, scope);
 			depsName = [
 				...foundPackages.map((pkg) => pkg.name.replace(`${scope}/`, "")),
 				"root",

package/src/utils-env.js CHANGED Viewed

@@ -1,5 +1,23 @@
 import { decrypt, isEncrypted } from "./utils-crypto.js";
+/**
+ * Walk all string values in env.variables and env.overrides,
+ * applying transform when predicate matches. Mutates env in place.
+ * @param {EnvConfig} env
+ * @param {(value: string) => boolean} predicate
+ * @param {(value: string) => string} transform
+ */
+export function walkEnvValues(env, predicate, transform) {
+	for (const varValue of Object.values(env.variables || {}))
+		for (const [envKey, envVal] of Object.entries(varValue))
+			if (predicate(envVal)) varValue[envKey] = transform(envVal);
+	for (const pkgOverrides of Object.values(env.overrides || {}))
+		for (const varValue of Object.values(pkgOverrides))
+			for (const [envKey, envVal] of Object.entries(varValue))
+				if (predicate(envVal)) varValue[envKey] = transform(envVal);
+}
 /**
  * Environment-specific values for a single variable.
  * Keys are environment names (e.g. 'dev', 'production') or '@@' for the fallback.