{"id":22382450,"url":"https://github.com/jcoreio/defaultenv","last_synced_at":"2026-02-04T00:05:05.469Z","repository":{"id":78315208,"uuid":"93798499","full_name":"jcoreio/defaultenv","owner":"jcoreio","description":"Takes the suck out of launching your program with the right set of environment variables","archived":false,"fork":false,"pushed_at":"2021-11-20T02:59:06.000Z","size":464,"stargazers_count":1,"open_issues_count":6,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-10-24T08:28:01.750Z","etag":null,"topics":["es5"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jcoreio.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-06-08T23:00:05.000Z","updated_at":"2021-11-20T02:58:18.000Z","dependencies_parsed_at":"2023-03-22T00:47:18.876Z","dependency_job_id":null,"html_url":"https://github.com/jcoreio/defaultenv","commit_stats":{"total_commits":78,"total_committers":3,"mean_commits":26.0,"dds":"0.28205128205128205","last_synced_commit":"fa3a9be0b4109139fad3b3566f04ac04cba1438c"},"previous_names":[],"tags_count":13,"template":false,"template_full_name":null,"purl":"pkg:github/jcoreio/defaultenv","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jcoreio%2Fdefaultenv","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jcoreio%2Fdefaultenv/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jcoreio%2Fdefaultenv/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jcoreio%2Fdefaultenv/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jcoreio","download_url":"https://codeload.github.com/jcoreio/defaultenv/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jcoreio%2Fdefaultenv/sbom","scorecard":{"id":511692,"data":{"date":"2025-08-11","repo":{"name":"github.com/jcoreio/defaultenv","commit":"fa3a9be0b4109139fad3b3566f04ac04cba1438c"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":1.7,"checks":[{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.md:0","Info: FSF or OSI recognized license: MIT License: LICENSE.md:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 4 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"36 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92","Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q","Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38","Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc","Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-4q6p-r6v2-jvc5","Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97","Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j","Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22","Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp","Warn: Project is vulnerable to: GHSA-896r-f27r-55mw","Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h","Warn: Project is vulnerable to: GHSA-5v2h-r2cx-5xgj","Warn: Project is vulnerable to: GHSA-rrrm-qjm4-v8hf","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3","Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h","Warn: Project is vulnerable to: GHSA-qrpm-p2h7-hrv2","Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55","Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g","Warn: Project is vulnerable to: GHSA-hj9c-8jmm-8c52","Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp","Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6","Warn: Project is vulnerable to: GHSA-x2pg-mjhr-2m5x","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-4x5v-gmq8-25ch","Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5","Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36","Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3","Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7","Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-20T00:42:40.637Z","repository_id":78315208,"created_at":"2025-08-20T00:42:40.637Z","updated_at":"2025-08-20T00:42:40.637Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29062485,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-03T23:14:54.203Z","status":"ssl_error","status_checked_at":"2026-02-03T23:14:50.873Z","response_time":96,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["es5"],"created_at":"2024-12-05T00:13:03.476Z","updated_at":"2026-02-04T00:05:05.463Z","avatar_url":"https://github.com/jcoreio.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# defaultenv\n\n[![Build Status](https://travis-ci.org/jcoreio/defaultenv.svg?branch=master)](https://travis-ci.org/jcoreio/defaultenv)\n[![Coverage Status](https://codecov.io/gh/jcoreio/defaultenv/branch/master/graph/badge.svg)](https://codecov.io/gh/jcoreio/defaultenv)\n[![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg)](https://github.com/semantic-release/semantic-release)\n[![Commitizen friendly](https://img.shields.io/badge/commitizen-friendly-brightgreen.svg)](http://commitizen.github.io/cz-cli/)\n\nTakes the suck out of launching your server with various sets of environment variables\n\n## Table of Contents\n\n- [Intro](#intro)\n- [Usage](#usage)\n  - [`dotenv`-style files](#dotenv-style-files)\n  - [`.js` files](#js-files)\n  - [`.json` files](#json-files)\n  - [Single file](#single-file)\n  - [Multiple files](#multiple-files)\n  - [Notes](#notes)\n  - [Exporting Values](#exporting-values)\n  - [Options](#options)\n  - [Example](#example)\n  - [Node.js API](#node-js-api)\n\n## Intro\n\nLet's say you want to store development environment variables in `dev.env`, production environment variables in\n`prod.env`, and then somehow use those to launch your server. One common way to launch your server is with the `env`\ncommand:\n\n```sh\nenv $(\u003c dev.env | xargs) runserver\n```\n\nThis is a start, but it's pretty lackluster:\n\n- it overwrites any variables that are already set in your environment\n- it doesn't work on windows (and may not work in terminals besides `bash`...I have no idea)\n- it would be nice avoid wrapping `dev.env` in `$(\u003c` `| xargs)`\n- if you want to source multiple files, you have to type even more punctuation\n- you can't dynamically construct any values with code\n\n`defaultenv` makes this easy:\n\n```sh\ndefaultenv dev.env runserver\ndefaultenv devenv.js runserver\ndefaultenv prod.env staging.env -- runserver\ndefaultenv prod.env deployment.env -- runserver\n```\n\nYou can use either `dotenv`-style files, `.js` modules that export an object, or `.json` files to provide environment\nvariable defaults.