Skip to content

UWC2-JSCRIPT/jscript-330-sup-topic

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
.vscode
.vscode
 
 
public
public
 
 
screenshots
screenshots
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
index.js
index.js
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 

Repository files navigation

JSCRIPT 330 Supplemental Topic: dotenv Demo

Node.js demo project that shows how dotenv helps keep secrets like API keys out of your source code.

Overview

This project was created for a JSCRIPT 330 Supplemental Topic Presentation. The demo introduces dotenv, a small but important JavaScript library used in real-world development. The README.md is a bit of overkill but trying to practice my technical writing.

dotenv loads environment variables from a .env file into process.env, which allows applications to use secrets without hardcoding them directly into JavaScript files.

Why This Topic Matters

Hardcoding secrets such as API keys, passwords, or tokens inside JavaScript files is risky. If code is uploaded to GitHub, those secrets can be exposed.

dotenv solves this problem by:

  • keeping secrets in a separate .env file,
  • loading them into the application when it starts,
  • and allowing developers to safely access them using process.env.

What This Demo Shows

  • Creating a Node.js project
  • Installing dotenv
  • Creating a .env file
  • Reading a value with process.env.API_KEY
  • Using .gitignore so .env stays out of GitHub

Project Files

  • index.js - main JavaScript demo
  • .gitignore - excludes .env and node_modules
  • package.json - project configuration and dependency list
  • README.md - repository overview and instructions
  • LICENSE - simple MIT license file
  • screenshots/ - visual demo images you can use in slides or the repo

Local Project Location

/home/gdevops/Projects/JSCRIPT330B/jscript-330-sup-topic

GitHub Repository

https://github.com/gnaxc/jscript-330-sup-topic

Requirements

  • Node.js installed
  • npm installed
  • RHEL 10 desktop

Beginner-Friendly Explanation

Think of .env like a private note for your program. Your JavaScript code can read the note when it runs, but the note itself does not belong in public source code.

That means:

  • the app still gets the value it needs,
  • but GitHub does not expose that value,
  • which is safer and more professional.

Security Reminder

The real .env file should never be uploaded to GitHub. This project uses .gitignore to prevent that.

Presentation Talking Points

  • "Hardcoding secrets in JavaScript is a security risk."
  • "dotenv loads values from a .env file into process.env."
  • "The code reads the secret without storing it directly in index.js."
  • ".gitignore helps keep the real .env file out of GitHub."

Screenshots

See the screenshots/ folder for demo images you can use in your slides, README, or repo.

About

Project that shows how **dotenv** helps keep secrets like API keys out of your source code.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages