envlock-core 0.6.0 → 0.6.1

package/dist/index.cjs

@@ -0,0 +1,193 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var src_exports = {};
+__export(src_exports, {
+  ENVIRONMENTS: () => ENVIRONMENTS,
+  checkBinary: () => checkBinary,
+  findFreePort: () => findFreePort,
+  hasBinary: () => hasBinary,
+  log: () => log,
+  runWithSecrets: () => runWithSecrets,
+  setVerbose: () => setVerbose,
+  validateEnvFilePath: () => validateEnvFilePath,
+  validateOnePasswordEnvId: () => validateOnePasswordEnvId
+});
+module.exports = __toCommonJS(src_exports);
+
+// src/invoke.ts
+var import_node_child_process2 = require("child_process");
+
+// src/detect.ts
+var import_node_child_process = require("child_process");
+
+// src/logger.ts
+var verbose = false;
+function setVerbose(flag) {
+  verbose = flag;
+}
+var log = {
+  debug: (msg) => {
+    if (verbose) process.stderr.write(`[envlock:debug] ${msg}
+`);
+  },
+  info: (msg) => {
+    process.stderr.write(`[envlock] ${msg}
+`);
+  },
+  warn: (msg) => {
+    process.stderr.write(`[envlock] Warning: ${msg}
+`);
+  },
+  error: (msg) => {
+    process.stderr.write(`[envlock] Error: ${msg}
+`);
+  }
+};
+
+// src/detect.ts
+var WHICH = process.platform === "win32" ? "where" : "which";
+function hasBinary(name) {
+  try {
+    (0, import_node_child_process.execFileSync)(WHICH, [name], { stdio: "pipe" });
+    return true;
+  } catch {
+    return false;
+  }
+}
+function checkBinary(name, installHint) {
+  if (!hasBinary(name)) {
+    throw new Error(`[envlock] '${name}' not found in PATH.
+${installHint}`);
+  }
+  log.debug(`Binary check: ${name} found`);
+}
+
+// src/invoke.ts
+function runWithSecrets(options) {
+  const { envFile, environment, onePasswordEnvId, command, args } = options;
+  checkBinary(
+    "dotenvx",
+    "Install dotenvx: npm install -g @dotenvx/dotenvx\nOr add it as a dev dependency."
+  );
+  const privateKeyVar = `DOTENV_PRIVATE_KEY_${environment.toUpperCase()}`;
+  const keyAlreadyInjected = !!process.env[privateKeyVar];
+  let result;
+  if (keyAlreadyInjected) {
+    log.debug(`Spawning: dotenvx run -f ${envFile} -- ${command} ${args.join(" ")}`);
+    result = (0, import_node_child_process2.spawnSync)(
+      "dotenvx",
+      ["run", "-f", envFile, "--", command, ...args],
+      { stdio: "inherit" }
+    );
+    if (result.error) {
+      throw new Error(`[envlock] Failed to spawn 'dotenvx': ${result.error.message}`);
+    }
+  } else {
+    checkBinary(
+      "op",
+      "Install 1Password CLI: brew install --cask 1password-cli@beta\nThen sign in: op signin"
+    );
+    log.debug(`Spawning: op run --environment ${onePasswordEnvId} -- dotenvx run -f ${envFile} -- ${command} ${args.join(" ")}`);
+    result = (0, import_node_child_process2.spawnSync)(
+      "op",
+      [
+        "run",
+        "--environment",
+        onePasswordEnvId,
+        "--",
+        "dotenvx",
+        "run",
+        "-f",
+        envFile,
+        "--",
+        command,
+        ...args
+      ],
+      { stdio: "inherit" }
+    );
+    if (result.error) {
+      throw new Error(`[envlock] Failed to spawn 'op': ${result.error.message}`);
+    }
+  }
+  process.exit(result.status ?? 1);
+}
+
+// src/validate.ts
+var import_node_path = require("path");
+var OP_ENV_ID_PATTERN = /^[a-z0-9][a-z0-9-]*$/;
+function validateOnePasswordEnvId(id) {
+  if (!id || !OP_ENV_ID_PATTERN.test(id)) {
+    throw new Error(
+      `[envlock] Invalid onePasswordEnvId: "${id}". Must be a lowercase alphanumeric string (hyphens allowed), e.g. 'ca6uypwvab5mevel44gqdc2zae'.`
+    );
+  }
+}
+function validateEnvFilePath(envFile, cwd) {
+  if (envFile.includes("\0")) {
+    throw new Error(`[envlock] Invalid env file path: null bytes are not allowed.`);
+  }
+  const resolved = (0, import_node_path.resolve)(cwd, envFile);
+  const base = (0, import_node_path.resolve)(cwd);
+  const rel = (0, import_node_path.relative)(base, resolved);
+  if (rel.startsWith("..") || (0, import_node_path.isAbsolute)(rel)) {
+    throw new Error(
+      `[envlock] Invalid env file path: "${envFile}" resolves outside the project directory.`
+    );
+  }
+}
+
+// src/types.ts
+var ENVIRONMENTS = {
+  development: "development",
+  staging: "staging",
+  production: "production"
+};
+
+// src/find-port.ts
+var import_node_net = require("net");
+function isPortFree(port) {
+  return new Promise((resolve2) => {
+    const server = (0, import_node_net.createServer)();
+    server.once("error", () => resolve2(false));
+    server.once("listening", () => server.close(() => resolve2(true)));
+    server.listen(port, "127.0.0.1");
+  });
+}
+async function findFreePort(preferred) {
+  for (let port = preferred; port <= preferred + 10; port++) {
+    if (await isPortFree(port)) return port;
+  }
+  throw new Error(
+    `[envlock] No free port found in range ${preferred}\u2013${preferred + 10}.`
+  );
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  ENVIRONMENTS,
+  checkBinary,
+  findFreePort,
+  hasBinary,
+  log,
+  runWithSecrets,
+  setVerbose,
+  validateEnvFilePath,
+  validateOnePasswordEnvId
+});