\n\n## Usage\n\n### `.env` file\n\nIf this is present in the root directory of your project, variables will be loaded from it using\n[`dotenv`](https://www.npmjs.com/package/dotenv) unless you provide the `--no-dotenv` option.\n\n### `dotenv`-style files\n\n`defaultenv` uses [`dotenv`](https://www.npmjs.com/package/dotenv) to parse each file. Here's an example of what\nan env file should look like:\n\n```sh\nREDIS_HOST=localhost\nREDIS_PORT=6379\nDB_HOST=localhost\nDB_USER=root\nDYNAMO_ENDPOINT=\"http://localhost:8000\"\n```\n\n### `.js` files\n\nYou may use a node `.js` script that exports an object where all property values are strings, or a function that will be\ncalled with a small API. This is especially useful if you need to dynamically create default values for environment\nvariables with arbitrary code. If you need to refer to existing environment variables or defaults applied from prior files,\nyou are encouraged to use the function form.\n\n```js\nvar path = require('path')\nmodule.exports = function (env) {\n  env.setDefaults({\n    BUILD_DIR: path.resolve(__dirname, '..', 'build'),\n    REDIS_HOST: 'localhost',\n    REDIS_PORT: '6379',\n  })\n  if (env.get('TARGET')) {\n    env.setDefault(\n      'BUILD_DIR',\n      path.resolve(exports.BUILD_DIR, process.env.TARGET)\n    )\n  }\n}\n```\n\n(or)\n\n```js\nmodule.exports = {\n  BUILD_DIR: path.resolve(__dirname, '..', 'build'),\n  REDIS_HOST: 'localhost',\n  REDIS_PORT: '6379',\n}\n// referring to process.env is discouraged because it will work differently when defaultenv\n// is run with the --noExport option.\nif (process.env.TARGET) {\n  module.exports.BUILD_DIR = path.resolve(\n    module.exports.BUILD_DIR,\n    process.env.TARGET\n  )\n}\n```\n\n#### JS Env File API\n\nIf your `.js` file exports a function, it will be called with an object with the following methods:\n\n##### `get(key: string): ?string`\n\nGets the value of an environment variable.\n\n##### `setDefault(key: string, value: string)`\n\nSets the value of an environment variable if it is not already set.\n\n##### `setDefaults(defaults: {[key: string]: string})`\n\nCalls `setDefault` for each `key`-`value` pair in `defaults`.\n\n### `.json` files\n\nYou may use a JSON file that contains an object where all property values are strings:\n\n```json\n{\n  \"REDIS_HOST\": \"localhost\",\n  \"REDIS_PORT\": \"6379\",\n  \"DB_HOST\": \"localhost\",\n  \"DB_USER\": \"root\",\n  \"DYNAMO_ENDPOINT\": \"http://localhost:8000\"\n}\n```\n\n### Single file\n\n```sh\ndefaultenv \u003cenvfile\u003e \u003ccommand\u003e [...command args]\n```\n\n### Multiple files\n\nJust insert `--` between the env files and your command:\n\n```sh\ndefaultenv \u003cenvfile1\u003e \u003cenvfile2\u003e [...more envfiles] -- \u003ccommand\u003e [...command args]\n```\n\n### Notes\n\n- if `FOO` appears in more than one of the env files, the leftmost file in your arguments wins\n- if `FOO` is already defined in the environment `defaultenv` gets run with, `defaultenv` won't overwrite it\n- once an environment variable gets set to the empty string, `defaultenv` won't overwrite it\n\n### Exporting values\n\nSometimes it's more convenient to just export a bunch of variables to your terminal session so you can run a bunch of\ncommands with those variables instead of running each command via `defaultenv`.\n\nThe `-p` or `--print` option will make `defaultenv` output a bash script that will export the values it loaded from\nthe envfiles:\n\n```\n\u003e defaultenv -p foo.env\nexport FOO=foo\n```\n\nSo if you wrap this in `$( )` it will export them to your terminal session:\n\n```\n\u003e $(defaultenv -p foo.env)\n\u003e echo $FOO\nfoo\n```\n\n### Options\n\n#### `-f`, `--force`\n\nOverwrite existing values for environment variables (by default, existing values will be preserved)\n**This does not currently apply to variables loaded via `--dotenv` option.**\n\n#### `-p`, `--print`\n\nSee [Exporting Values](#exporting-values)\n\n#### `--no-dotenv`\n\nPrevents loading variables from a .env file in the root directory of your project\n\n### Example\n\n`foo.env`:\n\n```\nFOO=foo\n```\n\n`bar.env`:\n\n```\nFOO=hello\nBAR=bar\n```\n\n```\n\u003e node -p 'process.env.FOO'\n\n\u003e defaultenv foo.env node -p 'process.env.FOO'\nfoo\n\u003e defaultenv bar.env node -p 'process.env.FOO'\nhello\n\u003e defaultenv foo.env bar.env -- node -p 'process.env.FOO'\nfoo\n\u003e FOO=test defaultenv foo.env node -p 'process.env.FOO'\ntest\n\u003e defaultenv foo.env bar.env -- node -p 'process.env.FOO + process.env.BAR'\nfoobar\n```\n\n### Node.js API\n\n```js\ndeclare function defaultEnv(files: Array\u003cstring\u003e, options: {\n  force?: boolean,\n  print?: boolean,\n  noDotenv?: boolean,\n  noExport?: boolean,\n})\n```\n\n```js\nvar path = require('path')\nvar defaultEnv = require('defaultEnv')\n\nvar defaults = defaultEnv([path.resolve('foo.js')], { noExport: true })\n```\n\n#### Options\n\n#### `force`\n\nIf true, overwrite existing values for environment variables (by default, existing values will be preserved)\n**This does not currently apply to variables loaded via `--dotenv` option.**\n\n#### `print`\n\nSee [Exporting Values](#exporting-values)\n\n#### `noDotenv`\n\nUnless this is true, also loads variables from a .env file in the root directory of your project\n(by using `require('dotenv').config()`)\n\n##### `noExport`\n\nIf true, doesn't write to `process.env`; only returns the values that would be written.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjcoreio%2Fdefaultenv","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjcoreio%2Fdefaultenv","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjcoreio%2Fdefaultenv/lists"}