dotenv-diff 2.3.4 → 2.3.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +30 -2
- package/dist/src/commands/scanUsage.d.ts.map +1 -1
- package/dist/src/commands/scanUsage.js +19 -4
- package/dist/src/commands/scanUsage.js.map +1 -1
- package/dist/src/config/types.d.ts +7 -2
- package/dist/src/config/types.d.ts.map +1 -1
- package/dist/src/config/types.js +2 -0
- package/dist/src/config/types.js.map +1 -1
- package/dist/src/core/envValidator.d.ts +9 -0
- package/dist/src/core/envValidator.d.ts.map +1 -0
- package/dist/src/core/envValidator.js +103 -0
- package/dist/src/core/envValidator.js.map +1 -0
- package/dist/src/core/exampleSecretDetector.d.ts +8 -0
- package/dist/src/core/exampleSecretDetector.d.ts.map +1 -0
- package/dist/src/core/exampleSecretDetector.js +56 -0
- package/dist/src/core/exampleSecretDetector.js.map +1 -0
- package/dist/src/core/frameworkDetector.d.ts +11 -0
- package/dist/src/core/frameworkDetector.d.ts.map +1 -0
- package/dist/src/core/frameworkDetector.js +38 -0
- package/dist/src/core/frameworkDetector.js.map +1 -0
- package/dist/src/core/frameworkValidator.d.ts +11 -0
- package/dist/src/core/frameworkValidator.d.ts.map +1 -0
- package/dist/src/core/frameworkValidator.js +14 -0
- package/dist/src/core/frameworkValidator.js.map +1 -0
- package/dist/src/core/frameworks/angularRules.d.ts +4 -0
- package/dist/src/core/frameworks/angularRules.d.ts.map +1 -0
- package/dist/src/core/frameworks/index.d.ts +3 -0
- package/dist/src/core/frameworks/index.d.ts.map +1 -0
- package/dist/src/core/frameworks/index.js +3 -0
- package/dist/src/core/frameworks/index.js.map +1 -0
- package/dist/src/core/frameworks/nextJsRules.d.ts +9 -0
- package/dist/src/core/frameworks/nextJsRules.d.ts.map +1 -0
- package/dist/src/core/frameworks/nextJsRules.js +48 -0
- package/dist/src/core/frameworks/nextJsRules.js.map +1 -0
- package/dist/src/core/frameworks/sveltekitRules.d.ts +9 -0
- package/dist/src/core/frameworks/sveltekitRules.d.ts.map +1 -0
- package/dist/src/core/frameworks/sveltekitRules.js +99 -0
- package/dist/src/core/frameworks/sveltekitRules.js.map +1 -0
- package/dist/src/core/processComparisonFile.d.ts +1 -0
- package/dist/src/core/processComparisonFile.d.ts.map +1 -1
- package/dist/src/core/processComparisonFile.js +10 -0
- package/dist/src/core/processComparisonFile.js.map +1 -1
- package/dist/src/core/secretDetectors.d.ts +2 -0
- package/dist/src/core/secretDetectors.d.ts.map +1 -1
- package/dist/src/core/secretDetectors.js +2 -2
- package/dist/src/core/secretDetectors.js.map +1 -1
- package/dist/src/index.js +0 -6
- package/dist/src/index.js.map +1 -1
- package/dist/src/services/codeBaseScanner.js +1 -1
- package/dist/src/services/codeBaseScanner.js.map +1 -1
- package/dist/src/services/scanOutputToConsole.d.ts.map +1 -1
- package/dist/src/services/scanOutputToConsole.js +15 -2
- package/dist/src/services/scanOutputToConsole.js.map +1 -1
- package/dist/src/ui/scan/printEnvWarnings.d.ts +8 -0
- package/dist/src/ui/scan/printEnvWarnings.d.ts.map +1 -0
- package/dist/src/ui/scan/printEnvWarnings.js +20 -0
- package/dist/src/ui/scan/printEnvWarnings.js.map +1 -0
- package/dist/src/ui/scan/printExampleWarnings.d.ts +8 -0
- package/dist/src/ui/scan/printExampleWarnings.d.ts.map +1 -0
- package/dist/src/ui/scan/printExampleWarnings.js +20 -0
- package/dist/src/ui/scan/printExampleWarnings.js.map +1 -0
- package/dist/src/ui/scan/printFrameworkWarnings.d.ts +8 -0
- package/dist/src/ui/scan/printFrameworkWarnings.d.ts.map +1 -0
- package/dist/src/ui/scan/printFrameworkWarnings.js +20 -0
- package/dist/src/ui/scan/printFrameworkWarnings.js.map +1 -0
- package/dist/src/ui/scan/printStats.d.ts +2 -1
- package/dist/src/ui/scan/printStats.d.ts.map +1 -1
- package/dist/src/ui/scan/printStats.js +2 -2
- package/dist/src/ui/scan/printStats.js.map +1 -1
- package/dist/src/ui/shared/printStrictModeError.d.ts +2 -0
- package/dist/src/ui/shared/printStrictModeError.d.ts.map +1 -1
- package/dist/src/ui/shared/printStrictModeError.js +4 -0
- package/dist/src/ui/shared/printStrictModeError.js.map +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -4,8 +4,8 @@
|
|
|
4
4
|
|
|
5
5
|
Scan your codebase to detect which environment variables are used in your code.
|
|
6
6
|
|
|
7
|
-
Optimized for SvelteKit. </br>
|
|
8
|
-
Also works well in modern JavaScript/TypeScript projects and frameworks like Node.js,
|
|
7
|
+
Optimized for SvelteKit and Next.js. </br>
|
|
8
|
+
Also works well in modern JavaScript/TypeScript projects and frameworks like Node.js, Nuxt, and Vue — or any other setup where you want reliable .env file comparison / scanning.
|
|
9
9
|
|
|
10
10
|
[](https://www.npmjs.com/package/dotenv-diff)
|
|
11
11
|
[](https://www.npmjs.com/package/dotenv-diff)
|
|
@@ -82,6 +82,34 @@ You can use the `--strict` flag to treat all warnings as errors. This is useful
|
|
|
82
82
|
dotenv-diff --strict
|
|
83
83
|
```
|
|
84
84
|
|
|
85
|
+
## Sveltekit and Next.js specific warnings
|
|
86
|
+
|
|
87
|
+
When scanning a SvelteKit project, `dotenv-diff` will warn you about environment variables that are used wrong in sveltekit or Next.js depending on which framework is detected.
|
|
88
|
+
|
|
89
|
+
for example, if you have `const key = import.meta.env.API_KEY` in a +page.svelte file, you will get a warning to use `VITE_` prefix for client-side usage.
|
|
90
|
+
|
|
91
|
+
You would likely see this waring:
|
|
92
|
+
|
|
93
|
+
```bash
|
|
94
|
+
Environment variable usage issues:
|
|
95
|
+
- PUBLIC_URL (src\routes\+page.ts:1) → Variables accessed through import.meta.env must start with "VITE_"
|
|
96
|
+
```
|
|
97
|
+
|
|
98
|
+
This will help you avoid runtime errors due to misconfigured environment variables in SvelteKit and Next.js projects.
|
|
99
|
+
|
|
100
|
+
## Detect potential secrets in your .env.example file
|
|
101
|
+
|
|
102
|
+
When you run `dotenv-diff` it will also scan your `.env.example` file for potential secrets, such as API keys or passwords.
|
|
103
|
+
|
|
104
|
+
for example:
|
|
105
|
+
|
|
106
|
+
```bash
|
|
107
|
+
Potential real secrets found in .env.example:
|
|
108
|
+
- API_KEY = "sk_test_4eC39HqLyjWDarjtT1zdp7dc" → Value in .env.example matches a known provider key pattern [high]
|
|
109
|
+
```
|
|
110
|
+
|
|
111
|
+
This helps you avoid accidentally committing sensitive information through your example files.
