Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
M
M
monochromer2018-12-24 10:35:38
System administration
monochromer, 2018-12-24 10:35:38

How can Node.js protect process.env from being read by 3rd party npm packages?

Very often, all sorts of settings, such as connecting to databases, are passed as environment variables. But any third party script can read process.env . How to protect yourself from this?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

4 answer(s)
Report
A
Andrey, 2018-12-25
@VladimirAndreev

Run the application under it by the created user, making the config file available only to this user.

Report
O
ofigenn, 2018-12-25
@ofigenn

At the beginning of index.js (before the first require) copy process.env and replace it with an empty object)

Report
A
Alexey Stupenkov, 2018-12-26
@alexstup

Don't pass data through environment

Report
I
index0h, 2018-12-29
@index0h

To the fullest - none

Similar questions
C
ciedooy2017-10-03 16:23:14
How to proxy all traffic between two VDS? 2Reply
C
Cyril2020-02-21 19:24:37
Is L2TP secure without IPSec? Compared to PPTP? 4Reply
D
Dmitry2017-10-05 21:24:27
Remote work as a system administrator. How relevant in 2017? 10Reply
Z
Zar7472020-02-25 13:30:40
SMI-S for EMC VNX, otherwise all the links on the dell website are dead or how to download? 0Reply
V
Viktor Familyevich2017-10-09 14:38:19
How to correctly set the site directory in ISPManager 5? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question