dotenv-webpack
dotenv-webpack copied to clipboard
mrsteele
Systemvars array
Adding support for systemvars to also be an array of whitelisted variables. The allows using specific system variables without worrying about accidentally leaking others for better security.
new Dotenv({
path: '.env',
systemvars: ['VAR1', 'VAR2', 'VAR3'],
}),
Codecov Report
Merging #256 into master will increase coverage by
0.09%. The diff coverage is100.00%.
@@ Coverage Diff @@
## master #256 +/- ##
==========================================
+ Coverage 98.69% 98.78% +0.09%
==========================================
Files 2 2
Lines 153 165 +12
Branches 38 40 +2
==========================================
+ Hits 151 163 +12
Misses 2 2
| Impacted Files | Coverage Δ | |
|---|---|---|
| src/index.js | 98.50% <100.00%> (+0.14%) |
:arrow_up: |
| index.js | 98.97% <0.00%> (+0.06%) |
:arrow_up: |
Continue to review full report at Codecov.
Legend - Click here to learn more
Δ = absolute <relative> (impact),ø = not affected,? = missing dataPowered by Codecov. Last update c2c3b15...90b6464. Read the comment docs.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
Thanks @tysonmatanich for the PR, but I also imagine this is an issue of trust with the plugin.
If you look at the source that gets generated by this plugin, you shouldn't see any variables exposed that you didn't explicitly request. Unless there is something else I am missing, you shouldn't need to worry about exposing variables unless your users have a way to inject code, in which I think you could have a bigger problem on your hands.
If you could please help me out with a use-case so I can better understand this particular issue.
