envilder 0.7.0 → 0.7.3

package/docs/SECURITY.md

@@ -1,167 +1,167 @@
-# Security Policy
-
-## 🔒 Supported Versions
-
-We release patches for security vulnerabilities only in the latest version:
-
-| Version | Supported          |
-| ------- | ------------------ |
-| Latest  | ✅ |
-| Older   | ❌ |
-
-## 🚨 Reporting a Vulnerability
-
-**Please do not report security vulnerabilities through public GitHub issues.**
-
-If you discover a security vulnerability in Envilder, please report it privately to help us address it before public disclosure.
-
-### How to Report
-
-1. **Email**: Send details to <mac.albert@gmail.com>
-2. **Subject**: `[SECURITY] Envilder - [Brief Description]`
-3. **Include**:
-   - Description of the vulnerability
-   - Steps to reproduce the issue
-   - Potential impact
-   - Suggested fix (if available)
-   - Your contact information for follow-up
-
-### What to Expect
-
-- **Acknowledgment**: I will acknowledge your email as soon as possible
-- **Initial Assessment**: I'll provide an initial assessment and prioritize based on severity
-- **Updates**: I'll keep you informed about the progress
-- **Resolution**: I'll work to release a fix as soon as feasible (timeline depends on severity and complexity)
-- **Credit**: You'll be credited in the security advisory (unless you prefer to remain anonymous)
-
-**Note**: This is a solo open-source project maintained in my spare time. While I take security seriously,
-response times may vary based on availability.
-
-## 🛡️ Security Best Practices
-
-When using Envilder, follow these security guidelines:
-
-### AWS Credentials
-
-**DO**:
-
-- ✅ Use IAM roles with OIDC for GitHub Actions ([setup guide](https://docs.github.com/en/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services))
-- ✅ Use temporary credentials when possible
-- ✅ Follow the principle of least privilege
-
-**DON'T**:
-
-- ❌ Store AWS access keys in code or environment variables
-- ❌ Share AWS credentials via Slack, email, or chat
-
-### IAM Permissions
-
-Envilder requires these AWS permissions:
-
-```json
-{
-    "Version": "2012-10-17",
-    "Statement": [
-        {
-            "Effect": "Allow",
-            "Principal": {
-                "Federated": "arn:aws:iam::123456123456:oidc-provider/token.actions.githubusercontent.com"
-            },
-            "Action": "sts:AssumeRoleWithWebIdentity",
-            "Condition": {
-                "StringLike": {
-                    "token.actions.githubusercontent.com:sub": "repo:octo-org/octo-repo:*"
-                },
-                "StringEquals": {
-                    "token.actions.githubusercontent.com:aud": "sts.amazonaws.com"
-                }
-            }
-        }
-    ]
-}
-```
-
-**Recommendations**:
-
-- Scope permissions to specific parameter paths (e.g., `/myapp/prod/*`)
-- Use separate IAM roles for different environments (dev, staging, prod)
-- Enable CloudTrail logging for audit trails
-
-### Environment Files
-
-**DO**:
-
-- ✅ Add `.env` to `.gitignore`
-- ✅ Use `.env.example` for documentation (without real values)
-- ✅ Rotate secrets regularly
-
-**DON'T**:
-
-- ❌ Commit `.env` files to version control
-- ❌ Share `.env` files via email or chat
-
-### GitHub Actions
-
-When using Envilder GitHub Action:
-
-**DO**:
-
-- ✅ Use OIDC authentication instead of static credentials ([OIDC setup guide](https://docs.github.com/en/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services))
-- ✅ Pin action versions (e.g., `@v1.0.0` instead of `@main`)
