npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

env-contract-check

v0.4.2

Published

Create a contract of environment variables for different environments.

Downloads

49

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

stieneeestieneee

Keywords

envcheckcontractenvironmentNODE_ENVdevelopmentproductiondocker

Readme

env-contract-check

CircleCI install size

Define and check contracts around environment variables.

The goal of this package is to make environment variables easy to check, default in development and enforce presence in production. The package was created around to address some pain points around environment variables. While it is recommended to set NODE_ENV this package supports behaviors around an undefined NODE_ENV variable. This package attempts to balance convenience for development with predictable desirable behavior for deployment.

Define Contract

const ecc = require('env-contract-check');

// all boolean default false
// register accepts a single object or an array of objects
ecc.register([{
  name: 'MONGO_URL', // required
  optional: true || { // set the variable as optional in all environments or specific environments
    ${NODE_ENV}: true,
    development: false,
    test: true,
    production: false,
  },
  defaults: {
    ${NODE_ENV}: 'default for that environment',
    development: 'mongo://localhost'
    docker: 'mongo://mongo',
    // production: 'mongo://mongo', // not recommend to set production default
  }  
  allowReregister: true // allow this contract to be redefined.
  noLog: true, // a prevent console.log during contract evaluation
  hidden: true, // value of the env variable will not be printed to the console.
}]);

Checking Environment

By default contracts first check to see if the environment variable has been set. If the variable is missing the optional flag, defaults object, secret file locations and NODE_ENV are used to determine if the variable can be populated or if the application should error. It is best to set NODE_ENV but if missed this package defaults to 'development' or 'docker' if in a docker container. Support for other process environments is a future goal.

Strict NODE_ENV

A strict options requires NODE_ENV to be set forcing a process exit(1) if not set before requiring this package.

ecc.strict()

Setting the Environment

Well this package provides several methods of setting the environment some methods are not secret safe. As hard-coding some environment variables is a security issue, an additional environment loader is recommended for loading secrets into the processes environment. There are many great methods for setting the process environment. One recommendation is dotenv which is great for setting the process environment during development and dose not interfere with production process managers. It is important to use any in process environment loader before requiring this package.

// example using dotenv
require('dotenv').config()
// load env before ecc
const ecc = require('env-contract-check');

Setting the Environment - Secret Files

Both Docker and Kubernetes provide a secret object with the ability to present these as a file inside a container. By default this package will check if the file name of the contract name exists in the /run/secrets directory and loads the content into that environment variable. A customized file path can be set by setting the a environment variable of the name of the contract with '_FILE' appeneded.

Example 1 - Load from Default Location

echo -n "MY SECRET MONGO URL" > /var/run/MONGO_URL
node index.js
// index.js
ecc.register({name: 'MONGO_URL'});
console.log(process.env.MONGO_URL);
// OUTPUT: MY SECRET MONGO URL

Example 2 - Load from Customer Location

echo -n "MY SECRET MONGO URL" > /etc/my-mongo-url
MONGO_URL_FILE=/etc/my-mongo-url node index.js
// index.js
ecc.register({name: 'MONGO_URL'});
console.log(process.env.MONGO_URL);
// OUTPUT: MY SECRET MONGO URL

Order of Operations

As soon as a environment variable is set the package stops attempting to load the variable from any other location and the contract is satisfied. The order of operations is the following.

  • Set before the contract is accessed
  • Attempt load from default secret file location /run/secrets/{name}
  • If set, Attempt load from custom secret file location
  • If NODE_ENV is present in the defaults object of the contract
  • If not optional, throw error

Output

By default this package will print the status of each contract as they are evaluated. To prevent a contract from printing its status ecc.register({noLog: true}) or be to stop console by default set ecc.noLog(true). A summary of the current status of all contracts can be logged by

ecc.summary()

Hidden

In most situations logging a secret is undesirable, marking a variable as hidden will prevent the value from being printed to the console.

// index.js
ecc.register({
  name: 'MONGO_URL'
  hidden: true
});
// OUTPUT: MONGO_URL variable set to default {HIDDEN}

Stripe-Url-Auth

All output is passed through stripe-url-auth to prevent some credentials from printing to the console.

Dependencies

Dependencies that require env variable can safely use this package as well. Again it is important to load the env before loading the any dependencies that will require this package.

Re-register

To prevent unintentional overwriting if a variable is registered twice the package will error. This can be over written by setting the allowReregister property to true of any duplicate register calls. Please consider the order of operations when reregsitering.

Contributing

Issues, recommendations, requests and pull requests are welcome.