DEV Community

Cover image for Node.js 20.6.0: Say Goodbye to 'dotenv'
Shahid Alam
Shahid Alam

Posted on

Node.js 20.6.0: Say Goodbye to 'dotenv'

Unveiling Node.js 20.6.0

If you're a Node.js developer, you're probably familiar with the 'dotenv' package. It's been a trusty companion for managing environment variables in your Node.js applications. However, with the recent release of Node.js version 20.6.0, managing environment variables just got a whole lot easier, and the need for 'dotenv' is becoming a thing of the past.

What's New in Node.js 20.6.0?

Node.js is constantly evolving, and version 20.6.0 brings some exciting updates. One of the most notable changes is the built-in support for .env files. This means you no longer need to rely on external packages like 'dotenv' to handle your environment variables. Node.js itself can now seamlessly load them from a .env file.

Why Is This a Big Deal?

🔒Enhanced Security: Now you don't have to depend on third-party packages for importing and using .env variables in your code eliminating the risk of any kind of vulnerability.

🌐Streamlined Workflow: With built-in .env file support, your development workflow becomes more straightforward. You don't need to install and configure 'dotenv' or any other third-party packages. Node.js takes care of it for you, reducing the complexity of your project setup(and lighter!).

đŸ’ŒCleaner and More Maintainable Code: Hardcoding environment variables into your code can make it messy and hard to maintain. It's also a hassle to change them when needed. By using .env files, you keep your codebase clean and make it easier to update configurations as your project evolves.

How to Use .env Files in Node.js 20.6.0

Using .env files in Node.js 20.6.0 is straightforward:

  1. Create a .env File: Start by creating a .env file in the root directory of your project. In this file, you can define your environment variables, each with its corresponding value. For example:
API_KEY=mysecretkey
DATABASE_URL=mongodb://localhost/mydb
DEBUG=true
Enter fullscreen mode Exit fullscreen mode
  1. Run Your Application: To load the environment variables from your .env file, simply run your Node.js application with the --env-file flag, like this:
node --env-file .env
Enter fullscreen mode Exit fullscreen mode

So, why wait? Upgrade to Node.js 20.6.0 and start enjoying the benefits of a cleaner, more secure, and streamlined development process. Your Node.js projects will thank you!

Happy coding! 🚀

Top comments (24)

Collapse
 
khuongduybui profile image
Duy K. Bui

Does it support an env file like this?

DATABASE_NAME=mydb
DATABASE_HOST=localhost
DATABASE_URL=mongodb://$DATABASE_HOST/$DATABASE_NAME
Enter fullscreen mode Exit fullscreen mode
Collapse
 
webjose profile image
José Pablo Ramírez Vargas

Funny how 2 authors made the same article (not same same, but same topic) within the hour.

Anyway, I don't know dotenv, as I evade it like a plague. I created wj-config to be able to use hierarchical configuration files. Your environment names are one underscore away from being compatible with wj-config to produce a configuration object like this:

import { config } from './config.js';

console.log(config.database.name);
console.log(config.database.host);
console.log(config.database.url);
Enter fullscreen mode Exit fullscreen mode
Collapse
 
vineyrawat profile image
Viney Rawat

But we use .env to prevent such mistakes that you are doing 😅

Collapse
 
justaguyfrombr profile image
Misael Braga de Bitencourt

If you want to configure it with JSON. Why not use the package.json?

Thread Thread
 
leopp33 profile image
Leo Paxtian • Edited

I think, We must be careful with sensitive information, that's the reason We named "secrets.env" in most cases, for example. It's information that doesn't "travel" with application code, in repositories or control version services as Git neither. It must be a singular file that store passwords, server names, database names, specific urls because would be exposed them all.

Otherwise, Do you ask for other reason?
:)

Thread Thread
 
webjose profile image
José Pablo Ramírez Vargas

What do you mean? I require one base configuration file, plus at least one environment-specific file per environment for a single application. Package.json will give me just one JSON. The rest?

Thread Thread
 
aguerram profile image
Mostafa Aguerram

Storing secrets in package.json is a security risk as it can be accessed in version control systems, and it goes against best practices. Use environment variables or a secret management system instead.