-- ✅ Review action code before using in production
-
-**DON'T**:
-
-- ❌ Store AWS credentials in GitHub Secrets (use OIDC roles)
-- ❌ Use overly permissive IAM policies
-
-## 🔍 Security Audits
-
-This project uses:
-
-- **Snyk**: Vulnerability scanning for dependencies
-- **Secretlint**: Prevents accidental secret commits
-- **Biome**: Code quality and security linting
-- **Dependabot**: Automated dependency updates
-
-View current security status: [![Known Vulnerabilities](https://snyk.io/test/github/macalbert/envilder/badge.svg)](https://snyk.io/test/github/macalbert/envilder)
-
-## 📋 Known Security Considerations
-
-### AWS SSM Parameter Store
-
-- Parameters are encrypted at rest using AWS KMS
-- All API calls are logged in CloudTrail
-- Access is controlled via IAM policies
-- Supports versioning and automatic rotation
-
-### Local Environment Files
-
-- Generated `.env` files contain sensitive data
-- Ensure proper file permissions (e.g., `chmod 600 .env`)
-- Delete or rotate secrets if `.env` is accidentally committed
-
-## 🔗 Additional Resources
-
-- [AWS SSM Security Best Practices](https://docs.aws.amazon.com/systems-manager/latest/userguide/security-best-practices.html)
-- [GitHub Actions Security Hardening](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions)
-- [OWASP Secrets Management Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html)
-
-## 📜 Disclosure Policy
-
-When I receive a security vulnerability report:
-
-1. I will confirm the vulnerability and determine its impact
-2. I will develop and test a fix
-3. I will release a security advisory and patched version
-4. I will credit the reporter (unless anonymity is requested)
-
-**Public Disclosure Timeline**:
-
-- Critical vulnerabilities: Disclosed after patch is released
-- Non-critical vulnerabilities: Coordinated disclosure with reasonable timeline based on severity
-
-**Note**: As a solo maintainer working on this project in my spare time, I appreciate your
-understanding regarding response and fix timelines.
-
-Thank you for helping keep Envilder and its users safe! 🙏
+# Security Policy
+
+## 🔒 Supported Versions
+
+We release patches for security vulnerabilities only in the latest version:
+
+| Version | Supported          |
+| ------- | ------------------ |
+| Latest  | ✅ |
+| Older   | ❌ |
+
+## 🚨 Reporting a Vulnerability
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+If you discover a security vulnerability in Envilder, please report it privately to help us address it before public disclosure.
+
+### How to Report
+
+1. **Email**: Send details to <mac.albert@gmail.com>
+2. **Subject**: `[SECURITY] Envilder - [Brief Description]`
+3. **Include**:
+   - Description of the vulnerability
+   - Steps to reproduce the issue
+   - Potential impact
+   - Suggested fix (if available)
+   - Your contact information for follow-up
+
+### What to Expect
+
+- **Acknowledgment**: I will acknowledge your email as soon as possible
+- **Initial Assessment**: I'll provide an initial assessment and prioritize based on severity
+- **Updates**: I'll keep you informed about the progress
+- **Resolution**: I'll work to release a fix as soon as feasible (timeline depends on severity and complexity)
+- **Credit**: You'll be credited in the security advisory (unless you prefer to remain anonymous)
+
+**Note**: This is a solo open-source project maintained in my spare time. While I take security seriously,
+response times may vary based on availability.