|
|
112
|
+
|
|
85
113
|
## ignore specific warnings
|
|
86
114
|
|
|
87
115
|
You can use the `dotenv-diff-ignore` comment to ignore specific lines from secret detection. For example:
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scanUsage.d.ts","sourceRoot":"","sources":["../../../src/commands/scanUsage.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,gBAAgB,EAGjB,MAAM,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"scanUsage.d.ts","sourceRoot":"","sources":["../../../src/commands/scanUsage.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,gBAAgB,EAGjB,MAAM,oBAAoB,CAAC;AA4E5B;;;;;;;;;;;GAWG;AACH,wBAAsB,SAAS,CAC7B,IAAI,EAAE,gBAAgB,GACrB,OAAO,CAAC;IAAE,aAAa,EAAE,OAAO,CAAA;CAAE,CAAC,CAkHrC"}
|
|
@@ -6,6 +6,8 @@ import { printMissingExample } from '../ui/scan/printMissingExample.js';
|
|
|
6
6
|
import { processComparisonFile } from '../core/processComparisonFile.js';
|
|
7
7
|
import { printComparisonError } from '../ui/scan/printComparisonError.js';
|
|
8
8
|
import { hasIgnoreComment } from '../core/secretDetectors.js';
|
|
9
|
+
import { frameworkValidator } from '../core/frameworkValidator.js';
|
|
10
|
+
import { detectSecretsInExample } from '../core/exampleSecretDetector.js';
|
|
9
11
|
/**
|
|
10
12
|
* Filters out commented usages from the list.
|
|
11
13
|
* Skipping comments:
|
|
@@ -56,6 +58,7 @@ function calculateStats(scanResult) {
|
|
|
56
58
|
filesScanned: scanResult.stats.filesScanned,
|
|
57
59
|
totalUsages: scanResult.used.length,
|
|
58
60
|
uniqueVariables,
|
|
61
|
+
duration: scanResult.stats.duration,
|
|
59
62
|
};
|
|
60
63
|
return scanResult;
|
|
61
64
|
}
|
|
@@ -80,13 +83,17 @@ export async function scanUsage(opts) {
|
|
|
80
83
|
scanResult.used = skipCommentedUsages(scanResult.used);
|
|
81
84
|
// Measure duration
|
|
82
85
|
const endTime = performance.now();
|
|
83
|
-
scanResult.duration = (endTime - startTime) / 1000; // Convert to seconds
|
|
86
|
+
scanResult.stats.duration = (endTime - startTime) / 1000; // Convert to seconds
|
|
84
87
|
// Recalculate stats after filtering
|
|
85
88
|
calculateStats(scanResult);
|
|
86
89
|
// If user explicitly passed --example flag, but the file doesn't exist:
|
|
87
90
|
if (printMissingExample(opts)) {
|
|
88
91
|
return { exitWithError: true };
|
|
89
92
|
}
|
|
93
|
+
const frameworkWarnings = frameworkValidator(scanResult.used, opts.cwd);
|
|
94
|
+
if (frameworkWarnings.length > 0) {
|
|
95
|
+
scanResult.frameworkWarnings = frameworkWarnings;
|
|
96
|
+
}
|
|
90
97
|
// Determine which file to compare against
|
|
91
98
|
const compareFile = determineComparisonFile(opts);
|
|
92
99
|
let envVariables = {};
|
|
@@ -115,6 +122,9 @@ export async function scanUsage(opts) {
|
|
|
115
122
|
removedDuplicates = result.removedDuplicates;
|
|
116
123
|
fixedKeys = result.addedEnv;
|
|
117
124
|
gitignoreUpdated = result.gitignoreUpdated;
|
|
125
|
+
if (result.exampleFull && result.comparedAgainst === '.env.example') {
|
|
126
|
+
scanResult.exampleWarnings = detectSecretsInExample(result.exampleFull);
|
|
127
|
+
}
|
|
118
128
|
}
|
|
119
129
|
}
|
|
120
130
|
// JSON output
|
|
@@ -122,16 +132,21 @@ export async function scanUsage(opts) {
|
|
|
122
132
|
const jsonOutput = createJsonOutput(scanResult, opts, comparedAgainst, Object.keys(envVariables).length);
|
|
123
133
|
console.log(JSON.stringify(jsonOutput, null, 2));
|
|
124
134
|
// Check for high severity secrets
|
|
125
|
-
const hasHighSeveritySecrets = (scanResult.secrets ?? []).some(s => s.severity === 'high');
|
|
135
|
+
const hasHighSeveritySecrets = (scanResult.secrets ?? []).some((s) => s.severity === 'high');
|
|
136
|
+
// Check for high potential secrets in example warnings
|
|
137
|
+
const hasHighSeverityExampleWarnings = (scanResult.exampleWarnings ?? []).some((w) => w.severity === 'high');
|
|
126
138
|
return {
|
|
127
139
|
exitWithError: scanResult.missing.length > 0 ||
|
|
128
140
|
duplicatesFound ||
|
|
129
141
|
hasHighSeveritySecrets ||
|
|
130
|
-
|
|
142
|
+
hasHighSeverityExampleWarnings ||
|
|
143
|
+
!!((opts.strict &&
|
|
131
144
|
(scanResult.unused.length > 0 ||
|
|
132
145
|
(scanResult.duplicates?.env?.length ?? 0) > 0 ||
|
|
133
146
|
(scanResult.duplicates?.example?.length ?? 0) > 0 ||
|
|
134
|
-
(scanResult.secrets?.length ?? 0) > 0))
|
|
147
|
+
(scanResult.secrets?.length ?? 0) > 0)) ||
|
|
148
|
+
(scanResult.exampleWarnings?.length ?? 0) > 0 ||
|
|
149
|
+
(scanResult.frameworkWarnings?.length ?? 0) > 0),
|
|
135
150
|
};
|
|
136
151
|
}
|
|
137
152
|
// Console output
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scanUsage.js","sourceRoot":"","sources":["../../../src/commands/scanUsage.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,gCAAgC,CAAC;AAM9D,OAAO,EAAE,uBAAuB,EAAE,MAAM,oCAAoC,CAAC;AAC7E,OAAO,EAAE,eAAe,EAAE,MAAM,oCAAoC,CAAC;AACrE,OAAO,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAC7D,OAAO,EAAE,mBAAmB,EAAE,MAAM,mCAAmC,CAAC;AACxE,OAAO,EAAE,qBAAqB,EAAE,MAAM,kCAAkC,CAAC;AACzE,OAAO,EAAE,oBAAoB,EAAE,MAAM,oCAAoC,CAAC;AAC1E,OAAO,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;
|
|
1
|
+