Thread Thread
 
webjose profile image
José Pablo Ramírez Vargas

I don't follow at all. Who's saying secrets should be in a JSON document?

Collapse
 
cjreads665 profile image
Shahid Alam

Yeah sure. For reference I've given an example in the article.
Thanks for reading!

Collapse
 
samucadev profile image
SamucaDev

Great post!

Collapse
 
shubhankarval profile image
Shubhankar Valimbe

That's great news! No more 'dotenv' dependencies means enhanced security, a smoother workflow, and cleaner code. It's a win-win all around!

Collapse
 
rameshkannan0078 profile image
Ramesh Kannan

it will make life easier

Collapse
 
coolaj86 profile image
AJ ONeal (formerly @solderjs)

The problem, however, is that it's effectively DOA (useless) because you can't use it in NODE_OPTS (it's blacklisted) and there's no way to pass it through to npm, so no npm scripts (such as npm run start or npm run build) can use it.

If and when npm adds an option for it, then we can celebrate.

Also, I highly doubt it follows the spec. If it does that would be amazing, but most tools just wing it, compleletly ignoring the POSIX ENV rules escapes, quotes, etc.

Collapse
 
adaptive-shield-matrix profile image
Adaptive Shield Matrix

I think with bun 1.0 out -> one can completely ditch nodejs/npm/pnpm/yarn and just use bun.
Bun has support for dotenv and many more features while being 5-10x faster.

Collapse
 
florianrappl profile image
Florian Rappl

There are still way too many things not working with Bun. Please don't just blindly follow the hype train.

I know Bun is great and they already achieved a lot, but just as one example not having support for popular private registries makes it a classic no go for larger enterprise projects. Likewise, zig is not 1.0 and the reason is security - so Bun is essentially right now insecure by design. All of that will be solved eventually but it's not a blind replacement.

Collapse
 
webjose profile image
José Pablo Ramírez Vargas

I don't see Bun in TechEmpower's last year benchmarks. Where do you get the benchmarking information from?

Collapse
 
adaptive-shield-matrix profile image
Adaptive Shield Matrix

Bun 1.0 released only a few days ago

Here is the PR to add bun to the benchmark
github.com/TechEmpower/FrameworkBe...

Thread Thread
 
webjose profile image
José Pablo Ramírez Vargas

So the 4-10X is just an assumption so far. I see. Well, hopefully it will do nicely.

Thread Thread
 
adaptive-shield-matrix profile image
Adaptive Shield Matrix

The speed increase is mostly in running dev tasks, like test, install package dependencies, running/starting typescript code.
The main advantage is having many features build in like typescript, dotenv, esm+commonjs+both support , not having to configure a test runner, etc. Very important especially for beginners (not having to wrestle with countless configurations of different tools).

I do not expect the web framework itself to be faster, especially against performance-system language oriented languages like rust, c++.
We do not use JS/TS language because of the fastest code execution / running speed, but because it is faster in development speed - to write/create software: backend and frontend.

Collapse
 
hermanlooveren profile image
Herman Van Looveren

Just a question regarding Node CLI
i tried to add the .env in my package.json in a Node CLI application but it does not work:
{
"name": "myapp",
"version": "1.0.0",
"description": "",
"main": "app.js",
"type": "module",
"bin": {
"mycli": "--env-file=config.env /apps/app.js"
},
"keywords": [],...

i tried "mycli": "--env-file=config.env /apps/app.js" and
"mycli": "--env-file config.env /apps/app.js"

but running mycli in terminal does not load the .env
I use node 20.8.0

Any help would be greatl Thanks

Collapse
 
eerk profile image
eerk • Edited

This is actually generating a very strange error: The punycode module is deprecated. Please use a userland alternative instead.

Where is this "userland" you speak of ?

Collapse
 
scottlexium profile image
Scottlexium

nice

Collapse
 
rameshkannan0078 profile image
Ramesh Kannan

Its been long we are using dotenv package.Now we have the rid of it thanks to nodejs

Collapse
 
jayeshataugmont profile image
jayeshataugmont

how can we use this with sequelize-cli?
default support of .env works file for node command
but if we need to load db config from .env then it is not work for sequelize-cli