Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
M
M
monochromer2018-12-24 10:35:38
System administration
monochromer, 2018-12-24 10:35:38

How can Node.js protect process.env from being read by 3rd party npm packages?

Very often, all sorts of settings, such as connecting to databases, are passed as environment variables. But any third party script can read process.env . How to protect yourself from this?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

4 answer(s)
Report
A
Andrey, 2018-12-25
@VladimirAndreev

Run the application under it by the created user, making the config file available only to this user.

Report
O
ofigenn, 2018-12-25
@ofigenn

At the beginning of index.js (before the first require) copy process.env and replace it with an empty object)

Report
A
Alexey Stupenkov, 2018-12-26
@alexstup

Don't pass data through environment

Report
I
index0h, 2018-12-29
@index0h

To the fullest - none

Similar questions
S
Snezhinka72020-09-30 15:11:07
How to configure access from one VLAN to another? 1Reply
S
Stan Marsh2016-07-02 13:50:15
How to restrict Internet access? 5Reply
F
FJCrux2016-07-02 17:50:06
What is the software for partial database backups? 1Reply
A
Andrey2016-07-05 14:01:56
How to make intel 82574L card work on gigabit under 2012 r2? 2Reply
N
Nikolay Firsov2014-06-03 14:04:10
What VPN server supporting IKEv2 to put on linux? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question