Negligible Psychological Misery
Have ideas to improve npm?Join in the discussion! »


1.1.0 • Public • Published


Source environment variables from a shell script into a Node.js process.

npm tests coverage


Since sourcing a shell script allows it to execute arbitrary code, you should be 100% sure its contents are not malicious!


You have some configuration data stored in a sourcable shell script, but need access to that data from a JavaScript program. You could try to parse the file as text, but that would only work if the script does not execute code or expand any variables.


Spawns the process owner's default shell and executes a POSIX compliant wrapper script that in turn sources the file of your choosing. The wrapper then calls printenv which writes the child process' updated environment to stdout. The parent (Node.js) process then parses this output and updates process.env.


Consider the script below that needs to execute code before its variables can be evaluated:

export SERVER_HOST="$(hostname)"
export SERVER_PORT="$(grep -m1 '# HTTP Alternate' < /etc/services | sed 's/[^0-9]*\(.*\)\/.*/\1/')"
export PATH="node_modules/.bin:$PATH"

A Node.js process can use shell-source to emulate the behavior of sh's . built-in, executing the script before absorbing any enviroment changes it effects:

var source = require('shell-source');
source(__dirname + '/', function(err) {
  if (err) return console.error(err);
  console.log(process.env.SERVER_HOST); // ::
  console.log(process.env.SERVER_PORT); // 8080
  console.log(process.env.PATH);        // node_modules/.bin:/usr/local/bin


$ npm install shell-source


$ npm test


var source = require('shell-source');


source(filepath, [opts,] callback);

  • filepath The full path to the shell script that should be sourced.
  • opts An options object which can contain:
    • source A boolean. Defaults to true. If set to false, the callback can receive the evironment object as its second argument and process.env will be left unmolested.
    • wrapper Use your own wrapper script. is used by default.
    • reserved An object to merge with the default blacklist where SHLVL and _ are already set to true.
  • callback A callback with signature:
function(err, environment) {
  // console.log(err, environment);


Obviously it would be nice if this could be done synchronously. However, until something like this lands on stable, I'm not sure if there is a sane way to accomplish it. If there is, please let me know.


The latest stable release is published to npm. Tarballs for each release can be found here.

  • 1.1.0
  • xtend is not a dev dependency (thanks @sparkleholic)
  • 1.0.x
  • First release.


Copyright © 2014 Jesse Tane

This work is free. You can redistribute it and/or modify it under the terms of the WTFPL.

No Warranty. The Software is provided "as is" without warranty of any kind, either express or implied, including without limitation any implied warranties of condition, uninterrupted use, merchantability, fitness for a particular purpose, or non-infringement.


npm i shell-source

DownloadsWeekly Downloads






Last publish


  • avatar