{"version":3,"file":"scanUsage.js","sourceRoot":"","sources":["../../../src/commands/scanUsage.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,gCAAgC,CAAC;AAM9D,OAAO,EAAE,uBAAuB,EAAE,MAAM,oCAAoC,CAAC;AAC7E,OAAO,EAAE,eAAe,EAAE,MAAM,oCAAoC,CAAC;AACrE,OAAO,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAC7D,OAAO,EAAE,mBAAmB,EAAE,MAAM,mCAAmC,CAAC;AACxE,OAAO,EAAE,qBAAqB,EAAE,MAAM,kCAAkC,CAAC;AACzE,OAAO,EAAE,oBAAoB,EAAE,MAAM,oCAAoC,CAAC;AAC1E,OAAO,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AAC9D,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AACnE,OAAO,EAAE,sBAAsB,EAAE,MAAM,kCAAkC,CAAC;AAE1E;;;;;;;;;;GAUG;AACH,SAAS,mBAAmB,CAAC,MAAkB;IAC7C,IAAI,iBAAiB,GAAG,KAAK,CAAC;IAC9B,IAAI,iBAAiB,GAAG,KAAK,CAAC;IAE9B,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;QACzB,IAAI,CAAC,CAAC,CAAC,OAAO;YAAE,OAAO,IAAI,CAAC;QAC5B,MAAM,IAAI,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QAE9B,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;YAAE,iBAAiB,GAAG,IAAI,CAAC;QACpD,IAAI,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACzB,iBAAiB,GAAG,KAAK,CAAC;YAC1B,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,uDAAuD,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACvE,iBAAiB,GAAG,IAAI,CAAC;YACzB,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,qDAAqD,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACrE,iBAAiB,GAAG,KAAK,CAAC;YAC1B,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,iBAAiB;YAAE,OAAO,KAAK,CAAC;QAEpC,OAAO,CACL,CAAC,iBAAiB;YAClB,CAAC,+BAA+B,CAAC,IAAI,CAAC,IAAI,CAAC;YAC3C,CAAC,gBAAgB,CAAC,IAAI,CAAC,CACxB,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;;GAIG;AACH,SAAS,cAAc,CAAC,UAAsB;IAC5C,MAAM,eAAe,GAAG,IAAI,GAAG,CAC7B,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAW,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CACjD,CAAC,IAAI,CAAC;IAEP,UAAU,CAAC,KAAK,GAAG;QACjB,YAAY,EAAE,UAAU,CAAC,KAAK,CAAC,YAAY;QAC3C,WAAW,EAAE,UAAU,CAAC,IAAI,CAAC,MAAM;QACnC,eAAe;QACf,QAAQ,EAAE,UAAU,CAAC,KAAK,CAAC,QAAQ;KACpC,CAAC;IAEF,OAAO,UAAU,CAAC;AACpB,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,IAAsB;IAEtB,wBAAwB;IACxB,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;IAEpC,oBAAoB;IACpB,IAAI,UAAU,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,CAAC;IAE1C,8BAA8B;IAC9B,UAAU,CAAC,IAAI,GAAG,mBAAmB,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;IAEvD,mBAAmB;IACnB,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;IAClC,UAAU,CAAC,KAAK,CAAC,QAAQ,GAAG,CAAC,OAAO,GAAG,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,qBAAqB;IAE/E,oCAAoC;IACpC,cAAc,CAAC,UAAU,CAAC,CAAC;IAE3B,wEAAwE;IACxE,IAAI,mBAAmB,CAAC,IAAI,CAAC,EAAE,CAAC;QAC9B,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;IACjC,CAAC;IAED,MAAM,iBAAiB,GAAG,kBAAkB,CAAC,UAAU,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;IACxE,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACjC,UAAU,CAAC,iBAAiB,GAAG,iBAAiB,CAAC;IACnD,CAAC;IAED,0CAA0C;IAC1C,MAAM,WAAW,GAAG,uBAAuB,CAAC,IAAI,CAAC,CAAC;IAClD,IAAI,YAAY,GAAuC,EAAE,CAAC;IAC1D,IAAI,eAAe,GAAG,EAAE,CAAC;IACzB,IAAI,eAAe,GAAG,KAAK,CAAC;IAE5B,iDAAiD;IACjD,IAAI,UAAU,GAAG,KAAK,CAAC;IACvB,IAAI,SAAS,GAAa,EAAE,CAAC;IAC7B,IAAI,iBAAiB,GAAa,EAAE,CAAC;IACrC,IAAI,gBAAgB,GAAG,KAAK,CAAC;IAE7B,0CAA0C;IAC1C,0FAA0F;IAC1F,IAAI,WAAW,EAAE,CAAC;QAChB,MAAM,MAAM,GAAG,qBAAqB,CAAC,UAAU,EAAE,WAAW,EAAE,IAAI,CAAC,CAAC;QAEpE,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YACjB,MAAM,EAAE,IAAI,EAAE,GAAG,oBAAoB,CACnC,MAAM,CAAC,KAAK,CAAC,OAAO,EACpB,MAAM,CAAC,KAAK,CAAC,UAAU,EACvB,IAAI,CAAC,IAAI,IAAI,KAAK,CACnB,CAAC;YACF,IAAI,IAAI;gBAAE,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;QAC3C,CAAC;aAAM,CAAC;YACN,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC;YAC/B,YAAY,GAAG,MAAM,CAAC,YAAY,CAAC;YACnC,eAAe,GAAG,MAAM,CAAC,eAAe,CAAC;YACzC,eAAe,GAAG,MAAM,CAAC,eAAe,CAAC;YACzC,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC;YAC/B,iBAAiB,GAAG,MAAM,CAAC,iBAAiB,CAAC;YAC7C,SAAS,GAAG,MAAM,CAAC,QAAQ,CAAC;YAC5B,gBAAgB,GAAG,MAAM,CAAC,gBAAgB,CAAC;YAE3C,IAAI,MAAM,CAAC,WAAW,IAAI,MAAM,CAAC,eAAe,KAAK,cAAc,EAAE,CAAC;gBACpE,UAAU,CAAC,eAAe,GAAG,sBAAsB,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;YAC1E,CAAC;QACH,CAAC;IACH,CAAC;IAED,cAAc;IACd,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,MAAM,UAAU,GAAG,gBAAgB,CACjC,UAAU,EACV,IAAI,EACJ,eAAe,EACf,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,MAAM,CACjC,CAAC;QACF,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAEjD,kCAAkC;QAClC,MAAM,sBAAsB,GAAG,CAAC,UAAU,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,IAAI,CAC5D,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAC7B,CAAC;QAEF,uDAAuD;QACvD,MAAM,8BAA8B,GAAG,CACrC,UAAU,CAAC,eAAe,IAAI,EAAE,CACjC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC;QAErC,OAAO;YACL,aAAa,EACX,UAAU,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC;gBAC7B,eAAe;gBACf,sBAAsB;gBACtB,8BAA8B;gBAC9B,CAAC,CAAC,CACA,CAAC,IAAI,CAAC,MAAM;oBACV,CAAC,UAAU,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC;wBAC3B,CAAC,UAAU,CAAC,UAAU,EAAE,GAAG,EAAE,MAAM,IAAI,CAAC,CAAC,GAAG,CAAC;wBAC7C,CAAC,UAAU,CAAC,UAAU,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC,CAAC,GAAG,CAAC;wBACjD,CAAC,UAAU,CAAC,OAAO,EAAE,MAAM,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;oBAC3C,CAAC,UAAU,CAAC,eAAe,EAAE,MAAM,IAAI,CAAC,CAAC,GAAG,CAAC;oBAC7C,CAAC,UAAU,CAAC,iBAAiB,EAAE,MAAM,IAAI,CAAC,CAAC,GAAG,CAAC,CAChD;SACJ,CAAC;IACJ,CAAC;IAED,iBAAiB;IACjB,MAAM,MAAM,GAAG,eAAe,CAAC,UAAU,EAAE,IAAI,EAAE,eAAe,EAAE;QAChE,UAAU;QACV,iBAAiB;QACjB,QAAQ,EAAE,SAAS;QACnB,gBAAgB;KACjB,CAAC,CAAC;IAEH,OAAO,EAAE,aAAa,EAAE,MAAM,CAAC,aAAa,IAAI,eAAe,EAAE,CAAC;AACpE,CAAC"}
|
|
@@ -1,4 +1,6 @@
|
|
|
1
1
|
import { type SecretFinding } from '../core/secretDetectors.js';
|
|
2
|
+
import { type frameworkWarning } from '../core/frameworkValidator.js';
|
|
3
|
+
import { type ExampleSecretWarning } from '../core/exampleSecretDetector.js';
|
|
2
4
|
export declare const ALLOWED_CATEGORIES: readonly ["missing", "extra", "empty", "mismatch", "duplicate", "gitignore"];
|
|
3
5
|
export type Category = (typeof ALLOWED_CATEGORIES)[number];
|
|
4
6
|
/** Type representing the options for the comparison
|
|
@@ -97,7 +99,7 @@ export interface EnvUsage {
|
|
|
97
99
|
file: string;
|
|
98
100
|
line: number;
|
|
99
101
|
column: number;
|
|
100
|
-
pattern: 'process.env' | 'import.meta.env' | 'sveltekit' | 'deno' | 'next' | 'nuxt' | 'php';
|
|
102
|
+
pattern: 'process.env' | 'import.meta.env' | 'sveltekit' | 'angular' | 'deno' | 'next' | 'nuxt' | 'php';
|
|
101
103
|
context: string;
|
|
102
104
|
}
|
|
103
105
|
export interface ScanOptions {
|
|
@@ -119,6 +121,7 @@ export interface ScanResult {
|
|
|
119
121
|
filesScanned: number;
|
|
120
122
|
totalUsages: number;
|
|
121
123
|
uniqueVariables: number;
|
|
124
|
+
duration: number;
|
|
122
125
|
};
|
|
123
126
|
secrets: SecretFinding[];
|
|
124
127
|
duplicates: {
|
|
@@ -131,8 +134,9 @@ export interface ScanResult {
|
|
|
131
134
|
count: number;
|
|
132
135
|
}>;
|
|
133
136
|
};
|
|
134
|
-
duration: number;
|
|
135
137
|
hasCsp?: boolean;
|
|
138
|
+
frameworkWarnings?: frameworkWarning[];
|
|
139
|
+
exampleWarnings?: ExampleSecretWarning[];
|
|
136
140
|
}
|
|
137
141
|
/** Options for scanning the codebase for environment variable usage. */
|
|
138
142
|
export interface ScanUsageOptions extends ScanOptions {
|
|
@@ -152,6 +156,7 @@ export interface ScanJsonEntry {
|
|
|
152
156
|
filesScanned: number;
|
|
153
157
|
totalUsages: number;
|
|
154
158
|
uniqueVariables: number;
|
|
159
|
+
duration: number;
|
|
155
160
|
};
|
|
156
161
|
missing: Array<{
|
|
157
162
|
variable: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/config/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,aAAa,EAAE,MAAM,4BAA4B,CAAC;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/config/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,aAAa,EAAE,MAAM,4BAA4B,CAAC;AAChE,OAAO,EAAE,KAAK,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AACtE,OAAO,EAAE,KAAK,oBAAoB,EAAE,MAAM,kCAAkC,CAAC;AAG7E,eAAO,MAAM,kBAAkB,8EAOrB,CAAC;AAGX,MAAM,MAAM,QAAQ,GAAG,CAAC,OAAO,kBAAkB,CAAC,CAAC,MAAM,CAAC,CAAC;AAE3D;;GAEG;AACH,MAAM,MAAM,OAAO,GAAG;IACpB,WAAW,EAAE,OAAO,CAAC;IACrB,QAAQ,EAAE,OAAO,CAAC;IAClB,SAAS,EAAE,OAAO,CAAC;IACnB,eAAe,EAAE,OAAO,CAAC;IACzB,GAAG,EAAE,OAAO,CAAC;IACb,IAAI,EAAE,OAAO,CAAC;IACd,OAAO,EAAE,MAAM,GAAG,SAAS,CAAC;IAC5B,WAAW,EAAE,MAAM,GAAG,SAAS,CAAC;IAChC,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,CAAC,EAAE,QAAQ,EAAE,CAAC;IAClB,OAAO,EAAE,OAAO,CAAC;IACjB,SAAS,EAAE,OAAO,CAAC;IACnB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,UAAU,EAAE,OAAO,CAAC;IACpB,SAAS,EAAE,OAAO,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,OAAO,GAAG,SAAS,CAAC;IAC5B,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,SAAS,EAAE,OAAO,CAAC;CACpB,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,UAAU,GAAG;IACvB,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,EAAE,CAAC,EAAE,OAAO,CAAC;IACb,GAAG,CAAC,EAAE,OAAO,CAAC;IACd,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,GAAG,CAAC,EAAE,OAAO,CAAC;IACd,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC3B,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAChC,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IACzB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IACjC,YAAY,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IACjC,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC1B,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB,CAAC;AAEF;;;GAGG;AACH,MAAM,MAAM,gBAAgB,GAAG;IAC7B,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE;QAAE,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC;IAC7B,UAAU,CAAC,EAAE;QACX,GAAG,CAAC,EAAE,KAAK,CAAC;YAAE,GAAG,EAAE,MAAM,CAAC;YAAC,KAAK,EAAE,MAAM,CAAA;SAAE,CAAC,CAAC;QAC5C,OAAO,CAAC,EAAE,KAAK,CAAC;YAAE,GAAG,EAAE,MAAM,CAAC;YAAC,KAAK,EAAE,MAAM,CAAA;SAAE,CAAC,CAAC;KACjD,CAAC;IACF,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,eAAe,CAAC,EAAE,KAAK,CAAC;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC3E,EAAE,CAAC,EAAE,OAAO,CAAC;CACd,CAAC;AAEF;;GAEG;AACH,MAAM,WAAW,QAAQ;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EACH,aAAa,GACb,iBAAiB,GACjB,WAAW,GACX,SAAS,GACT,MAAM,GACN,MAAM,GACN,MAAM,GACN,KAAK,CAAC;IACV,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,WAAW;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,SAAS,CAAC,EAAE,OAAO,CAAC;CACrB;AAED,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,QAAQ,EAAE,CAAC;IACjB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,KAAK,EAAE;QACL,YAAY,EAAE,MAAM,CAAC;QACrB,WAAW,EAAE,MAAM,CAAC;QACpB,eAAe,EAAE,MAAM,CAAC;QACxB,QAAQ,EAAE,MAAM,CAAC;KAClB,CAAC;IACF,OAAO,EAAE,aAAa,EAAE,CAAC;IACzB,UAAU,EAAE;QACV,GAAG,CAAC,EAAE,KAAK,CAAC;YAAE,GAAG,EAAE,MAAM,CAAC;YAAC,KAAK,EAAE,MAAM,CAAA;SAAE,CAAC,CAAC;QAC5C,OAAO,CAAC,EAAE,KAAK,CAAC;YAAE,GAAG,EAAE,MAAM,CAAC;YAAC,KAAK,EAAE,MAAM,CAAA;SAAE,CAAC,CAAC;KACjD,CAAC;IACF,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,iBAAiB,CAAC,EAAE,gBAAgB,EAAE,CAAC;IACvC,eAAe,CAAC,EAAE,oBAAoB,EAAE,CAAC;CAC1C;AAED,wEAAwE;AACxE,MAAM,WAAW,gBAAiB,SAAQ,WAAW;IACnD,OAAO,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC7B,WAAW,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IACjC,GAAG,CAAC,EAAE,OAAO,CAAC;IACd,IAAI,EAAE,OAAO,CAAC;IACd,UAAU,EAAE,OAAO,CAAC;IACpB,SAAS,EAAE,OAAO,CAAC;IACnB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,aAAa;IAC5B,KAAK,EAAE;QACL,YAAY,EAAE,MAAM,CAAC;QACrB,WAAW,EAAE,MAAM,CAAC;QACpB,eAAe,EAAE,MAAM,CAAC;QACxB,QAAQ,EAAE,MAAM,CAAC;KAClB,CAAC;IACF,OAAO,EAAE,KAAK,CAAC;QACb,QAAQ,EAAE,MAAM,CAAC;QACjB,MAAM,EAAE,KAAK,CAAC;YACZ,IAAI,EAAE,MAAM,CAAC;YACb,IAAI,EAAE,MAAM,CAAC;YACb,OAAO,EAAE,MAAM,CAAC;YAChB,OAAO,EAAE,MAAM,CAAC;SACjB,CAAC,CAAC;KACJ,CAAC,CAAC;IACH,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,SAAS,CAAC,EAAE,KAAK,CAAC;QAChB,QAAQ,EAAE,MAAM,CAAC;QACjB,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,MAAM,CAAC;QAChB,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC,CAAC;IAEH,