Unveiling Node.js 20.6.0
If you're a Node.js developer, you're probably familiar with the 'dotenv' package. It's been a trusty companion for managing environment variables in your Node.js applications. However, with the recent release of Node.js version 20.6.0, managing environment variables just got a whole lot easier, and the need for 'dotenv' is becoming a thing of the past.
What's New in Node.js 20.6.0?
Node.js is constantly evolving, and version 20.6.0 brings some exciting updates. One of the most notable changes is the built-in support for .env files. This means you no longer need to rely on external packages like 'dotenv' to handle your environment variables. Node.js itself can now seamlessly load them from a .env file.
Why Is This a Big Deal?
đEnhanced Security: Now you don't have to depend on third-party packages for importing and using .env variables in your code eliminating the risk of any kind of vulnerability.
đStreamlined Workflow: With built-in .env file support, your development workflow becomes more straightforward. You don't need to install and configure 'dotenv' or any other third-party packages. Node.js takes care of it for you, reducing the complexity of your project setup(and lighter!).
đŒCleaner and More Maintainable Code: Hardcoding environment variables into your code can make it messy and hard to maintain. It's also a hassle to change them when needed. By using .env files, you keep your codebase clean and make it easier to update configurations as your project evolves.
How to Use .env Files in Node.js 20.6.0
Using .env files in Node.js 20.6.0 is straightforward:
- Create a .env File: Start by creating a .env file in the root directory of your project. In this file, you can define your environment variables, each with its corresponding value. For example:
API_KEY=mysecretkey
DATABASE_URL=mongodb://localhost/mydb
DEBUG=true
- Run Your Application: To load the environment variables from your .env file, simply run your Node.js application with the --env-file flag, like this:
node --env-file .env
So, why wait? Upgrade to Node.js 20.6.0 and start enjoying the benefits of a cleaner, more secure, and streamlined development process. Your Node.js projects will thank you!
Happy coding! đ
Top comments (24)
Does it support an env file like this?
Funny how 2 authors made the same article (not same same, but same topic) within the hour.
Anyway, I don't know dotenv, as I evade it like a plague. I created wj-config to be able to use hierarchical configuration files. Your environment names are one underscore away from being compatible with wj-config to produce a configuration object like this:
But we use .env to prevent such mistakes that you are doing đ
If you want to configure it with JSON. Why not use the package.json?
I think, We must be careful with sensitive information, that's the reason We named "secrets.env" in most cases, for example. It's information that doesn't "travel" with application code, in repositories or control version services as Git neither. It must be a singular file that store passwords, server names, database names, specific urls because would be exposed them all.
Otherwise, Do you ask for other reason?
:)
What do you mean? I require one base configuration file, plus at least one environment-specific file per environment for a single application. Package.json will give me just one JSON. The rest?
Storing secrets in package.json is a security risk as it can be accessed in version control systems, and it goes against best practices. Use environment variables or a secret management system instead.
I don't follow at all. Who's saying secrets should be in a JSON document?
Yeah sure. For reference I've given an example in the article.
Thanks for reading!
Great post!
That's great news! No more 'dotenv' dependencies means enhanced security, a smoother workflow, and cleaner code. It's a win-win all around!
it will make life easier
The problem, however, is that it's effectively DOA (useless) because you can't use it in NODE_OPTS (it's blacklisted) and there's no way to pass it through to
npm
, so no npm scripts (such asnpm run start
ornpm run build
) can use it.If and when
npm
adds an option for it, then we can celebrate.Also, I highly doubt it follows the spec. If it does that would be amazing, but most tools just wing it, compleletly ignoring the POSIX ENV rules escapes, quotes, etc.
I think with bun 1.0 out -> one can completely ditch nodejs/npm/pnpm/yarn and just use bun.
Bun has support for dotenv and many more features while being 5-10x faster.
There are still way too many things not working with Bun. Please don't just blindly follow the hype train.
I know Bun is great and they already achieved a lot, but just as one example not having support for popular private registries makes it a classic no go for larger enterprise projects. Likewise, zig is not 1.0 and the reason is security - so Bun is essentially right now insecure by design. All of that will be solved eventually but it's not a blind replacement.
I don't see Bun in TechEmpower's last year benchmarks. Where do you get the benchmarking information from?
Bun 1.0 released only a few days ago
Here is the PR to add bun to the benchmark
github.com/TechEmpower/FrameworkBe...
So the 4-10X is just an assumption so far. I see. Well, hopefully it will do nicely.
The speed increase is mostly in running dev tasks, like test, install package dependencies, running/starting typescript code.
The main advantage is having many features build in like typescript, dotenv, esm+commonjs+both support , not having to configure a test runner, etc. Very important especially for beginners (not having to wrestle with countless configurations of different tools).
I do not expect the web framework itself to be faster, especially against performance-system language oriented languages like rust, c++.
We do not use JS/TS language because of the fastest code execution / running speed, but because it is faster in development speed - to write/create software: backend and frontend.
Just a question regarding Node CLI
i tried to add the .env in my package.json in a Node CLI application but it does not work:
{
"name": "myapp",
"version": "1.0.0",
"description": "",
"main": "app.js",
"type": "module",
"bin": {
"mycli": "--env-file=config.env /apps/app.js"
},
"keywords": [],...
i tried "mycli": "--env-file=config.env /apps/app.js" and
"mycli": "--env-file config.env /apps/app.js"
but running mycli in terminal does not load the .env
I use node 20.8.0
Any help would be greatl Thanks
This is actually generating a very strange error:
The punycode module is deprecated. Please use a userland alternative instead.
Where is this "userland" you speak of ?
nice
Its been long we are using dotenv package.Now we have the rid of it thanks to nodejs
how can we use this with sequelize-cli?
default support of .env works file for node command
but if we need to load db config from .env then it is not work for sequelize-cli