Systemvars array

[tysonmatanich]

Adding support for systemvars to also be an array of whitelisted variables. The allows using specific system variables without worrying about accidentally leaking others for better security.

new Dotenv({
  path: '.env',
  systemvars: ['VAR1', 'VAR2', 'VAR3'],
}),

[codecov[bot]]

Codecov Report

Merging #256 into master will increase coverage by 0.09%. The diff coverage is 100.00%.

@@            Coverage Diff             @@
##           master     #256      +/-   ##
==========================================
+ Coverage   98.69%   98.78%   +0.09%     
==========================================
  Files           2        2              
  Lines         153      165      +12     
  Branches       38       40       +2     
==========================================
+ Hits          151      163      +12     
  Misses          2        2              

Impacted Files	Coverage Δ
src/index.js	98.50% <100.00%> (+0.14%)	:arrow_up:
index.js	98.97% <0.00%> (+0.06%)	:arrow_up:

---

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update c2c3b15...90b6464. Read the comment docs.

[mrsteele]

Thanks @tysonmatanich for the PR, but I also imagine this is an issue of trust with the plugin.

If you look at the source that gets generated by this plugin, you shouldn't see any variables exposed that you didn't explicitly request. Unless there is something else I am missing, you shouldn't need to worry about exposing variables unless your users have a way to inject code, in which I think you could have a bigger problem on your hands.

If you could please help me out with a use-case so I can better understand this particular issue.

[tysonmatanich]

Closing due to the new environment variable experience on Netlify and lack of interest by others.