The dotenv package is used in Node.js apps to hide sensitive data from the outside world.
Deploying it is simple enough,
npm install dotenv
Setting up a custom directory inside app.js to access a .env file is also straightforward,
require('dotenv').config({ path: path.join(__dirname, '/controllers/.env') });
.env stores data in a simple name/value pattern,
PORT = 5000
PASSWORD = myPassword123
From app.js it is easy to access this data,
console.log(`Listening on Port ${process.env.PORT}`);
Question: How do I know any of this is hiding data from the outside world? What test can I perform with dotenv enabled and disabled to show that it is hiding sensitive data? I'd like to be able to prove it is working.
The dotenv package is used in Node.js apps to hide sensitive data from the outside world.
No it does not. According to the npm page
Dotenv is a zero-dependency module that loads environment variables from a .env file into process.env. Storing configuration in the environment separate from code is based on The Twelve-Factor App methodology.
It does not say anything about hiding data.