npmpackage.info

Gathering detailed insights and metrics for dotenv-cra

Other packages similar to dotenv-cra

cra-template-sdw

1.1.58

The base SDW template for Create React App.

react-dotenv

0.1.3

Load environment variables dynamically for your React applications created with CRA (Create-React-App).

cra-template-orange

1.0.3

A Create React App Template with essential ready-to-code components and libraries.

cfs-dotenv

0.1.7

Load dotenv files like CRA in Create Full Stack.

Gathering detailed insights and metrics for dotenv-cra

dotenv-cra - 3.0.3 | npmpackage.info

dotenv-cra

Create React App style dotenv support for Node projects. Combine a base .env file with a .env.${NODE_ENV} file to create your optimum configuration.

3.0.3

MIT

TypeScript

1.37 kB

767,745 3.2

Installations

npm install dotenv-cra

Developer Guide

BETA

Typescript

No

Module System

CommonJS

Min. Node Version

>=12

Node Version

16.19.0

NPM Version

7.21.1 Score

75.9

Supply Chain

99.4

Quality

75.9

Maintenance

100

Vulnerability

100

License

Pull Requests

Open

14

Total

191

Closed

60

Merged

117

Issues

Open

1

Total

13

Closed

12

Releases

v3.0.3

Updated on Jan 20, 2023

v3.0.2

Updated on Sep 01, 2021

v3.0.1

Updated on Jul 05, 2021

v3.0.0

Updated on Jul 04, 2021

v2.2.0

Updated on Jul 04, 2021

v2.1.0

Updated on Jun 19, 2021

View All 12 releases

Languages

TypeScript

JavaScript

TypeScript (92.64%)

JavaScript (7.36%)

Developer

djdmbrwsk

Download Statistics

Total Downloads

767,745

Last Day

Last Week

3,585

Last Month

12,695

Last Year

171,060

GitHub Statistics

MIT License

9 Stars

187 Commits

1 Forks

2 Watchers

15 Branches

3 Contributors

Updated on Mar 25, 2025

Bundle Size

2.80 kB

Minified

1.37 kB

Minified + Gzipped

Bundlephobia

Maintainers

View All 3 Contributors

Package Meta Information

Latest Version

3.0.3

Package Id

dotenv-cra@3.0.3

Unpacked Size

9.78 kB

Size

4.04 kB

File Count

NPM Version

7.21.1

Node Version

16.19.0

Published on

Jan 20, 2023

Total Downloads

Cumulative downloads

Total Downloads

767,745

Last Day

124.1%

Compared to previous day

Last Week

20.6%

3,585

Compared to previous week

Last Month

-17.5%

12,695

Compared to previous month

Last Year

-19%

171,060

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

dotenv dotenv-expand

Dev Dependencies

@djdmbrwsk/common-semantic-release nts-scripts

dotenv-cra

Create React App style dotenv support for Node projects. Combine a base .env file with a .env.${NODE_ENV} file to create your optimum configuration.

Note: It's not recommended that you store secrets (like private API keys) in your .env file(s). Secret configuration values should be managed and provided as part of your hosting solution.

Install

npm i dotenv-cra

Usage

Not much new here. As with dotenv, import/require dotenv-cra and configure it as early as possible. This ensures that any modules reading values from process.env can retrieve the expected values.

⚠️ Warning: The NODE_ENV variable must be set, so you may choose to default it in your application before calling config().

1import { config } from 'dotenv-cra';
2
3process.env.NODE_ENV = process.env.NODE_ENV || 'development';
4config();

Note When using NodeJS v15 or higher you can use Logical Nullish Assignment as well:

1process.env.NODE_ENV ??= 'development';

At a minimum, create a base .env file in the root directory of your project with KEY=value entires on each line. However, if that's all you ever do, you don't need this library 😉. To see the real value of dotenv-cra, try creating a second .env.development file with some new and some overlapping KEY=value pairs.