+
+## 🛡️ Security Best Practices
+
+When using Envilder, follow these security guidelines:
+
+### AWS Credentials
+
+**DO**:
+
+- ✅ Use IAM roles with OIDC for GitHub Actions ([setup guide](https://docs.github.com/en/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services))
+- ✅ Use temporary credentials when possible
+- ✅ Follow the principle of least privilege
+
+**DON'T**:
+
+- ❌ Store AWS access keys in code or environment variables
+- ❌ Share AWS credentials via Slack, email, or chat
+
+### IAM Permissions
+
+Envilder requires these AWS permissions:
+
+```json
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Principal": {
+                "Federated": "arn:aws:iam::123456123456:oidc-provider/token.actions.githubusercontent.com"
+            },
+            "Action": "sts:AssumeRoleWithWebIdentity",
+            "Condition": {
+                "StringLike": {
+                    "token.actions.githubusercontent.com:sub": "repo:octo-org/octo-repo:*"
+                },
+                "StringEquals": {
+                    "token.actions.githubusercontent.com:aud": "sts.amazonaws.com"
+                }
+            }
+        }
+    ]
+}
+```
+
+**Recommendations**:
+
+- Scope permissions to specific parameter paths (e.g., `/myapp/prod/*`)
+- Use separate IAM roles for different environments (dev, staging, prod)
+- Enable CloudTrail logging for audit trails
+
+### Environment Files
+
+**DO**:
+
+- ✅ Add `.env` to `.gitignore`
+- ✅ Use `.env.example` for documentation (without real values)
+- ✅ Rotate secrets regularly
+
+**DON'T**:
+
+- ❌ Commit `.env` files to version control
+- ❌ Share `.env` files via email or chat
+
+### GitHub Actions
+
+When using Envilder GitHub Action:
+
+**DO**:
+
+- ✅ Use OIDC authentication instead of static credentials ([OIDC setup guide](https://docs.github.com/en/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services))
+- ✅ Pin action versions (e.g., `@v1.0.0` instead of `@main`)
+- ✅ Review action code before using in production
+
+**DON'T**:
+
+- ❌ Store AWS credentials in GitHub Secrets (use OIDC roles)
+- ❌ Use overly permissive IAM policies
+
+## 🔍 Security Audits
+
+This project uses:
+
+- **Snyk**: Vulnerability scanning for dependencies
+- **Secretlint**: Prevents accidental secret commits
+- **Biome**: Code quality and security linting
+- **Dependabot**: Automated dependency updates
+
+View current security status: [![Known Vulnerabilities](https://snyk.io/test/github/macalbert/envilder/badge.svg)](https://snyk.io/test/github/macalbert/envilder)
+
+## 📋 Known Security Considerations
+
+### AWS SSM Parameter Store
+
+- Parameters are encrypted at rest using AWS KMS
+- All API calls are logged in CloudTrail
+- Access is controlled via IAM policies
+- Supports versioning and automatic rotation
+
+### Local Environment Files
+
+- Generated `.env` files contain sensitive data
+- Ensure proper file permissions (e.g., `chmod 600 .env`)
+- Delete or rotate secrets if `.env` is accidentally committed
+
+## 🔗 Additional Resources
+
+- [AWS SSM Security Best Practices](https://docs.aws.amazon.com/systems-manager/latest/userguide/security-best-practices.html)
+- [GitHub Actions Security Hardening](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions)
+- [OWASP Secrets Management Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html)
+
+## 📜 Disclosure Policy
+
+When I receive a security vulnerability report:
+
+1. I will confirm the vulnerability and determine its impact
+2. I will develop and test a fix
+3. I will release a security advisory and patched version
+4. I will credit the reporter (unless anonymity is requested)
+
+**Public Disclosure Timeline**:
+
+- Critical vulnerabilities: Disclosed after patch is released
+- Non-critical vulnerabilities: Coordinated disclosure with reasonable timeline based on severity
+
+**Note**: As a solo maintainer working on this project in my spare time, I appreciate your
+understanding regarding response and fix timelines.
+
+Thank you for helping keep Envilder and its users safe! 🙏

package/lib/envilder/infrastructure/variableStore/FileVariableStore.js

@@ -82,7 +82,7 @@ let FileVariableStore = class FileVariableStore {
         });
     }
     escapeEnvValue(value) {
-        // lgtm[js/incomplete-sanitization]
+        // codeql[js/incomplete-sanitization]
         // CodeQL flags this as incomplete sanitization because we don't escape backslashes
         // before newlines. However, this is intentional: the dotenv library does NOT
         // interpret escape sequences (it treats \n literally as backslash+n, not as a newline).

