- #783 (minor) - Add per-item leak-detection opt-out via
@sensitive={preventLeaks=false}. Secrets that legitimately leave the system (e.g. an API endpoint that returns a secret to another service) can be excluded from runtime leak detection while still being redacted in logs. The options form also acceptsenabledto toggle sensitivity (including dynamically, e.g.@sensitive={enabled=forEnv(production)}).
Adds standalone object ({key=value}) and array ([a, b, c]) literals to the env-spec grammar, usable as decorator values and function-call arguments (including nested).()remains reserved for function calls. - #786 (minor) -
@setValuesBulkand@importsupportpick/omitkey filters.
Filter which keys are brought in withpick(allowlist) oromit(denylist) array args — e.g.@setValuesBulk(opLoadEnvironment(env-id), pick=[API_KEY, DB_*])or@import(./.env.shared, omit=[LEGACY_TOKEN]). By default every key is included;pickandomitcan't be combined, and both accept simple globs (*,?).
For@import, listing keys as positional args (@import(./.env.shared, KEY1, KEY2)) is now deprecated in favor ofpick=[...]— it still works but warns.
Published to
- ✅ npm