# .env
LOG_LEVEL=info
PORT=3001

# .env.development
LOG_LEVEL=debug

# Loaded into process.env
LOG_LEVEL=debug
PORT=3001

What `.env` files can be used?

.env: Default.
.env.local: Local overrides. This file is loaded for all environments except test.
.env.development, .env.test, .env.production: Environment-specific settings.
.env.development.local, .env.test.local, .env.production.local: Local overrides of environment-specific settings.

Files on the left have more priority than files on the right:

npm start: .env.development.local, .env.local, .env.development, .env
npm test: .env.test.local, .env.test, .env (note .env.local is missing)

CRA Reference

Options

Env

Default: process.env.NODE_ENV

You may specify a custom environment if you don't want to base the .env.* files you load on NODE_ENV. For example, you may want NODE_ENV set to production, but you want to load the .env.staging file.

1dotenvCra.config({ env: process.env.AWS_ENV });

Prefix

Default: none

You may specify a required prefix for your dotenv variables. For example, you may want to prefix your variables with WEB_API_ to ensure there aren't any collisions with other environment variables.

1dotenvCra.config({ prefix: 'WEB_API_' });

Path

Default: path.resolve(process.cwd(), '.env')

You may specify a custom path if your file containing environment variables is located elsewhere. This will also be used as the basis for resolving the other .env.* files.

1dotenvCra.config({ path: '/full/custom/path/to/your/.env' });

Encoding

Default: utf8

You may specify the encoding of your file containing environment variables. Passed through to dotenv.

1dotenvCra.config({ encoding: 'latin1' });

Debug

Default: false

You may turn on logging to help debug why certain keys or values are not being set as you expect. Passed through to dotenv.

1dotenvCra.config({ debug: process.env.DEBUG });

Credits

Thanks to these projects for this simple yet powerful approach 👏

No vulnerabilities found.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

License

Determines if the project has defined a license.

6

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 6

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-build-test.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/djdmbrwsk/dotenv-cra/lint-build-test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-build-test.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/djdmbrwsk/dotenv-cra/lint-build-test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-build-test.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/djdmbrwsk/dotenv-cra/lint-build-test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-build-test.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/djdmbrwsk/dotenv-cra/lint-build-test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-build-test.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/djdmbrwsk/dotenv-cra/lint-build-test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-build-test.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/djdmbrwsk/dotenv-cra/lint-build-test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-build-test.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/djdmbrwsk/dotenv-cra/lint-build-test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-build-test.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/djdmbrwsk/dotenv-cra/lint-build-test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-build-test.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/djdmbrwsk/dotenv-cra/lint-build-test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint-build-test.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/djdmbrwsk/dotenv-cra/lint-build-test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/djdmbrwsk/dotenv-cra/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/djdmbrwsk/dotenv-cra/release.yml/master?enable=pin
Info: 0 out of 11 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 1 third-party GitHubAction dependencies pinned
Info: 5 out of 5 npmCommand dependencies pinned

0

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Maintained

Determines if the project is "actively maintained".

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Security-Policy

Determines if the project has published a security policy.

0

Fuzzing

Determines if the project uses fuzzing.

0

SAST

Determines if the project uses static code analysis.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Score

3.2

/10

Last Scanned on 2025-05-12

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

Other packages similar to dotenv-cra

Other packages similar to dotenv-cra

dotenv-cra

Installations

Developer Guide

No

CommonJS

>=12

16.19.0

7.21.1

Score

Pull Requests

14

191

60

117

Issues

1

13

12

Releases

Languages

Developer

djdmbrwsk

Download Statistics

GitHub Statistics

Bundle Size

2.80 kB

1.37 kB

Maintainers

Package Meta Information

Total Downloads

767,745

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

Dev Dependencies

dotenv-cra

Install

Usage

What .env files can be used?

Options

Env

Prefix

Path

Encoding

Debug

Credits

10

10

10

6

0

0

0

0

0

0

0

0

3.2

/10

What `.env` files can be used?