Gathering detailed insights and metrics for next-env
Gathering detailed insights and metrics for next-env
Automatic static (build-time) or runtime environment variables injection for Next.js
Installations
npm install next-envDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Node Version
13.7.0
NPM Version
6.14.2
Score
46.1
Supply Chain
76.7
Quality
74.4
Maintenance
100
Vulnerability
91.4
License
Releases
Unable to fetch releases
Languages
1
JavaScript
JavaScript (100%)
Developer
formatlos
Download Statistics
Total Downloads
2,628,669
Last Day
273
Last Week
5,704
Last Month
27,786
Last Year
366,770
GitHub Statistics
87 Stars
12 Commits
3 Forks
1 Watchers
16 Branches
1 Contributors
Updated on Mar 10, 2025
Bundle Size
1.53 kB
Minified
848.00 B
Minified + Gzipped
Maintainers
1
Package Meta Information
Latest Version
1.1.1
Package Id
next-env@1.1.1
Unpacked Size
6.88 kB
Size
2.58 kB
File Count
5
NPM Version
6.14.2
Node Version
13.7.0
Total Downloads
Cumulative downloads
Total Downloads
2,628,669
next-env
Automatic static (build-time) or runtime environment variables injection for Next.js.
The plugin doesn't handle loading of dotenv files. Use dotenv or dotenv-load.
Installation
1npm install --save next-env dotenv-load
or
1yarn add next-env dotenv-load
How it works
Your project can consume variables declared in your environment as if they were declared locally in your JS files.
By default any environment variables starting with NEXT_STATIC_ will be embedded in the js bundles on build time.
Variables starting with NEXT_PUBLIC_ are injected on runtime (using Next.js publicRuntimeConfig internally).
On node-side (SSR) all environment variables are available by default, but it is a good idea to follow the naming convention NEXT_SERVER_.
Usage
Simple
This module exposes a function that allows to configure the plugin.
In your next.config.js:
1const nextEnv = require('next-env'); 2const dotenvLoad = require('dotenv-load'); 3 4dotenvLoad(); 5 6const withNextEnv = nextEnv(); 7 8module.exports = withNextEnv({ 9 // Your Next.js config. 10});
In your .env:
NEXT_SERVER_TEST_1=ONLY_ON_SSR
NEXT_PUBLIC_TEST_1=INJECTED_BY_SSR
NEXT_STATIC_TEST_1=STATIC_TEXT
In your pages/index.js:
1export default () => ( 2 <ul> 3 <li>{process.env.NEXT_SERVER_TEST_1}</li> 4 <li>{process.env.NEXT_PUBLIC_TEST_1}</li> 5 <li>{process.env.NEXT_STATIC_TEST_1}</li> 6 </ul> 7)
In the above example the output of process.env.NEXT_SERVER_TEST_1 should only be visible until client-side rendering kicks in.
Advanced
In your next.config.js:
1const nextEnv = require('next-env'); 2const dotenvLoad = require('dotenv-load'); 3 4dotenvLoad(); 5 6const withNextEnv = nextEnv({ 7 staticPrefix: 'CUSTOM_STATIC_', 8 publicPrefix: 'CUSTOM_PUBLIC_', 9}); 10 11module.exports = withNextEnv({ 12 // Your Next.js config. 13});
In your .env:
CUSTOM_SERVER_TEST_1=ONLY_ON_SSR
CUSTOM_PUBLIC_TEST_1=INJECTED_BY_SSR
CUSTOM_STATIC_TEST_1=STATIC_TEXT
with next-compose-plugins
In your next.config.js:
1const withPlugins = require('next-compose-plugins'); 2const nextEnv = require('next-env'); 3const dotenvLoad = require('dotenv-load'); 4 5dotenvLoad(); 6 7const nextConfig = { 8 // Your Next.js config. 9}; 10 11module.exports = withPlugins([ 12 13 nextEnv({ 14 staticPrefix: 'CUSTOM_STATIC_', 15 publicPrefix: 'CUSTOM_PUBLIC_', 16 }), 17 18 // another plugin with a configuration 19 [typescript, { 20 typescriptLoaderOptions: { 21 transpileOnly: false, 22 }, 23 }], 24 25], nextConfig);
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
Found 0/8 approved changesets -- score normalized to 0
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
license file not detected
Details
- Warn: project does not have a license file
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 5 are checked with a SAST tool
Reason
86 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-6chw-6frg-f759
- Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw
- Warn: Project is vulnerable to: GHSA-whgm-jr23-g3j9
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-x9w5-v3q2-3rhw
- Warn: Project is vulnerable to: GHSA-w8qv-6jwh-64r5
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-7gc6-qh9x-w6h8
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
- Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
- Warn: Project is vulnerable to: GHSA-vh7m-p724-62c2
- Warn: Project is vulnerable to: GHSA-r9p9-mrjm-926w
- Warn: Project is vulnerable to: GHSA-434g-2637-qmqr
- Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m
- Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw
- Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p
- Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747
- Warn: Project is vulnerable to: GHSA-vjh7-7g9h-fjfh
- Warn: Project is vulnerable to: GHSA-4gmj-3p3h-gm8h
- Warn: Project is vulnerable to: GHSA-74fj-2j2h-c42q
- Warn: Project is vulnerable to: GHSA-pw2r-vq6v-hr8c
- Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
- Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
- Warn: Project is vulnerable to: GHSA-ww39-953v-wcq6
- Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj
- Warn: Project is vulnerable to: GHSA-6x33-pw7p-hmpq
- Warn: Project is vulnerable to: GHSA-qqgx-2p2h-9c37
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-8cf7-32gw-wr33
- Warn: Project is vulnerable to: GHSA-hjrf-2m68-5959
- Warn: Project is vulnerable to: GHSA-qwph-4952-7xr6
- Warn: Project is vulnerable to: GHSA-6c8f-qphg-qjgp
- Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq
- Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488
- Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g
- Warn: Project is vulnerable to: GHSA-4xc9-xhrj-v574
- Warn: Project is vulnerable to: GHSA-x5rq-j2xg-h7qm
- Warn: Project is vulnerable to: GHSA-jf85-cpcp-j695
- Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
- Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
- Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
- Warn: Project is vulnerable to: GHSA-4xcv-9jjx-gfj3
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m
- Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-fhjf-83wg-r2j9
- Warn: Project is vulnerable to: GHSA-vxf5-wxwp-m7g9
- Warn: Project is vulnerable to: GHSA-25mp-g6fv-mqxx
- Warn: Project is vulnerable to: GHSA-c59h-r6p8-q9wc
- Warn: Project is vulnerable to: GHSA-qpjv-v59x-3qc4
- Warn: Project is vulnerable to: GHSA-w7rc-rwvf-8q5r
- Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g
- Warn: Project is vulnerable to: GHSA-cwx2-736x-mf6w
- Warn: Project is vulnerable to: GHSA-v39p-96qg-c8rf
- Warn: Project is vulnerable to: GHSA-8v63-cqqc-6r2c
- Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-h7cp-r72f-jxh6
- Warn: Project is vulnerable to: GHSA-v62p-rq8g-8h59
- Warn: Project is vulnerable to: GHSA-566m-qj78-rww5
- Warn: Project is vulnerable to: GHSA-hwj9-h5mp-3pm3
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-hxcc-f52p-wc94
- Warn: Project is vulnerable to: GHSA-4g88-fppr-53pp
- Warn: Project is vulnerable to: GHSA-4jqc-8m5r-9rpr
- Warn: Project is vulnerable to: GHSA-g4rg-993r-mgx7
- Warn: Project is vulnerable to: GHSA-vx3p-948g-6vhq
- Warn: Project is vulnerable to: GHSA-3jfq-g458-7qm9
- Warn: Project is vulnerable to: GHSA-r628-mhmh-qjhw
- Warn: Project is vulnerable to: GHSA-9r2w-394v-53qc
- Warn: Project is vulnerable to: GHSA-5955-9wpr-37jh
- Warn: Project is vulnerable to: GHSA-qq89-hq3f-393p
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc
- Warn: Project is vulnerable to: GHSA-wr3j-pwj9-hqq6
- Warn: Project is vulnerable to: GHSA-c4w7-xm78-47vh
- Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp
Score
1.3
/10
Last Scanned on 2025-06-30
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More