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,OAAO,CAAC,EAAE,KAAK,CAAC;QACd,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,MAAM,CAAC;QAChB,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC,CAAC;IACH,UAAU,CAAC,EAAE;QACX,GAAG,CAAC,EAAE,KAAK,CAAC;YAAE,GAAG,EAAE,MAAM,CAAC;YAAC,KAAK,EAAE,MAAM,CAAA;SAAE,CAAC,CAAC;QAC5C,OAAO,CAAC,EAAE,KAAK,CAAC;YAAE,GAAG,EAAE,MAAM,CAAC;YAAC,KAAK,EAAE,MAAM,CAAA;SAAE,CAAC,CAAC;KACjD,CAAC;IACF,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAGD,MAAM,WAAW,cAAc;IAC7B,CAAC,QAAQ,EAAE,MAAM,GAAG,QAAQ,EAAE,CAAC;CAChC;AAED,MAAM,WAAW,iBAAiB;IAChC,WAAW,EAAE,OAAO,CAAC;IACrB,GAAG,EAAE,MAAM,CAAC;IACZ,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,GAAG,CAAC,EAAE,OAAO,CAAC;IACd,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,gBAAgB,KAAK,IAAI,CAAC;IAC5C,IAAI,CAAC,EAAE,QAAQ,EAAE,CAAC;IAClB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,QAAQ;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,gBAAgB;IAC/B,aAAa,EAAE,OAAO,CAAC;CACxB;AAED,MAAM,MAAM,WAAW,GAAG;IACxB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE;QAAE,GAAG,EAAE,OAAO,CAAC;QAAC,OAAO,EAAE,OAAO,CAAA;KAAE,CAAC;IAC3C,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACrC,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACrC,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAClC,CAAC;AAEF,MAAM,MAAM,QAAQ,GAAG;IACrB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,UAAU,CAAC,EAAE,KAAK,CAAC;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACtE,aAAa,EAAE,KAAK,CAAC;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACrD,YAAY,EAAE,KAAK,CAAC;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACpD,cAAc,EAAE;QAAE,MAAM,EAAE,cAAc,GAAG,aAAa,CAAA;KAAE,GAAG,IAAI,CAAC;CACnE,CAAC"}
|
package/dist/src/config/types.js
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/config/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAsB,MAAM,4BAA4B,CAAC;
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/config/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAsB,MAAM,4BAA4B,CAAC;AAChE,OAAO,EAAyB,MAAM,+BAA+B,CAAC;AACtE,OAAO,EAA6B,MAAM,kCAAkC,CAAC;AAE7E,oCAAoC;AACpC,MAAM,CAAC,MAAM,kBAAkB,GAAG;IAChC,SAAS;IACT,OAAO;IACP,OAAO;IACP,UAAU;IACV,WAAW;IACX,WAAW;CACH,CAAC"}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
import type { EnvUsage } from '../config/types.js';
|
|
2
|
+
export interface EnvWarning {
|
|
3
|
+
variable: string;
|
|
4
|
+
reason: string;
|
|
5
|
+
file: string;
|
|
6
|
+
line: number;
|
|
7
|
+
}
|
|
8
|
+
export declare function validateEnvRules(usages: EnvUsage[]): EnvWarning[];
|
|
9
|
+
//# sourceMappingURL=envValidator.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"envValidator.d.ts","sourceRoot":"","sources":["../../../src/core/envValidator.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAEnD,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;CACd;AAED,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,QAAQ,EAAE,GAAG,UAAU,EAAE,CAqHjE"}
|
|
@@ -0,0 +1,103 @@
|
|
|
1
|
+
export function validateEnvRules(usages) {
|
|
2
|
+
const warnings = [];
|
|
3
|
+
for (const u of usages) {
|
|
4
|
+
// import.meta.env needs to start with VITE_
|
|
5
|
+
if (u.pattern === 'import.meta.env') {
|
|
6
|
+
if (!u.variable.startsWith('VITE_')) {
|
|
7
|
+
warnings.push({
|
|
8
|
+
variable: u.variable,
|
|
9
|
+
reason: `Variables accessed through import.meta.env must start with "VITE_"`,
|
|
10
|
+
file: u.file,
|
|
11
|
+
line: u.line,
|
|
12
|
+
});
|
|
13
|
+
}
|
|
14
|
+
continue;
|
|
15
|
+
}
|
|
16
|
+
// process.env cannot start with VITE_
|
|
17
|
+
if (u.pattern === 'process.env') {
|
|
18
|
+
if (u.variable.startsWith('VITE_')) {
|
|
19
|
+
warnings.push({
|
|
20
|
+
variable: u.variable,
|
|
21
|
+
reason: `Variables accessed through process.env cannot start with "VITE_"`,
|
|
22
|
+
file: u.file,
|
|
23
|
+
line: u.line,
|
|
24
|
+
});
|
|
25
|
+
}
|
|
26
|
+
// Check for .svelte files here (before continue)
|
|
27
|
+
if (u.file.endsWith('.svelte')) {
|
|
28
|
+
warnings.push({
|
|
29
|
+
variable: u.variable,
|
|
30
|
+
reason: `Avoid using process.env inside Svelte files — use $env/static/private or $env/static/public`,
|
|
31
|
+
file: u.file,
|
|
32
|
+
line: u.line,
|
|
33
|
+
});
|
|
34
|
+
}
|
|
35
|
+
continue;
|
|
36
|
+
}
|
|
37
|
+
// $env/static/private/* - ALL checks together
|
|
38
|
+
if (u.pattern === 'sveltekit' &&
|
|
39
|
+
u.context.includes('$env/static/private')) {
|
|
40
|
+
// Check 1: VITE_ prefix
|
|
41
|
+
if (u.variable.startsWith('VITE_')) {
|
|
42
|
+
warnings.push({
|
|
43
|
+
variable: u.variable,
|
|
44
|
+
reason: `$env/static/private variables must not start with "VITE_" (private server env)`,
|
|
45
|
+
file: u.file,
|
|
46
|
+
line: u.line,
|
|
47
|
+
});
|
|
48
|
+
}
|
|
49
|
+
// Check 2: Usage in .svelte files
|
|
50
|
+
if (u.file.match(/\.svelte$/)) {
|
|
51
|
+
warnings.push({
|
|
52
|
+
variable: u.variable,
|
|
53
|
+
reason: `Private environment variables cannot be used in Svelte components (.svelte files)`,
|
|
54
|
+
file: u.file,
|
|
55
|
+
line: u.line,
|
|
56
|
+
});
|
|
57
|
+
}
|
|
58
|
+
// Check 3: Usage in +page.ts or +layout.ts
|
|
59
|
+
if (u.file.match(/\+page\.ts$|\+layout\.ts$/)) {
|
|
60
|
+
warnings.push({
|
|
61
|
+
variable: u.variable,
|
|
62
|
+
reason: `Private env vars should only be used in +page.server.ts or +layout.server.ts`,
|
|
63
|
+
file: u.file,
|
|
64
|
+
line: u.line,
|
|
65
|
+
});
|
|
66
|
+
}
|
|
67
|
+
// Check 4: PUBLIC_ prefix in private imports
|
|
68
|
+
if (u.variable.startsWith('PUBLIC_')) {
|
|
69
|
+
warnings.push({
|
|
70
|
+
variable: u.variable,
|
|
71
|
+
reason: `Variables starting with PUBLIC_ may never be used in private env imports`,
