JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 977357
  • Score
    100M100P100Q180715F
  • License MIT

A simple webpack plugin to support dotenv.

Package Exports

  • dotenv-webpack

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (dotenv-webpack) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

dotenv-webpack

A secure webpack plugin that supports dotenv and other environment variables and only exposes what you choose and use.

Status

npm Travis Coverage Status Dependency Status devDependency Status js-standard-style npm pull requests

Installation

Include the package locally in your repository.

npm install dotenv-webpack --save

Description

dotenv-webpack wraps dotenv and Webpack.DefinePlugin. As such, it overwrites existing any existing DefinePlugin configurations. Also, like DefinePlugin, it does a text replace in the resulting bundle for any instances of process.env.

Your .env files can include sensitive information. Because of this,dotenv-webpack will only expose environment variables that are explicily referenced in your code to your final bundle.

Usage

The plugin can be installed with little-to-no configuration needed. Once installed, you can access the variables within your code using process.env as you would with dotenv.

The example bellow shows a standard use-case.

Create a .env file
// .env
DB_HOST=127.0.0.1
DB_PASS=foobar
S3_API=mysecretkey
Add it to your Webpack config file
// webpack.config.js
const Dotenv = require('dotenv-webpack');

module.exports = {
  ...
  plugins: [
    new Dotenv({
      path: './.env', // Path to .env file (this is the default)
      safe: true // load .env.example (defaults to "false" which does not use dotenv-safe)
    })
  ]
  ...
};
Use in your code
// file1.js
console.log(process.env.DB_HOST);
// '127.0.0.1'
Resulting bundle
// bundle.js
console.log('127.0.0.1');

Note: the .env values for DB_PASS and S3_API are NOT present in our bundle, as they were never referenced (as process.env.[VAR_NAME]) in the code.

How Secure?

Be allowing you to define exactly where you are loading environment variables from, and bundling only variables in your project that are explicitly referenced in your code, you can be sure that only what you need is included and you do not accidentally leak anything sensitive.

Add .env to your .gitignore file

Properties

Use the following properties to configure your instance.

  • path ('./.env') - The path to your environment variables.
  • safe (false) - If false ignore safe-mode, if true load './.env.example', if a string load that file as the sample.
  • systemvars (false) - Set to true if you would rather load all system variables as well (useful for CI purposes).
  • silent (false) - If true, all warnings will be surpressed.

LICENSE

MIT