package/lib/envilder/infrastructure/variableStore/FileVariableStore.js.map

@@ -1 +1 @@
-{"version":3,"file":"FileVariableStore.js","sourceRoot":"","sources":["../../../../src/envilder/infrastructure/variableStore/FileVariableStore.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA,OAAO,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACvC,OAAO,KAAK,MAAM,MAAM,QAAQ,CAAC;AACjC,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAC/C,OAAO,EACL,sBAAsB,EACtB,oBAAoB,GACrB,MAAM,qCAAqC,CAAC;AAG7C,OAAO,EAAE,KAAK,EAAE,MAAM,gBAAgB,CAAC;AAGhC,IAAM,iBAAiB,GAAvB,MAAM,iBAAiB;IAG5B,YAAmC,MAAe;QAChD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,sBAAsB,CAAC,0BAA0B,CAAC,CAAC;QAC/D,CAAC;QACD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAEK,UAAU,CAAC,MAAc;;YAC7B,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;gBACnD,IAAI,CAAC;oBACH,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBAC7B,CAAC;gBAAC,OAAO,IAAa,EAAE,CAAC;oBACvB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,2BAA2B,MAAM,EAAE,CAAC,CAAC;oBACvD,MAAM,IAAI,oBAAoB,CAC5B,uCAAuC,MAAM,EAAE,CAChD,CAAC;gBACJ,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,KAAK,YAAY,oBAAoB,EAAE,CAAC;oBAC1C,MAAM,KAAK,CAAC;gBACd,CAAC;gBACD,MAAM,IAAI,oBAAoB,CAAC,4BAA4B,MAAM,EAAE,CAAC,CAAC;YACvE,CAAC;QACH,CAAC;KAAA;IAEK,cAAc,CAAC,MAAc;;YACjC,MAAM,YAAY,GAA2B,EAAE,CAAC;YAChD,IAAI,CAAC;gBACH,MAAM,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YAC1B,CAAC;YAAC,WAAM,CAAC;gBACP,OAAO,YAAY,CAAC;YACtB,CAAC;YACD,MAAM,kBAAkB,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YAC9D,MAAM,SAAS,GAAG,MAAM,CAAC,KAAK,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAC;YACzD,MAAM,CAAC,MAAM,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;YAEvC,OAAO,YAAY,CAAC;QACtB,CAAC;KAAA;IAEK,eAAe,CACnB,WAAmB,EACnB,YAAoC;;YAEpC,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC;iBAC5C,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,IAAI,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,EAAE,CAAC;iBAC7D,IAAI,CAAC,IAAI,CAAC,CAAC;YAEd,IAAI,CAAC;gBACH,MAAM,EAAE,CAAC,SAAS,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;YAC9C,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,YAAY,GAChB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBACzD,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,qCAAqC,YAAY,EAAE,CAAC,CAAC;gBACvE,MAAM,IAAI,oBAAoB,CAC5B,qCAAqC,YAAY,EAAE,CACpD,CAAC;YACJ,CAAC;QACH,CAAC;KAAA;IAEO,cAAc,CAAC,KAAa;QAClC,mCAAmC;QACnC,mFAAmF;QACnF,6EAA6E;QAC7E,wFAAwF;QACxF,4EAA4E;QAC5E,wFAAwF;QACxF,OAAO,KAAK,CAAC,OAAO,CAAC,eAAe,EAAE,KAAK,CAAC,CAAC;IAC/C,CAAC;CACF,CAAA;AAxEY,iBAAiB;IAD7B,UAAU,EAAE;IAIE,WAAA,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;;GAHvB,iBAAiB,CAwE7B"}
+{"version":3,"file":"FileVariableStore.js","sourceRoot":"","sources":["../../../../src/envilder/infrastructure/variableStore/FileVariableStore.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA,OAAO,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACvC,OAAO,KAAK,MAAM,MAAM,QAAQ,CAAC;AACjC,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAC/C,OAAO,EACL,sBAAsB,EACtB,oBAAoB,GACrB,MAAM,qCAAqC,CAAC;AAG7C,OAAO,EAAE,KAAK,EAAE,MAAM,gBAAgB,CAAC;AAGhC,IAAM,iBAAiB,GAAvB,MAAM,iBAAiB;IAG5B,YAAmC,MAAe;QAChD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,sBAAsB,CAAC,0BAA0B,CAAC,CAAC;QAC/D,CAAC;QACD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAEK,UAAU,CAAC,MAAc;;YAC7B,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;gBACnD,IAAI,CAAC;oBACH,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBAC7B,CAAC;gBAAC,OAAO,IAAa,EAAE,CAAC;oBACvB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,2BAA2B,MAAM,EAAE,CAAC,CAAC;oBACvD,MAAM,IAAI,oBAAoB,CAC5B,uCAAuC,MAAM,EAAE,CAChD,CAAC;gBACJ,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,KAAK,YAAY,oBAAoB,EAAE,CAAC;oBAC1C,MAAM,KAAK,CAAC;gBACd,CAAC;gBACD,MAAM,IAAI,oBAAoB,CAAC,4BAA4B,MAAM,EAAE,CAAC,CAAC;YACvE,CAAC;QACH,CAAC;KAAA;IAEK,cAAc,CAAC,MAAc;;YACjC,MAAM,YAAY,GAA2B,EAAE,CAAC;YAChD,IAAI,CAAC;gBACH,MAAM,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YAC1B,CAAC;YAAC,WAAM,CAAC;gBACP,OAAO,YAAY,CAAC;YACtB,CAAC;YACD,MAAM,kBAAkB,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YAC9D,MAAM,SAAS,GAAG,MAAM,CAAC,KAAK,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAC;YACzD,MAAM,CAAC,MAAM,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;YAEvC,OAAO,YAAY,CAAC;QACtB,CAAC;KAAA;IAEK,eAAe,CACnB,WAAmB,EACnB,YAAoC;;YAEpC,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC;iBAC5C,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,IAAI,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,EAAE,CAAC;iBAC7D,IAAI,CAAC,IAAI,CAAC,CAAC;YAEd,IAAI,CAAC;gBACH,MAAM,EAAE,CAAC,SAAS,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;YAC9C,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,YAAY,GAChB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBACzD,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,qCAAqC,YAAY,EAAE,CAAC,CAAC;gBACvE,MAAM,IAAI,oBAAoB,CAC5B,qCAAqC,YAAY,EAAE,CACpD,CAAC;YACJ,CAAC;QACH,CAAC;KAAA;IAEO,cAAc,CAAC,KAAa;QAClC,qCAAqC;QACrC,mFAAmF;QACnF,6EAA6E;QAC7E,wFAAwF;QACxF,4EAA4E;QAC5E,wFAAwF;QACxF,OAAO,KAAK,CAAC,OAAO,CAAC,eAAe,EAAE,KAAK,CAAC,CAAC;IAC/C,CAAC;CACF,CAAA;AAxEY,iBAAiB;IAD7B,UAAU,EAAE;IAIE,WAAA,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;;GAHvB,iBAAiB,CAwE7B"}

package/package.json

@@ -1,11 +1,43 @@
 {
   "name": "envilder",
-  "version": "0.7.0",
+  "version": "0.7.3",
   "description": "A CLI that securely centralizes your environment variables from AWS SSM as a single source of truth",
+  "author": {
+    "name": "Marçal Albert Castellví",
+    "email": "mac.albert@gmail.com",
+    "url": "https://github.com/macalbert/envilder"
+  },
+  "repo": "github:macalbert/envilder",
+  "repository": {
+    "type": "git",
+    "url": "git://github.com/macalbert/envilder.git"
+  },
   "main": "./lib/apps/cli/Index.js",
   "bin": {
     "envilder": "lib/apps/cli/Index.js"
   },
+  "scripts": {
+    "clean": "pnpm store prune && pnpm dlx rimraf lib && pnpm dlx rimraf coverage && pnpm dlx rimraf node_modules",
+    "build": "tsc",
+    "build:gha": "ncc build src/apps/gha/Index.ts -o github-action/dist --minify",
+    "verify:gha": "pnpm build:gha && git diff --exit-code github-action/dist/index.js || (echo '❌ github-action/dist/index.js is not up to date. Run pnpm build:gha' && exit 1)",
+    "local:install": "pnpm build && node --loader ts-node/esm scripts/pack-and-install.ts",
+    "local:test-run": "pnpm build && node lib/apps/cli/Index.js --map=tests/sample/param-map.json --envfile=tests/sample/autogenerated.env",
+    "format": "biome format",
+    "format:write": "biome format --write",
+    "lint": "secretlint \"**/*\" && biome check --write && tsc --noEmit",