|
|
72
|
+
file: u.file,
|
|
73
|
+
line: u.line,
|
|
74
|
+
});
|
|
75
|
+
}
|
|
76
|
+
continue;
|
|
77
|
+
}
|
|
78
|
+
// $env/static/public/*
|
|
79
|
+
if (u.pattern === 'sveltekit' && u.context.includes('$env/static/public')) {
|
|
80
|
+
if (u.variable.startsWith('VITE_')) {
|
|
81
|
+
warnings.push({
|
|
82
|
+
variable: u.variable,
|
|
83
|
+
reason: `$env/static/public variables must not start with "VITE_"`,
|
|
84
|
+
file: u.file,
|
|
85
|
+
line: u.line,
|
|
86
|
+
});
|
|
87
|
+
}
|
|
88
|
+
continue;
|
|
89
|
+
}
|
|
90
|
+
// $env/dynamic/public usage warning
|
|
91
|
+
if (u.pattern === 'sveltekit' &&
|
|
92
|
+
u.context.includes('$env/dynamic/public')) {
|
|
93
|
+
warnings.push({
|
|
94
|
+
variable: u.variable,
|
|
95
|
+
reason: `$env/dynamic/public is strongly discouraged — use $env/static/public instead for build-time safety`,
|
|
96
|
+
file: u.file,
|
|
97
|
+
line: u.line,
|
|
98
|
+
});
|
|
99
|
+
}
|
|
100
|
+
}
|
|
101
|
+
return warnings;
|
|
102
|
+
}
|
|
103
|
+
//# sourceMappingURL=envValidator.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"envValidator.js","sourceRoot":"","sources":["../../../src/core/envValidator.ts"],"names":[],"mappings":"AASA,MAAM,UAAU,gBAAgB,CAAC,MAAkB;IACjD,MAAM,QAAQ,GAAiB,EAAE,CAAC;IAElC,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,4CAA4C;QAC5C,IAAI,CAAC,CAAC,OAAO,KAAK,iBAAiB,EAAE,CAAC;YACpC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;gBACpC,QAAQ,CAAC,IAAI,CAAC;oBACZ,QAAQ,EAAE,CAAC,CAAC,QAAQ;oBACpB,MAAM,EAAE,oEAAoE;oBAC5E,IAAI,EAAE,CAAC,CAAC,IAAI;oBACZ,IAAI,EAAE,CAAC,CAAC,IAAI;iBACb,CAAC,CAAC;YACL,CAAC;YACD,SAAS;QACX,CAAC;QAED,sCAAsC;QACtC,IAAI,CAAC,CAAC,OAAO,KAAK,aAAa,EAAE,CAAC;YAChC,IAAI,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;gBACnC,QAAQ,CAAC,IAAI,CAAC;oBACZ,QAAQ,EAAE,CAAC,CAAC,QAAQ;oBACpB,MAAM,EAAE,kEAAkE;oBAC1E,IAAI,EAAE,CAAC,CAAC,IAAI;oBACZ,IAAI,EAAE,CAAC,CAAC,IAAI;iBACb,CAAC,CAAC;YACL,CAAC;YAED,iDAAiD;YACjD,IAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC/B,QAAQ,CAAC,IAAI,CAAC;oBACZ,QAAQ,EAAE,CAAC,CAAC,QAAQ;oBACpB,MAAM,EAAE,6FAA6F;oBACrG,IAAI,EAAE,CAAC,CAAC,IAAI;oBACZ,IAAI,EAAE,CAAC,CAAC,IAAI;iBACb,CAAC,CAAC;YACL,CAAC;YAED,SAAS;QACX,CAAC;QAED,8CAA8C;QAC9C,IACE,CAAC,CAAC,OAAO,KAAK,WAAW;YACzB,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,qBAAqB,CAAC,EACzC,CAAC;YACD,wBAAwB;YACxB,IAAI,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;gBACnC,QAAQ,CAAC,IAAI,CAAC;oBACZ,QAAQ,EAAE,CAAC,CAAC,QAAQ;oBACpB,MAAM,EAAE,gFAAgF;oBACxF,IAAI,EAAE,CAAC,CAAC,IAAI;oBACZ,IAAI,EAAE,CAAC,CAAC,IAAI;iBACb,CAAC,CAAC;YACL,CAAC;YAED,kCAAkC;YAClC,IAAI,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE,CAAC;gBAC9B,QAAQ,CAAC,IAAI,CAAC;oBACZ,QAAQ,EAAE,CAAC,CAAC,QAAQ;oBACpB,MAAM,EAAE,mFAAmF;oBAC3F,IAAI,EAAE,CAAC,CAAC,IAAI;oBACZ,IAAI,EAAE,CAAC,CAAC,IAAI;iBACb,CAAC,CAAC;YACL,CAAC;YAED,2CAA2C;YAC3C,IAAI,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,2BAA2B,CAAC,EAAE,CAAC;gBAC9C,QAAQ,CAAC,IAAI,CAAC;oBACZ,QAAQ,EAAE,CAAC,CAAC,QAAQ;oBACpB,MAAM,EAAE,8EAA8E;oBACtF,IAAI,EAAE,CAAC,CAAC,IAAI;oBACZ,IAAI,EAAE,CAAC,CAAC,IAAI;iBACb,CAAC,CAAC;YACL,CAAC;YAED,6CAA6C;YAC7C,IAAI,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;gBACrC,QAAQ,CAAC,IAAI,CAAC;oBACZ,QAAQ,EAAE,CAAC,CAAC,QAAQ;oBACpB,MAAM,EAAE,0EAA0E;oBAClF,IAAI,EAAE,CAAC,CAAC,IAAI;oBACZ,IAAI,EAAE,CAAC,CAAC,IAAI;iBACb,CAAC,CAAC;YACL,CAAC;YAED,SAAS;QACX,CAAC;QAED,uBAAuB;QACvB,IAAI,CAAC,CAAC,OAAO,KAAK,WAAW,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAC,EAAE,CAAC;YAC1E,IAAI,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;gBACnC,QAAQ,CAAC,IAAI,CAAC;oBACZ,QAAQ,EAAE,CAAC,CAAC,QAAQ;oBACpB,MAAM,EAAE,0DAA0D;oBAClE,IAAI,EAAE,CAAC,CAAC,IAAI;oBACZ,IAAI,EAAE,CAAC,CAAC,IAAI;iBACb,CAAC,CAAC;YACL,CAAC;YACD,SAAS;QACX,CAAC;QAED,oCAAoC;QACpC,IACE,CAAC,CAAC,OAAO,KAAK,WAAW;YACzB,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,qBAAqB,CAAC,EACzC,CAAC;YACD,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,CAAC,CAAC,QAAQ;gBACpB,MAAM,EAAE,oGAAoG;gBAC5G,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,IAAI,EAAE,CAAC,CAAC,IAAI;aACb,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
export interface ExampleSecretWarning {
|
|
2
|
+
key: string;
|
|
3
|
+
value: string;
|
|
4
|
+
reason: string;
|
|
5
|
+
severity: "high" | "medium" | "low";
|
|
6
|
+
}
|
|
7
|
+
export declare function detectSecretsInExample(env: Record<string, string>): ExampleSecretWarning[];
|
|
8
|
+
//# sourceMappingURL=exampleSecretDetector.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"exampleSecretDetector.d.ts","sourceRoot":"","sources":["../../../src/core/exampleSecretDetector.ts"],"names":[],"mappings":"AAMA,MAAM,WAAW,oBAAoB;IACnC,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;CACrC;AAED,wBAAgB,sBAAsB,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,oBAAoB,EAAE,CA4D1F"}
|
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
import { PROVIDER_PATTERNS, SUSPICIOUS_KEYS } from "./secretDetectors.js";
|
|
2
|
+
import { shannonEntropyNormalized } from "./entropy.js";
|
|
3
|
+
export function detectSecretsInExample(env) {
|
|
4
|
+
const warnings = [];
|
|
5
|
+
for (const [key, rawValue] of Object.entries(env)) {
|
|
6
|
+
if (!rawValue)
|
|
7
|
+
continue;
|
|
8
|
+
const value = rawValue.trim();
|
|
9
|
+
// 1 — Skip placeholders
|
|
10
|
+
if (value === "" ||
|
|
11
|
+
value.toLowerCase() === "example" ||
|
|
12
|
+
value.toLowerCase() === "placeholder" ||
|
|
13
|
+
value.includes("your_") ||
|
|
14
|
+
value.includes("<") ||
|
|
15
|
+
value.includes("CHANGE_ME")) {
|
|
16
|
+
continue;
|
|
17
|
+
}
|
|
18
|
+
// 2 — Check provider patterns (AWS, Stripe, GitHub, JWT etc.)
