npmpackage.info

Gathering detailed insights and metrics for next-env

next-env

Automatic static (build-time) or runtime environment variables injection for Next.js

1.1.1

JavaScript

Installations

npm install next-env

Pull Requests

Open

14

Total

21

Closed

5

Merged

2

Issues

Open

0

Total

4

Closed

4

Releases

Unable to fetch releases

Developer

formatlos

Developer Guide

BETA

Module System

CommonJS

Min. Node Version

Typescript Support

No

Node Version

13.7.0

NPM Version

6.14.2 Statistics

87 Stars

12 Commits

3 Forks

2 Watching

16 Branches

1 Contributors

Updated on 15 Oct 2024

Languages

JavaScript (100%)

Total Downloads

Cumulative downloads

Total Downloads

2,464,338

Last day

7.5%

1,189

Compared to previous day

Last week

3.2%

6,387

Compared to previous week

Last month

-16.4%

28,890

Compared to previous month

Last year

-17.4%

450,103

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Peer Dependencies

Dev Dependencies

next webpack

Versions

next-env

Automatic static (build-time) or runtime environment variables injection for Next.js.

The plugin doesn't handle loading of dotenv files. Use dotenv or dotenv-load.

Installation

1npm install --save next-env dotenv-load

1yarn add next-env dotenv-load

How it works

Your project can consume variables declared in your environment as if they were declared locally in your JS files.

By default any environment variables starting with NEXT_STATIC_ will be embedded in the js bundles on build time. Variables starting with NEXT_PUBLIC_ are injected on runtime (using Next.js publicRuntimeConfig internally). On node-side (SSR) all environment variables are available by default, but it is a good idea to follow the naming convention NEXT_SERVER_.

Usage

Simple

This module exposes a function that allows to configure the plugin.

In your next.config.js:

1const nextEnv = require('next-env');
2const dotenvLoad = require('dotenv-load');
3
4dotenvLoad();
5
6const withNextEnv = nextEnv();
7
8module.exports = withNextEnv({
9  // Your Next.js config.
10});

In your .env:

NEXT_SERVER_TEST_1=ONLY_ON_SSR
NEXT_PUBLIC_TEST_1=INJECTED_BY_SSR
NEXT_STATIC_TEST_1=STATIC_TEXT

In your pages/index.js:

1export default () => (
2  <ul>
3    <li>{process.env.NEXT_SERVER_TEST_1}</li>
4    <li>{process.env.NEXT_PUBLIC_TEST_1}</li>
5    <li>{process.env.NEXT_STATIC_TEST_1}</li>
6  </ul>
7)

In the above example the output of process.env.NEXT_SERVER_TEST_1 should only be visible until client-side rendering kicks in.

Advanced

In your next.config.js:

1const nextEnv = require('next-env');
2const dotenvLoad = require('dotenv-load');
3
4dotenvLoad();
5
6const withNextEnv = nextEnv({
7  staticPrefix: 'CUSTOM_STATIC_',
8  publicPrefix: 'CUSTOM_PUBLIC_',
9});
10
11module.exports = withNextEnv({
12  // Your Next.js config.
13});

In your .env:

CUSTOM_SERVER_TEST_1=ONLY_ON_SSR
CUSTOM_PUBLIC_TEST_1=INJECTED_BY_SSR
CUSTOM_STATIC_TEST_1=STATIC_TEXT

with next-compose-plugins

In your next.config.js:

1const withPlugins = require('next-compose-plugins');
2const nextEnv = require('next-env');
3const dotenvLoad = require('dotenv-load');
4
5dotenvLoad();
6
7const nextConfig = {
8  // Your Next.js config.
9};
10
11module.exports = withPlugins([
12
13  nextEnv({
14    staticPrefix: 'CUSTOM_STATIC_',
15    publicPrefix: 'CUSTOM_PUBLIC_',
16  }),
17
18  // another plugin with a configuration
19  [typescript, {
20    typescriptLoaderOptions: {
21      transpileOnly: false,
22    },
23  }],
24
25], nextConfig);

No vulnerabilities found.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

0

Maintained

Determines if the project is "actively maintained".

