Node.js v .env files, import modules, and Permission Model

Node.js v20.6 was released with amazing new features that are part of the LTS versions from October 24th, 2023. Let's see!

The INI configuration files

Say goodbye to the dotenv package, now Node.js can load environment variables from a .env file.

node --env-file path/to/.env index.js

? The path to the INI file is required because Node.js didn't choose a default name for the INI file.

? If the INI file doesn't exist the node process didn't fail, just start running without the environment variables.

Loading NODE_OPTIONS

You can load Node.js' specific environment variables (like NODE_OPTIONS) using an INI configuration file like the following example:

NODE_NO_WARNINGS=1
NODE_OPTIONS="--experimental-permission --allow-fs-read=*"
TZ=Pacific/Honolulu
UV_THREADPOOL_SIZE=5

You can use this with the same method:

node --env-file .env index.js

Preload ES modules

Preload ES modules at startup using the --import flag, the module will be loaded before any application code runs, even the entry point.

node --import path/to/file.js index.js

This flag is similar to the well known --require flag used to load CommonJS modules.

? Modules preloaded with --require will run before modules preloaded with --import.

Permission Model

We have a new mechanism to restrict access to specific resources during the execution of a Node.js process called Permission Model. The API exists behind a flag --experimental-permission which, when enabled, will restrict access to all resources not explicitly allowed.

File System permissions

The --allow-fs-read flag allows all FileSystemRead operations using *, or to specific paths using absolute routes.

node --experimental-permission --allow-fs-read=* index.js

To only allow access to specific paths you should use absolute routes

node --experimental-permission --allow-fs-read=/path/to/index.js --allow-fs-read=/path/to/directory index.js

? The initializer module also needs to be allowed. Otherwise index.js file cannot be loaded by the Node.js process itself.

? You can use . to allow access to the working directory, but you can't use it to specify the path to a file (e.g. ./index.js).

node --experimental-permission --allow-fs-read=. index.js

The --allow-fs-write flag allows access to specific paths or the whole file system using *.

node --experimental-permission --allow-fs-read=. --allow-fs-write=/tmp/ index.js

Child Process

When the Permission Model is enabled, the process will not be able to spawn any child process by default, you should use the --allow-child-process to allow this operation. Let's use the following code for the index.js.

const childProcess = require('node:child_process');
childProcess.spawn('node', ['-e', 'require("fs").writeFileSync("./new-file.txt", "Hello, World!")']);

To run this snippet with the Permission Model enabled you should execute index.js using the following command:

node --experimental-permission --allow-fs-read . --allow-child-process index.js

? The child process doesn't inherit the Permission Model by default, that's why the new-file.txt is created successfully.

More options

You can check the --allow-worker flag if you want to create Worker Threads under this Permission Model and --allow-wasi to allow the creation of WASI instances

Conclusion

We have a lot of new tools to load environment variables for our application, a method to import preload ES modules required in our code and a new Permission Model to increase the security of our systems.

Stay tuned to the Node.js' blog, this team is adding awesome features in every version! We have initial TypeScript support and a Network Inspection using the DevTools in v22.6.0.

The above is the detailed content of Node.js v .env files, import modules, and Permission Model. For more information, please follow other related articles on the PHP Chinese website!