katt / envsafe Goto Github PK
View Code? Open in Web Editor NEWπ Makes sure you don't accidentally deploy apps with missing or invalid environment variables.
Home Page: https://github.com/KATT/envsafe
License: MIT License
π Makes sure you don't accidentally deploy apps with missing or invalid environment variables.
Home Page: https://github.com/KATT/envsafe
License: MIT License
The documentation for next.js SSR for trpc requires us to set the following in _app.tsx
:
const url = process.env.VERCEL_URL
? `https://${process.env.VERCEL_URL}/api/trpc`
: 'http://localhost:3000/api/trpc';
I tried using envsafe
with this with devDefault
. This failed when performing a yarn build
on my local machine (and was the only variable to do so). It works fine in yarn dev
(presumably because VERCEL_URL
is set by nextjs) but doesn't work when building. What's the recommended solution for yarn build
?
Hey, thanks for the awesome package. Since I have no expertise in this area I would like to ask a question. Is passing any server only env variables in nextjs (without prefixing it with NEXT_PUBLIC) to envsafe exposes it to client? Is there any security concerns here?
Essentially the title. Should I be able to use this in a library so that if the consumer doesn't supply a required env var it will prompt them so (for instance in a next app). In my experimentation, it seems to work for one library, but when I add another to the mix it's unable to find a defined env variable... π€
test
Originally posted by @KATT in https://github.com/KATT/envsafe/discussions/27
I'd like to highlight an issue that arises when passing environment variables to envsafe
in Next.js, using the code from the Example as a reference.
In Next.js applications, we use the input
option to inline environment variable values during the build process and pass them to envsafe
.
NEXT_PUBLIC_NO_DEFAULT: str({
input: process.env.NEXT_PUBLIC_NO_DEFAULT,
}),
However, if there happens to be a typo in the specified environment variable name, envsafe is unable to identify the error.γFor instance, consider the following scenario where the PABLIC
segment is incorrect (while PUBLIC
is the correct one):
NEXT_PUBLIC_NO_DEFAULT: str({
input: process.env.NEXT_PABLIC_NO_DEFAULT,
}),
The reason behind this behavior is that envsafe
relies on a fallback mechanism where it references the environment variable using NEXT_PUBLIC_NO_DEFAULT
when the input
value is empty.
Unfortunately, this fallback mechanism is ineffective for Next.js client-side applications. It causes delays in issue detection and creates unnecessary obstacles in such scenarios.
I propose introducing an option that allows users to disable the fallback mechanism at their discretion. By adding, for instance, the inputOnly
option, we give users the ability to control this behavior.
export const browserEnv = envsafe({
NEXT_PUBLIC_NO_DEFAULT: str({
input: process.env.NEXT_PUBLIC_NO_DEFAULT,
// Only individual items can be targeted
// inputOnly: true
}),
}, {
// By setting this flag to `true`, only the input value will be referenced, and the value in process.env will be ignored.
inputOnly: true
})
Utilizing this feature empowers Next.js application builders to detect typographical errors in environment variables during the build process, treating them as build errors rather than runtime issues.
Pull Request
I believe that the majority of cases where input
is used are with Next.js.
Therefore, I thought it would be a good idea to make it the default behavior to disable fallback when using input
.
However, I am not certain that anyone would find it harmful, so I opted to add the flag so as not to break the existing behavior.
This is a great QoL addition that I've been using a lot from ts-dotenv, but the implementation details of this library is so different that another approach is better.
In ts-dotenv you specify an array that are cast as const as so:
LOG_LEVEL: {
type: [
'fatal' as const,
'error' as const,
'warn' as const,
'info' as const,
'debug' as const,
'trace' as const
],
default: 'info'
},
which gives you the type
'fatal' | 'error' | 'warn' | 'info' | 'debug' | 'trace'
It would be amazing if we could conditionally do this for choices. Here is an example of how it can be done:
function stringLiteralArray<T extends string>(a: T[]) {
return a;
}
const fruits = stringLiteralArray(["Apple", "Orange", "Pear"]);
type Fruits = typeof fruits[number]
Today the json
validator returns unknown
type, is there a reason for that?
Can we add support to generics to cover that gap?
AS-IS
const env = envsafe({
CREDENTIALS: json(),
});
env.CREDENTIALS // unknown
TO-BE
const env = envsafe({
CREDENTIALS: json<AppCredentials>(),
})
env.CREDENTIALS // AppCredentials
I am trying to setup envsafe in a NextJs project, but it is not working.
The values are printed in console, on the server side also client side but still the validation is showing them as missing.
import { str, envsafe, url, bool } from 'envsafe';
console.log('NEXT_PUBLIC_RUM_KEY' + process.env.NEXT_PUBLIC_RUM_KEY);
export const env = envsafe({
NEXT_PUBLIC_RUM_KEY: str(),
});
Node version: v16.18.1
NextJs version: 13.2.4
A declarative, efficient, and flexible JavaScript library for building user interfaces.
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. πππ
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google β€οΈ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.