I have a dependency in my package.json that's doing this
{
"my-lib": " "git+https://<token>:x-oauth-basic@github.com/myOrg/my-lib.git#v1.0.0"
}
How can I store token in .env and use it in package.json? exposing token in git is a bad practice.
Asked
Active
Viewed 108 times
1
Vienna J
- 71
- 5
-
`package.json` is a JSON file, JSON does not have notion of environment variables. more here : https://stackoverflow.com/questions/36962601/node-js-how-to-use-environment-variables-in-json-file – Ruzky Jan 16 '23 at 09:10
-
It's specific to your case (using a token for git dep), the question doesn't make sense in general. Check https://stackoverflow.com/questions/28728665/how-to-use-private-github-repo-as-npm-dependency – Estus Flask Jan 16 '23 at 09:24
-
@EstusFlask it makes sense because it worked, is it ok to expose my token in package.json? – Vienna J Jan 16 '23 at 22:33
-
@ViennaJ Seems reasonable to me, or use git+ssh, as suggested in the first answer – Estus Flask Jan 17 '23 at 05:03
-
@EstusFlask I stick with PAT as I can restrict their permission to read only, no harm – Vienna J Jan 18 '23 at 07:59