Allow object destructure

[piranna]

dotenv-webpack/src/index.js

Lines 57 to 60 in 2c6abff

	const formatData = Object.keys(vars).reduce((obj, key) => {
	obj[`process.env.${key}`] = JSON.stringify(vars[key])
	return obj
	}, {})

dotenv-webpack is replacing the references to process.env at source code level, just doing a text replace. I use to do object destructure of process.env like const {foo} = process.env, so this is not changed and I end with process.env strings in the browser code.

As a quick solution it would be just enough to add a new replace for process.env to the content of JSON.stringify(vars). I know this probably will increase a lot the browser source code and also expose the secrets, so maybe this would need to be under an unsafe flag, but better than that would be instead to do a replacement of the exported constants at AST level, although this is more dificult than a simple text replacement.

[mrsteele]

This had been reviewed extensively here: #70 (comment)

The risk of security is far too important to move forward with this approach.

If you do not personally mind for your personal project, feel free to just load in all your env variables.

// webpack.config.js

// have not tested, but probably would look something like this:
const { parsed } = require('dotenv').config()

module.exports = {
  plugins: [
    new webpack.DefinePlugin({
      'process.env': parsed
    })
  ]
}

Since we have already covered this extensively in the other thread, I'm going to close this, but feel free to reopen if this is not the case.

[piranna]

Yes, I know this first approach has some serious security issues, as I pointed out the best one would be to work at AST level so it would be possible to do the replacements of the variables. Anyway, thanks for pointing out the example code, for some use cases it would be useful :-)