+    "lint:fix": "biome lint --fix",
+    "test": "vitest run --reporter=verbose --coverage",
+    "test:ci": "vitest run --reporter=verbose --reporter=junit --coverage --outputFile=coverage/junit/test-results.xml",
+    "changelog": "conventional-changelog -p angular -i docs/CHANGELOG.md -s",
+    "changelog:all": "conventional-changelog -p angular -i docs/CHANGELOG.md -s -r 0",
+    "publish": "pnpm lint && pnpm build && pnpm test && pnpm pack --dry-run && pnpm publish",
+    "action-publish": "pnpm build:gha && pnpm verify:gha",
+    "release-patch": "pnpm version patch && pnpm changelog",
+    "release-minor": "pnpm version minor && pnpm changelog",
+    "release-major": "pnpm version major && pnpm changelog",
+    "release-prerelease": "pnpm version prerelease"
+  },
   "keywords": [
     "env",
     "dotenv",
@@ -26,16 +58,9 @@
     "github-action",
     "actions"
   ],
-  "repository": {
-    "type": "git",
-    "url": "git://github.com/macalbert/envilder.git"
-  },
   "bugs": {
     "url": "https://github.com/macalbert/envilder/issues"
   },
-  "author": "Marçal Albert Castellví",
-  "email": "mac.albert@gmail.com",
-  "url": "https://github.com/macalbert/envilder",
   "license": "MIT",
   "publishConfig": {
     "access": "public"
@@ -61,8 +86,8 @@
   },
   "devDependencies": {
     "@biomejs/biome": "^2.3.5",
-    "@commitlint/cli": "^19.6.0",
-    "@commitlint/config-conventional": "^19.6.0",
+    "@commitlint/cli": "^20.1.0",
+    "@commitlint/config-conventional": "^20.0.0",
     "@secretlint/secretlint-rule-preset-recommend": "^11.2.5",
     "@testcontainers/localstack": "^11.8.1",
     "@vercel/ncc": "^0.38.4",
@@ -77,27 +102,5 @@
   },
   "engines": {
     "node": ">=20.0.0"
-  },
-  "scripts": {
-    "clean": "pnpm store prune && pnpm dlx rimraf lib && pnpm dlx rimraf coverage && pnpm dlx rimraf node_modules",
-    "build": "tsc",
-    "build:gha": "ncc build src/apps/gha/Index.ts -o github-action/dist --minify",
-    "verify:gha": "pnpm build:gha && git diff --exit-code github-action/dist/index.js || (echo '❌ github-action/dist/index.js is not up to date. Run pnpm build:gha' && exit 1)",
-    "local:install": "pnpm build && node --loader ts-node/esm scripts/pack-and-install.ts",
-    "local:test-run": "pnpm build && node lib/apps/cli/Index.js --map=tests/sample/param-map.json --envfile=tests/sample/autogenerated.env",
-    "format": "biome format",
-    "format:write": "biome format --write",
-    "lint": "secretlint \"**/*\" && biome check --write && tsc --noEmit",
-    "lint:fix": "biome lint --fix",
-    "test": "vitest run --reporter=verbose --coverage",
-    "test:ci": "vitest run --reporter=verbose --reporter=junit --coverage --outputFile=coverage/junit/test-results.xml",
-    "changelog": "conventional-changelog -p angular -i docs/CHANGELOG.md -s",
-    "changelog:all": "conventional-changelog -p angular -i docs/CHANGELOG.md -s -r 0",
-    "pnpm-publish": "pnpm lint && pnpm build && pnpm test && pnpm pack --dry-run && pnpm publish",
-    "action-publish": "pnpm build:gha && pnpm verify:gha",
-    "pnpm-release-patch": "pnpm version patch && pnpm changelog",
-    "pnpm-release-minor": "pnpm version minor && pnpm changelog",
-    "pnpm-release-major": "pnpm version major && pnpm changelog",
-    "pnpm-release-prerelease": "pnpm version prerelease"
   }
-}
+}