npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@air_raza/envsecure

v1.0.0

Published

Securely share .env files with your team using encrypted short codes. Zero setup, zero accounts, just works.

Downloads

92

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

air_razaair_raza

Keywords

envdotenvsecretssharingclisecuritydevtoolsencryptionzero-knowledgeteam-collaboration

Readme

envsecure

npm version License: MIT PRs Welcome

Securely share .env files with your team using encrypted short codes. No setup, no accounts, just works.

🎯 What Problem Does This Solve?

Sharing .env files over WhatsApp, Slack, or email is a security nightmare. envsecure solves this by:

  • Zero-knowledge encryption - The server never sees your decryption key
  • Short, shareable codes - Easy to share: ENV-X7K2-9QMZ#<key>
  • Auto-expiration - Files automatically expire after a set time
  • One-time use option - Burn codes that delete after first download
  • Zero setup - No accounts, no configuration, just works
  • Free forever - Powered by free tier services

🚀 Quick Start

Installation

npm install -g envsecure

Or use with npx (no installation needed):

npx envsecure <command>

That's It! No Setup Required

# Share your .env file
npx envsecure push

# Your teammate downloads it
npx envsecure pull ENV-X7K2-9QMZ#<decryptionKey>

No accounts, no configuration, no hassle. Just works out of the box.

📖 Commands

envsecure push [file]

Upload and encrypt a .env file (or any file).

Options:

  • [file] - File to encrypt (default: .env)
  • --ttl <hours> - Time to live in hours (default: 24, max: 168)
  • --burn - Delete after first download (one-time use)

Examples:

# Push default .env file
npx envsecure push

# Push a specific file
npx envsecure push .env.production

# Push with 48-hour expiration
npx envsecure push --ttl 48

# Push as one-time use (burn after download)
npx envsecure push --burn

# Combine options
npx envsecure push .env.staging --ttl 72 --burn

Output:

✅ Your env has been shared!

╔════════════════════════════════╗
║ Code: ENV-X7K2-9QMZ            ║
║ Expires in: 24 hours           ║
╚════════════════════════════════╝

Share this command with your teammate:
npx envsecure pull ENV-X7K2-9QMZ#a3f9bc2d...

envsecure pull <code>

Download and decrypt a .env file using a share code.

Options:

  • -o, --output <file> - Output file name (default: .env)

Examples:

# Pull to default .env file (always quote the code!)
npx envsecure pull "ENV-X7K2-9QMZ#a3f9bc2d..."

# Pull to a specific file
npx envsecure pull "ENV-X7K2-9QMZ#a3f9bc2d..." -o .env.production

Important: Always quote the code when using it in the terminal, as the # character has special meaning in shells.

Note: If the output file already exists, you'll be prompted to confirm overwrite.

envsecure delete <code>

Manually delete a shared env code.

Example:

npx envsecure delete ENV-X7K2-9QMZ

envsecure --version or envsecure -v

Display the current version.

envsecure --help or envsecure -h

Display help information.

📚 Complete Usage Guide

For detailed usage instructions, examples, and troubleshooting, see USAGE.md.

🔒 Security

Zero-Knowledge Architecture

envsecure uses a zero-knowledge encryption model:

  1. Encryption happens locally - Your .env file is encrypted on your machine using AES-256-GCM
  2. Key never leaves your control - The decryption key is never sent to or stored on the server
  3. Only encrypted data is stored - The server only stores the encrypted blob, which is useless without the key
  4. Key travels with the code - The decryption key is appended to the share code after # (e.g., ENV-XXXX-XXXX#<key>)

What This Means

  • ✅ Even if the server is compromised, your data is unreadable without the key
  • ✅ Even if the server operator is malicious, they can't decrypt your secrets
  • ✅ The server has zero knowledge of your .env contents
  • ✅ All data auto-expires, nothing is stored permanently
  • ✅ Rate limiting and file size limits protect against abuse

Best Practices

  • Share codes through secure channels (encrypted messaging, password managers)
  • Use --burn flag for sensitive one-time shares
  • Set appropriate TTL based on your needs
  • Never commit .env files to git (use .gitignore)

🏗️ Architecture

envsecure uses a hosted backend architecture:

  • CLI → Your hosted API (Cloudflare Worker) → Your Upstash Redis
  • Users don't need accounts or configuration
  • You control rate limiting, file size limits, and abuse prevention
  • Free tier handles hundreds of users per day

For Package Maintainers

If you want to host your own backend, see the backend/ directory for:

  • Cloudflare Worker implementation
  • Rate limiting and validation
  • Deployment instructions

The backend is open source and you can deploy it yourself if you prefer.

📋 Requirements

  • Node.js >= 14.0.0
  • That's it! No other dependencies or accounts needed.

🤝 Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

  1. Fork the repository
  2. Create your feature branch (git checkout -b feature/amazing-feature)
  3. Commit your changes (git commit -m 'Add some amazing feature')
  4. Push to the branch (git push origin feature/amazing-feature)
  5. Open a Pull Request

📝 License

This project is licensed under the MIT License - see the LICENSE file for details.

🙏 Acknowledgments

💬 Support

Found a bug or have a feature request? Open an issue!

Made with ❤️ for developers who care about security