Package Exports
- @fronik/envman
- @fronik/envman/bin/envman.js
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@fronik/envman) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
envman π‘οΈ
A SECURITY-FIRST ENVIRONMENT MANAGEMENT SYSTEM
envman is an elite configuration manager and CLI tool engineered for zero-trust environments. Unlike dotenv or env-cmd, envman is hyper-focused on project security, environment file integrity, and proactive config monitoring.
π₯ Core Features
- Advanced Masking (Value-Heuristic): Detects not only sensitive keywords (like
SECRETorAPI_KEY), but intelligently scans values to find leaked AWS Keys, JWTs, and RSA Private Keys. It utilizes partial-reveal string masking (se****23). - AES-256 Offline Encryption: Need to freeze your configs locally?
envman encryptlocks your files behind AES-256 standard encryption (.env.enc), requiring an interactive, non-logging password execution. - Deep Project Scanner: Have a teammate who hard-coded an API key?
envman scanrecursively parses your.js,.json, and.envfiles for embedded secrets and returns surgical diagnostics. - Environment Doctor (
envman doctor): Catch duplicates, empty keys, and dangerously weak passwords (admin,123456) instantly. - Auto-Backups: Mutating your
.env? A timestamped backup (.env.backup.16...) is generated silently before any destructive CLI execution. - Safe Mode: Test sync outputs via
--safewithout risking accidental damage. - Smart Diff Syncing: Visualize
.envpropagations cleanly with+,~,-mapping.
π Quick Start
npm install -g @fronik/envman
# Bootstrap a fresh environment scaffolding securely
envman initπ οΈ Commands
| Command | Action |
|---|---|
envman init |
Generate pristine .env and .env.example templates |
envman add <KEY=value> |
Safely append or modify an environment variable |
envman remove <KEY> |
Strip an environment variable safely |
envman list |
List configuration safely (with automatic secret obscuring) |
envman doctor |
Deep health-check your environments (weak pass, dups, blanks) |
envman scan |
Audit your ENTIRE project codebase for leaked secrets |
envman encrypt |
Interactive AES-256 encryption lock for your .env files |
envman decrypt |
Safely restore .env configurations via password verification |
envman sync --to <path> |
Smart synchronize properties to another directory / project |
envman check |
Audit .gitignore protocols |
envman generate |
Safely create a templated .env.example from existing config |
π Global Options
-e, --env-file <path>: Target alternate files (-e .env.production)--safe: Run any command in a dry-run/preview execution context.--no-backup: Skip timestamp backups before mutations.
βοΈ envman vs dotenv / env-cmd
| Capability | dotenv / env-cmd | envman |
|---|---|---|
| Load capabilities | Yes | CLI management |
| Value-based masking | No | Yes (AWS, JWT, RSA) |
| File Encryption | No | AES-256 Interactive |
| Codebase Scanning | No | Deep recursive secret scanning |
| Doctor Analysis | No | Syntax + Weak Password Checks |
| Auto-backups | No | Yes |
π‘οΈ Security Principles
- Zero Secret Logging: Your keys are never printed back to your bash profile or STDOUT in full form.
- Zero In-Memory Keys: Passwords required for AES encryption are streamed securely and flushed.
- Opt-in Telemetry: Usage events are
0%until you explicitly invokeenvman enable-telemetry. Nothing invasiveβever.
Prepared for production. Ready for you.