|
|
19
|
+
for (const rx of PROVIDER_PATTERNS) {
|
|
20
|
+
if (rx.test(value)) {
|
|
21
|
+
warnings.push({
|
|
22
|
+
key,
|
|
23
|
+
value,
|
|
24
|
+
reason: "Value in .env.example matches a known provider key pattern",
|
|
25
|
+
severity: "high"
|
|
26
|
+
});
|
|
27
|
+
continue;
|
|
28
|
+
}
|
|
29
|
+
}
|
|
30
|
+
// 3 — Check suspicious keywords on values
|
|
31
|
+
if (SUSPICIOUS_KEYS.test(key)) {
|
|
32
|
+
if (value.length >= 12) {
|
|
33
|
+
warnings.push({
|
|
34
|
+
key,
|
|
35
|
+
value,
|
|
36
|
+
reason: "Suspicious key name combined with a non-placeholder value",
|
|
37
|
+
severity: "medium"
|
|
38
|
+
});
|
|
39
|
+
}
|
|
40
|
+
}
|
|
41
|
+
// 4 — Check entropy (high randomness → real secret)
|
|
42
|
+
if (value.length >= 24) {
|
|
43
|
+
const entropy = shannonEntropyNormalized(value);
|
|
44
|
+
if (entropy > 0.80) {
|
|
45
|
+
warnings.push({
|
|
46
|
+
key,
|
|
47
|
+
value,
|
|
48
|
+
reason: `High entropy value in .env.example (≈${entropy.toFixed(2)})`,
|
|
49
|
+
severity: entropy > 0.92 ? "high" : "medium"
|
|
50
|
+
});
|
|
51
|
+
}
|
|
52
|
+
}
|
|
53
|
+
}
|
|
54
|
+
return warnings;
|
|
55
|
+
}
|
|
56
|
+
//# sourceMappingURL=exampleSecretDetector.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"exampleSecretDetector.js","sourceRoot":"","sources":["../../../src/core/exampleSecretDetector.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,iBAAiB,EACjB,eAAe,EAChB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,wBAAwB,EAAE,MAAM,cAAc,CAAC;AASxD,MAAM,UAAU,sBAAsB,CAAC,GAA2B;IAChE,MAAM,QAAQ,GAA2B,EAAE,CAAC;IAE5C,KAAK,MAAM,CAAC,GAAG,EAAE,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAClD,IAAI,CAAC,QAAQ;YAAE,SAAS;QAExB,MAAM,KAAK,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC;QAE9B,wBAAwB;QACxB,IACE,KAAK,KAAK,EAAE;YACZ,KAAK,CAAC,WAAW,EAAE,KAAK,SAAS;YACjC,KAAK,CAAC,WAAW,EAAE,KAAK,aAAa;YACrC,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC;YACvB,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC;YACnB,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC,EAC3B,CAAC;YACD,SAAS;QACX,CAAC;QAED,8DAA8D;QAC9D,KAAK,MAAM,EAAE,IAAI,iBAAiB,EAAE,CAAC;YACnC,IAAI,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;gBACnB,QAAQ,CAAC,IAAI,CAAC;oBACZ,GAAG;oBACH,KAAK;oBACL,MAAM,EAAE,4DAA4D;oBACpE,QAAQ,EAAE,MAAM;iBACjB,CAAC,CAAC;gBACH,SAAS;YACX,CAAC;QACH,CAAC;QAED,0CAA0C;QAC1C,IAAI,eAAe,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YAC9B,IAAI,KAAK,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;gBACvB,QAAQ,CAAC,IAAI,CAAC;oBACZ,GAAG;oBACH,KAAK;oBACL,MAAM,EAAE,2DAA2D;oBACnE,QAAQ,EAAE,QAAQ;iBACnB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,oDAAoD;QACpD,IAAI,KAAK,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;YACvB,MAAM,OAAO,GAAG,wBAAwB,CAAC,KAAK,CAAC,CAAC;YAChD,IAAI,OAAO,GAAG,IAAI,EAAE,CAAC;gBACnB,QAAQ,CAAC,IAAI,CAAC;oBACZ,GAAG;oBACH,KAAK;oBACL,MAAM,EAAE,wCAAwC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG;oBACrE,QAAQ,EAAE,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ;iBAC7C,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
export type Framework = 'sveltekit' | 'next' | 'unknown';
|
|
2
|
+
export interface FrameworkDetection {
|
|
3
|
+
framework: Framework;
|
|
4
|
+
version?: string;
|
|
5
|
+
}
|
|
6
|
+
/**
|
|
7
|
+
* Detects the framework being used in the project
|
|
8
|
+
* by checking package.json and file structure
|
|
9
|
+
*/
|
|
10
|
+
export declare function detectFramework(cwd: string): FrameworkDetection;
|
|
11
|
+
//# sourceMappingURL=frameworkDetector.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"frameworkDetector.d.ts","sourceRoot":"","sources":["../../../src/core/frameworkDetector.ts"],"names":[],"mappings":"AAGA,MAAM,MAAM,SAAS,GAAG,WAAW,GAAG,MAAM,GAAG,SAAS,CAAC;AAEzD,MAAM,WAAW,kBAAkB;IACjC,SAAS,EAAE,SAAS,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;;GAGG;AACH,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,kBAAkB,CAkC/D"}
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
import fs from 'fs';
|
|
2
|
+
import path from 'path';
|
|
3
|
+
/**
|
|
4
|
+
* Detects the framework being used in the project
|
|
5
|
+
* by checking package.json and file structure
|
|
6
|
+
*/
|
|
7
|
+
export function detectFramework(cwd) {
|
|
8
|
+
try {
|
|
9
|
+
const packageJsonPath = path.join(cwd, 'package.json');
|
|
10
|
+
if (!fs.existsSync(packageJsonPath)) {
|
|
11
|
+
return { framework: 'unknown' };
|
|
12
|
+
}
|
|
13
|
+
const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, 'utf-8'));
|
|
14
|
+
const deps = {
|
|
15
|
+
...packageJson.dependencies,
|
|
16
|
+
...packageJson.devDependencies,
|
|
17
|
+
};
|
|
18
|
+
// Check for SvelteKit
|
|
19
|
+
if (deps['@sveltejs/kit']) {
|
|
20
|
+
return {
|
|
21
|
+
framework: 'sveltekit',
|
|
22
|
+
version: deps['@sveltejs/kit'],
|
|
23
|
+
};
|
|
24
|
+
}
|
|
25
|
+
// Check for Next.js
|
|
26
|
+
if (deps['next']) {
|
|
27
|
+
return {
|
|
28
|
+
framework: 'next',
|
|
29
|
+
version: deps['next'],
|
|
30
|
+
};
|
|
31
|
+
}
|
|
32
|
+
return { framework: 'unknown' };
|
|
33
|
+
}
|
|
34
|
+
catch (error) {
|
|
35
|
+
return { framework: 'unknown' };
|
|
36
|
+
}
|
|
37
|
+
}
|
|
38
|
+
//# sourceMappingURL=frameworkDetector.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"frameworkDetector.js","sourceRoot":"","sources":["../../../src/core/frameworkDetector.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,IAAI,MAAM,MAAM,CAAC;AASxB;;;GAGG;AACH,MAAM,UAAU,eAAe,CAAC,GAAW;IACzC,IAAI,CAAC;QACH,MAAM,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,cAAc,CAAC,CAAC;QAEvD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;YACpC,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;QAClC,CAAC;QAED,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC,CAAC;QAC1E,MAAM,IAAI,GAAG;YACX,GAAG,WAAW,CAAC,YAAY;YAC3B,GAAG,WAAW,CAAC,eAAe;SAC/B,CAAC;QAEF,sBAAsB;QACtB,IAAI,IAAI,CAAC,eAAe,CAAC,EAAE,CAAC;YAC1B,OAAO;gBACL,SAAS,EAAE,WAAW;gBACtB,OAAO,EAAE,IAAI,CAAC,eAAe,CAAC;aAC/B,CAAC;QACJ,CAAC;QAED,oBAAoB;QACpB,IAAI,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YACjB,OAAO;gBACL,SAAS,EAAE,MAAM;gBACjB,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC;aACtB,CAAC;QACJ,CAAC;QAED,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;IAClC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;IAClC,CAAC;AACH,CAAC"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import type { EnvUsage } from '../config/types.js';
