-
-
Notifications
You must be signed in to change notification settings - Fork 26.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unset env variables are not properly embedded #8961
Comments
I pushed a repo that is showing this behavior here: |
@abumalick: That looks like a different issue. I'm not concerned that a list of ENV variables appears in the output - it's likely intended behaviour to account for code like: let x = process.env;
let foo = x.REACT_APP_FOO; Those variables shouldn't contain anything sensitive, and I'm sure some code somewhere relies on this working. What concerns me (and what I consider a bug) is that referencing a variable that wasn't defined does not result in a constant expression. If env vars are used for feature gating, then this will prevent dead code elimination of the gated features. As you can see above, both I've edited the issue to clarify. |
Ran across this today and it's hugely annoying - i'm trying to include some debug code in a specific build but this bug causes it to still be included if the env var isn't set which is the opposite of the expected behaviour. I would expect this to "fail safe", it's a potential footgun for devs. |
I believe the most pragmatic way to fix this is to create a new eslint rule, similar to Implementing that is on my list of things to do when I get bored, but as you can see it hasn't reached the top yet. |
Saw the same thing, I think a note in documentation is a good start, and urgent. In my case, the code made it into the browser code and then threw a type error because process.env.REACT_APP_VAR didn't exist. Not my favorite javascript feature I agree that there should be a reasonable default, but I can't think of simple way. There has to be a single source of truth somewhere I think that the underlying thought behind the documentation is confusing Environment files are used for
create_react_app creates browser code. If you need a secret, to access a maps api for instance, there is no way to hide that secret. So passing variables into create-react-app through the |
A solution
Can be used in package.json scripts
I already use
|
I think this also affects 3rd party libraries, e.g. styled-components/styled-components#3166 |
This issue has been automatically marked as stale because it has not had any recent activity. It will be closed in 5 days if no further activity occurs. |
Here's some recent activity for you, you bot! 😆 |
I also had this problem today. In such case, the if statement should rewrite as Details
const foo = 'true';
if (foo !== 'true')
console.log('This code should be removed'); But not for this: const foo = {};
foo.bar = 'true';
if (foo.bar !== 'true')
console.log('This code will NOT be removed'); So we should try to make the code block like the previous one.
|
I have updated the environment variables documentation
Please could you take a look ? I would really appreciate some feedback. I moved quite a lot of the documentation around because I thought it had been added to in an inconsistent way Clearly, this doesn't close this issue, but should stop people falling into the same hole that we did If you wish to edit my version, I can add you as collaborator to my fork My fork is at I deployed the docusaurus build on Netlify and you can find the built documentation at |
This issue has been automatically marked as stale because it has not had any recent activity. It will be closed in 5 days if no further activity occurs. |
This issue has been automatically closed because it has not had any recent activity. If you have a question or comment, please open a new issue. |
In a server environment, |
Still an issue with the latest version. |
Describe the bug
Variables like
REACT_APP_FOO
are hard-baked into the code if they were present in the environment during build-time. Referencing a variable that did not exist during build time results in rather useless code that cannot be minified:->
This will neither cause an error, not is it minified into a constant expression.
Full example further below.
Did you try recovering your dependencies?
Problem is reproducible on a fresh install.
> npm --version: 6.14.4
Which terms did you search for in User Guide?
This behaviour is not documented on
https://create-react-app.dev/docs/adding-custom-environment-variables/
Environment
Steps to reproduce
index.js:
main*.js (prettified):
Expected behavior
undefined
orvoid 0
or''
or some other sensible default value.The workaround is to define a default value for every used variable in
.env
and commit the file, but that doesn't protect against mistyped identifiers in the code.Actual behavior
See above for actual output. The output contains both
'"Foo is enabled"'
and"Foo is disabled"
, even though one of them is dead code.Reproducible demo
See above.
I am not sure how best to resolve the issue.
Replacing with
undefined
or''
isn't easy:terser
- the code could evaluate to something other thanundefined
if someone setsObject.prototype.REACT_APP_FOO
, soterser
is not allowed to minify here. Playing around with terser's repl, I was unable to find a different construct forprocess.env
that would allow minification here.DefinePlugin
does not allow regexps for replacements; substitutingREACT_APP_.*
is not possible.Emitting an error isn't easy:
process.env.REACT_APP_
won't work, and scanning for the whole code snippet above seems really fragile.This could be solved by moving the replacement logic from
DefinePlugin
into a custom babel plugin (similar to this one). Considering that cra only supports replacing with strings, and not with arbitrary javascript code, that might work. Is babel guaranteed to be run on every source file, including typescript?If all else fails, I think it deserves at least a warning in the documentation.
The text was updated successfully, but these errors were encountered: