Reputation: 15
How can you use an environmental variable with an npm package
I have an npm package(written in node.js) that creates a GitHUb repository. I want to update the authorization to use an OAuth token. The Oauth token needs a client id and and a client secret which I need to keep secret. How do I include that in the npm package without revealing the information and compromising my credentials.
Upvotes: 1
Views: 1719
Answers (1)
Reputation: 60587
You don't include the token in your package, instead you would read it from your environment. You can then read those variables in your package.
For example, if you export the variables as environment variables, you can read them via procss.env.
var clientId = process.env.MY_CLIENT_ID;
var clientSecret = process.env.MY_CLIENT_SECRET;
console.log(clientId, clientSecret);
Then in your shell or dot files that init your shell, you can simple export the values.
export MY_CLIENT_ID='myid'
export MY_CLIENT_SECRET='mysecret'
For use with a continuous integration service, there should be a way to create secret or hidden environment variables (for example with Travis CI).
Alternately, if you need to use those same credentials, and you don't want people to be able to access those credentials, you would have to setup a server that accepts requests from clients and performs those actions using your credentials.
Upvotes: 1
Related Questions
- Passing environment variables in npm-scripts
- How to set environment variables from within package.json?
- How can I use SECRET_ENV in npm scripts inside of package.json?
- How to use env variables in npm scripts?
- npm adds whitespace when setting env variable in package.json
- Environment variable JavaScript
- How to get environment variable in npm script?
- How to specify an environment variable before npm install in package.json?
- Secret key in .env file doesn't work in NodeJS
- Setting env variable in package.json