|
|
2
|
+
import { type Framework } from './frameworkDetector.js';
|
|
3
|
+
export interface frameworkWarning {
|
|
4
|
+
variable: string;
|
|
5
|
+
reason: string;
|
|
6
|
+
file: string;
|
|
7
|
+
line: number;
|
|
8
|
+
framework: Framework;
|
|
9
|
+
}
|
|
10
|
+
export declare function frameworkValidator(usages: EnvUsage[], cwd: string): frameworkWarning[];
|
|
11
|
+
//# sourceMappingURL=frameworkValidator.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"frameworkValidator.d.ts","sourceRoot":"","sources":["../../../src/core/frameworkValidator.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAmB,KAAK,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAMzE,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,SAAS,CAAC;CACtB;AAED,wBAAgB,kBAAkB,CAChC,MAAM,EAAE,QAAQ,EAAE,EAClB,GAAG,EAAE,MAAM,GACV,gBAAgB,EAAE,CAUpB"}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
import { detectFramework } from './frameworkDetector.js';
|
|
2
|
+
import { applySvelteKitRules, applyNextJsRules, } from './frameworks/index.js';
|
|
3
|
+
export function frameworkValidator(usages, cwd) {
|
|
4
|
+
const warnings = [];
|
|
5
|
+
const { framework } = detectFramework(cwd);
|
|
6
|
+
for (const u of usages) {
|
|
7
|
+
if (framework === 'sveltekit')
|
|
8
|
+
applySvelteKitRules(u, warnings);
|
|
9
|
+
if (framework === 'next')
|
|
10
|
+
applyNextJsRules(u, warnings);
|
|
11
|
+
}
|
|
12
|
+
return warnings;
|
|
13
|
+
}
|
|
14
|
+
//# sourceMappingURL=frameworkValidator.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"frameworkValidator.js","sourceRoot":"","sources":["../../../src/core/frameworkValidator.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAAkB,MAAM,wBAAwB,CAAC;AACzE,OAAO,EACL,mBAAmB,EACnB,gBAAgB,GACjB,MAAM,uBAAuB,CAAC;AAU/B,MAAM,UAAU,kBAAkB,CAChC,MAAkB,EAClB,GAAW;IAEX,MAAM,QAAQ,GAAuB,EAAE,CAAC;IACxC,MAAM,EAAE,SAAS,EAAE,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;IAE3C,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,IAAI,SAAS,KAAK,WAAW;YAAE,mBAAmB,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;QAChE,IAAI,SAAS,KAAK,MAAM;YAAE,gBAAgB,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;IAC1D,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"angularRules.d.ts","sourceRoot":"","sources":["../../../../src/core/frameworks/angularRules.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAEjE,wBAAgB,iBAAiB,CAC/B,CAAC,EAAE,QAAQ,EACX,QAAQ,EAAE,gBAAgB,EAAE,QA0B7B"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/core/frameworks/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/core/frameworks/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC"}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
import type { EnvUsage } from "../../config/types.js";
|
|
2
|
+
import type { frameworkWarning } from "../frameworkValidator.js";
|
|
3
|
+
/**
|
|
4
|
+
* Next.js environment variable validation rules
|
|
5
|
+
* @param u - The environment variable usage information
|
|
6
|
+
* @param warnings - The array to push warnings into
|
|
7
|
+
*/
|
|
8
|
+
export declare function applyNextJsRules(u: EnvUsage, warnings: frameworkWarning[]): void;
|
|
9
|
+
//# sourceMappingURL=nextJsRules.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"nextJsRules.d.ts","sourceRoot":"","sources":["../../../../src/core/frameworks/nextJsRules.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAEjE;;;;GAIG;AACH,wBAAgB,gBAAgB,CAAC,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,gBAAgB,EAAE,QAyDzE"}
|
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Next.js environment variable validation rules
|
|
3
|
+
* @param u - The environment variable usage information
|
|
4
|
+
* @param warnings - The array to push warnings into
|
|
5
|
+
*/
|
|
6
|
+
export function applyNextJsRules(u, warnings) {
|
|
7
|
+
const isServerOnlyFile = u.file.includes("app/api/") ||
|
|
8
|
+
u.file.endsWith(".server.ts") ||
|
|
9
|
+
u.file.endsWith(".server.js");
|
|
10
|
+
if (u.pattern === "process.env" && u.variable.startsWith("NEXT_PUBLIC_")) {
|
|
11
|
+
if (isServerOnlyFile) {
|
|
12
|
+
warnings.push({
|
|
13
|
+
variable: u.variable,
|
|
14
|
+
reason: "NEXT_PUBLIC_ variables are exposed to the browser — don't use them in server-only files",
|
|
15
|
+
file: u.file,
|
|
16
|
+
line: u.line,
|
|
17
|
+
framework: "next",
|
|
18
|
+
});
|
|
19
|
+
}
|
|
20
|
+
}
|
|
21
|
+
const looksLikeClientComponent = u.file.includes("/components/") || u.context.includes("use client");
|
|
22
|
+
if (u.pattern === "process.env" &&
|
|
23
|
+
!u.variable.startsWith("NEXT_PUBLIC_") &&
|
|
24
|
+
looksLikeClientComponent) {
|
|
25
|
+
warnings.push({
|
|
26
|
+
variable: u.variable,
|
|
27
|
+
reason: "Client components can only access NEXT_PUBLIC_ environment variables",
|
|
28
|
+
file: u.file,
|
|
29
|
+
line: u.line,
|
|
30
|
+
framework: "next",
|
|
31
|
+
});
|
|
32
|
+
}
|
|
33
|
+
const isClientComponentFile = u.file.endsWith(".tsx") ||
|
|
34
|
+
u.file.endsWith(".jsx") ||
|
|
35
|
+
u.context.includes("use client");
|
|
36
|
+
if (u.pattern === "process.env" &&
|
|
37
|
+
isClientComponentFile &&
|
|
38
|
+
!u.variable.startsWith("NEXT_PUBLIC_")) {
|
|
39
|
+
warnings.push({
|
|
40
|
+
variable: u.variable,
|
|
41
|
+
reason: "process.env inside client components must use NEXT_PUBLIC_ variables",
|
|
42
|
+
file: u.file,
|
|
43
|
+
line: u.line,
|
|
44
|
+
framework: "next",
|
|
45
|
+
});
|
|
46
|
+
}
|
|
47
|
+
}
|
|
48
|
+
//# sourceMappingURL=nextJsRules.js.map
|