-
#871 (minor)
Add detection for Railway, AWS Amplify, Google Cloud Run, Deno Deploy, Zeabur, and Firebase App Hosting; detect dev sandboxes (CodeSandbox, StackBlitz, GitHub Codespaces, Gitpod, Replit) with isCI: false; add detectRuntime/detectOs and expose them as VARLOCK_RUNTIME/VARLOCK_OS builtin variables.Also fixes several incorrect env var names found during a std-env doc audit: GitHub Actions PR number (was reading a non-existent variable), GitLab MR number (was using the instance-wide ID instead of the IID), Netlify build URL (double
https://), Semaphore PR number (Classic-only variable), Azure Pipelines PR number (prefers the GitHub-facing number), and Bitbucket repo owner (deprecated variable). Adds repo extraction for Bitrise.A second pass against std-env's actual detection logic found three more real gaps: Vercel and Netlify now report
isCI: falsewhen running their local dev servers (vercel dev,netlify dev) instead of always reporting CI; StackBlitz detection now also requires the WebContainer runtime marker (matching std-env) instead of a weak SHELL-only heuristic that could misfire; anddetectRuntime'sisNodeflag now matches std-env's semantics (staystrueunder Bun/Deno's Node-compat mode). -
#873 (minor)
Add--filterflag toload/runfor selecting env vars by key/glob,@sensitive/@required, or tags (new@tag()item decorator). Also add a matchingfilter=arg to@generate*code-generation decorators, so a single schema can emit multiple generated files scoped to different subsets. -
#882 (patch)
Docs: clarify that _VARLOCK_ENV_KEY encrypts the injected env blob (not an encrypted() resolver), and drop the stale plugin count from the package README -
#874 (patch)
Fix:varlock load --format json-fullno longer includes@internalitems by default (pass--include-internalto opt in for local debugging). Framework integrations shell out to this exact command to get their injected config, so this closes a leak where an@internalsecret-zero credential could reach client/SSR runtime code. -
#868 (patch) - point README npm badges to npmx.dev
-
#884 (patch) - Refuse to write back encrypted values to non-regular source files (FIFO/pipe) with a clear error instead of blocking
Published to
- ✅ npm