package/dist/index.d.cts

@@ -0,0 +1,46 @@
+declare const ENVIRONMENTS: {
+    readonly development: "development";
+    readonly staging: "staging";
+    readonly production: "production";
+};
+type Environment = keyof typeof ENVIRONMENTS;
+interface EnvlockOptions {
+    onePasswordEnvId: string;
+    envFiles?: Partial<Record<Environment, string>>;
+}
+interface EnvlockConfig {
+    /**
+     * Your 1Password Environment ID.
+     * Can alternatively be set via the ENVLOCK_OP_ENV_ID environment variable.
+     */
+    onePasswordEnvId?: string;
+    envFiles?: Partial<Record<Environment, string>>;
+    commands?: Record<string, string>;
+}
+
+interface RunWithSecretsOptions {
+    envFile: string;
+    environment: Environment;
+    onePasswordEnvId: string;
+    command: string;
+    args: string[];
+}
+declare function runWithSecrets(options: RunWithSecretsOptions): void;
+
+declare function hasBinary(name: string): boolean;
+declare function checkBinary(name: string, installHint: string): void;
+
+declare function validateOnePasswordEnvId(id: string): void;
+declare function validateEnvFilePath(envFile: string, cwd: string): void;
+
+declare function setVerbose(flag: boolean): void;
+declare const log: {
+    debug: (msg: string) => void;
+    info: (msg: string) => void;
+    warn: (msg: string) => void;
+    error: (msg: string) => void;
+};
+
+declare function findFreePort(preferred: number): Promise<number>;
+
+export { ENVIRONMENTS, type Environment, type EnvlockConfig, type EnvlockOptions, type RunWithSecretsOptions, checkBinary, findFreePort, hasBinary, log, runWithSecrets, setVerbose, validateEnvFilePath, validateOnePasswordEnvId };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "envlock-core",
-  "version": "0.6.0",
+  "version": "0.6.1",
   "type": "module",
   "description": "Core 1Password + dotenvx secret injection logic for envlock",
   "license": "MIT",
@@ -22,10 +22,12 @@
   },
   "exports": {
     ".": {
-      "import": "./dist/index.js",
-      "types": "./dist/index.d.ts"
+      "types": "./dist/index.d.ts",
+      "require": "./dist/index.cjs",
+      "import": "./dist/index.js"
     }
   },
+  "main": "./dist/index.cjs",
   "files": [
     "dist"
   ],