0

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Security-Policy

Determines if the project has published a security policy.

0

Fuzzing

Determines if the project uses fuzzing.

0

License

Determines if the project has defined a license.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

0

SAST

Determines if the project uses static code analysis.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Reason

79 existing vulnerabilities detected

Details

Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
Warn: Project is vulnerable to: GHSA-6chw-6frg-f759
Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw
Warn: Project is vulnerable to: GHSA-whgm-jr23-g3j9
Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25
Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
Warn: Project is vulnerable to: GHSA-x9w5-v3q2-3rhw
Warn: Project is vulnerable to: GHSA-w8qv-6jwh-64r5
Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
Warn: Project is vulnerable to: GHSA-7gc6-qh9x-w6h8
Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
Warn: Project is vulnerable to: GHSA-vh7m-p724-62c2
Warn: Project is vulnerable to: GHSA-r9p9-mrjm-926w
Warn: Project is vulnerable to: GHSA-434g-2637-qmqr
Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m
Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw
Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p
Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747
Warn: Project is vulnerable to: GHSA-4gmj-3p3h-gm8h
Warn: Project is vulnerable to: GHSA-74fj-2j2h-c42q
Warn: Project is vulnerable to: GHSA-pw2r-vq6v-hr8c
Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
Warn: Project is vulnerable to: GHSA-ww39-953v-wcq6
Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj
Warn: Project is vulnerable to: GHSA-6x33-pw7p-hmpq
Warn: Project is vulnerable to: GHSA-qqgx-2p2h-9c37
Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
Warn: Project is vulnerable to: GHSA-8cf7-32gw-wr33
Warn: Project is vulnerable to: GHSA-hjrf-2m68-5959
Warn: Project is vulnerable to: GHSA-qwph-4952-7xr6
Warn: Project is vulnerable to: GHSA-6c8f-qphg-qjgp
Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq
Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488
Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g
Warn: Project is vulnerable to: GHSA-4xc9-xhrj-v574
Warn: Project is vulnerable to: GHSA-x5rq-j2xg-h7qm
Warn: Project is vulnerable to: GHSA-jf85-cpcp-j695
Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
Warn: Project is vulnerable to: GHSA-4xcv-9jjx-gfj3
Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m / GHSA-xvch-5gv4-984h
Warn: Project is vulnerable to: GHSA-fhjf-83wg-r2j9
Warn: Project is vulnerable to: GHSA-vxf5-wxwp-m7g9
Warn: Project is vulnerable to: GHSA-25mp-g6fv-mqxx
Warn: Project is vulnerable to: GHSA-c59h-r6p8-q9wc
Warn: Project is vulnerable to: GHSA-w7rc-rwvf-8q5r
Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g
Warn: Project is vulnerable to: GHSA-cwx2-736x-mf6w
Warn: Project is vulnerable to: GHSA-v39p-96qg-c8rf
Warn: Project is vulnerable to: GHSA-8v63-cqqc-6r2c
Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
Warn: Project is vulnerable to: GHSA-566m-qj78-rww5
Warn: Project is vulnerable to: GHSA-hwj9-h5mp-3pm3
Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
Warn: Project is vulnerable to: GHSA-hxcc-f52p-wc94
Warn: Project is vulnerable to: GHSA-4g88-fppr-53pp
Warn: Project is vulnerable to: GHSA-4jqc-8m5r-9rpr
Warn: Project is vulnerable to: GHSA-g4rg-993r-mgx7
Warn: Project is vulnerable to: GHSA-vx3p-948g-6vhq
Warn: Project is vulnerable to: GHSA-3jfq-g458-7qm9
Warn: Project is vulnerable to: GHSA-r628-mhmh-qjhw
Warn: Project is vulnerable to: GHSA-9r2w-394v-53qc
Warn: Project is vulnerable to: GHSA-5955-9wpr-37jh
Warn: Project is vulnerable to: GHSA-qq89-hq3f-393p
Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc
Warn: Project is vulnerable to: GHSA-wr3j-pwj9-hqq6
Warn: Project is vulnerable to: GHSA-c4w7-xm78-47vh
Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp

Score

1.3

/10

Last Scanned on 2024-11-25

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More