nvm VS cross-env

I'm glad to see that I'm not the only person worried about this. It's a pretty glaring bit of attack surface if you ask me. I chuckled when I saw you used nvm as an example in your readme. I've pestered nvm about this sort of thing in the past (https://github.com/nvm-sh/nvm/issues/3349).

I'm a little uncertain about your threat model though. If you've got an SSL-tampering adversary that can serve you a malicious script when you expected the original, don't you think they'd also be sophisticated enough to instead cause the authentic script to subsequently download a malicious payload?

I know that nobody wants to deal with the headaches associated with keeping track of cryptographic hashes for everything you receive over a network (nix is, among other things, a tool for doing this). But I'm afraid it's the only way to actually solve this problem:

1. get remote inputs, check against hashes that were committed to source control

2. make a sandbox that doesn't have internet access

3. do the compute in that sandbox (to ensure it doesn't phone home for a payload which you haven't verified the hash of)

Remember the day you've installed nvm for node and npm?

NVM GitHub Repository

nvm (Node Version Manager): The most popular choice, especially on Linux and macOS. It installs Node.js within your user directory, completely avoiding the need for sudo when installing global packages. It makes switching between different Node.js versions effortless. (GitHub - nvm-sh/nvm). I have used this for years.I used pnpm, you can use npm

Let’s get it running locally first. You should have Node installed (you may also use nvm or docker).

Make sure you have node installed. If not, I recommend installing via nvm(Node Version Manager)

I was welcomed with an error that it couldn’t find npx command, which makes sense - I’m using NVM to manage node.

Cross-env GitHub Repository

cross-env

or if we care about cross-platform compatibility (i.e. Windows support), we can use cross-env (which I also recommend to install as a dev dependency):

i like to use dotenv-flow and dynamically load it into node process. it's framework agnostic and can be combined with vaious other strategies, like explicitly set NODE_ENV with cross-env. all you need is the right command in your package.json, see a sample here.

Cross-env runs scripts that set and use environment variables across various platforms.

You will also need to disable the url-loader in your Docusaurus build which transforms images into base64 strings, as this will conflict with the plugin. There isn't a first class way to do this in Docusaurus at present. However by setting the environment variable WEBPACK_URL_LOADER_LIMIT to 0 you can disable it. You can see an implementation example in this pull request. It amounts to adding the cross-env package and then adding the following to your package.json:

Using the cross-env library, you'll tell the React Testing Library to skip auto cleanup after each test. More info and ways to configure here: Skipping Auto Cleanup. Now your configuration is enough to start writing tests, let's get started.

Now we need to load the files during the bootup. Windows environments sometimes face issues with loading the environments. To take care of that, let's install a package named cross-env

build; sets and enviroment valiable of NODE_ENV=production using cross-env lib and builds the production bundle, minified and without source-maps as set in the webpack.config.js file.

I'd suggest the cross-env NPM package which is used a lot (4M downlaods/week). Then you can just change it to the following: