Gathering detailed insights and metrics for dotenv-expand
Gathering detailed insights and metrics for dotenv-expand
Gathering detailed insights and metrics for dotenv-expand
Gathering detailed insights and metrics for dotenv-expand
dotenv-cra
Create React App style dotenv support for Node projects.
@maximumquiet/dotenv-expand
Expand environment variables using dotenv
dotenv-mono
This package permit to have a centralized dotenv on a monorepo. It also includes some extra features such as manipulation and saving of changes to the dotenv file, a default centralized file, and a file loader with ordering and priorities.
@cprize/dotenv-expand
Expand environment variables using dotenv
Variable expansion for dotenv. Expand variables already on your machine for use in your .env file.
npm install dotenv-expand
Typescript
Module System
Min. Node Version
Node Version
NPM Version
JavaScript (99.5%)
TypeScript (0.5%)
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
BSD-2-Clause License
1,011 Stars
267 Commits
98 Forks
5 Watchers
1 Branches
23 Contributors
Updated on Jul 08, 2025
Latest Version
12.0.2
Package Id
dotenv-expand@12.0.2
Unpacked Size
19.36 kB
Size
7.09 kB
File Count
9
NPM Version
10.9.2
Node Version
23.4.0
Published on
Apr 17, 2025
Cumulative downloads
Total Downloads
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
1
5
Special thanks to our sponsors
Dotenv-expand adds variable expansion on top of dotenv. If you find yourself needing to expand environment variables already existing on your machine, then dotenv-expand is your tool.
1# Install locally (recommended) 2npm install dotenv-expand --save
Or installing with yarn? yarn add dotenv-expand
Create a .env
file in the root of your project:
1PASSWORD="s1mpl3" 2DB_PASS=$PASSWORD
As early as possible in your application, import and configure dotenv and then expand dotenv:
1const dotenv = require('dotenv') 2const dotenvExpand = require('dotenv-expand') 3 4dotenvExpand.expand(dotenv.config()) 5 6console.log(process.env) // remove this after you've confirmed it is expanding
That's it. process.env
now has the expanded keys and values you defined in your .env
file.
dotenvExpand.expand(dotenv.config())
...
connectdb(process.env.DB_PASS)
Note: Consider using
dotenvx
instead of preloading. I am now doing (and recommending) so.It serves the same purpose (you do not need to require and load dotenv), has built-in expansion support, adds better debugging, and works with ANY language, framework, or platform. – motdotla
You can use the --require
(-r
) command line option to preload dotenv & dotenv-expand. By doing this, you do not need to require and load dotenv or dotenv-expand in your application code. This is the preferred approach when using import
instead of require
.
1$ node -r dotenv-expand/config your_script.js
The configuration options below are supported as command line arguments in the format dotenv_config_<option>=value
1$ node -r dotenv-expand/config your_script.js dotenv_config_path=/custom/path/to/your/env/vars
Additionally, you can use environment variables to set configuration options. Command line arguments will precede these.
1$ DOTENV_CONFIG_<OPTION>=value node -r dotenv-expand/config your_script.js
1$ DOTENV_CONFIG_ENCODING=latin1 node -r dotenv-expand/config your_script.js dotenv_config_path=/custom/path/to/.env
See tests/.env.test for simple and complex examples of variable expansion in your .env
file.
dotenv-expand
exposes one function:
expand
will expand your environment variables.
1const env = { 2 parsed: { 3 BASIC: 'basic', 4 BASIC_EXPAND: '${BASIC}', 5 BASIC_EXPAND_SIMPLE: '$BASIC' 6 } 7} 8 9console.log(dotenvExpand.expand(env))
Default: process.env
Specify an object to write your secrets to. Defaults to process.env
environment variables.
1const myEnv = {} 2const env = { 3 processEnv: myEnv, 4 parsed: { 5 HELLO: 'World' 6 } 7} 8dotenvExpand.expand(env) 9 10console.log(myEnv.HELLO) // World 11console.log(process.env.HELLO) // undefined
See a full list of rules here.
process.env
, for example pas$word
)?As of v12.0.0
dotenv-expand no longer expands process.env
.
If you need this ability, use dotenvx by shipping an encrypted .env file with your code - allowing safe expansion at runtime.
Use dotenvx as dotenv-expand does not support this.
dotenv-expand is a separate module (without knowledge of the loading of process.env
and the .env
file) and so cannot reliably know what to override.
See CONTRIBUTING.md
See CHANGELOG.md
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
Reason
4 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 3
Reason
7 existing vulnerabilities detected
Details
Reason
Found 1/22 approved changesets -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
Reason
project is not fuzzed
Details
Reason
branch protection not enabled on development/release branches
Details
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
Score
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More