README

CHANGELOG.md

@@ -8,12 +8,13 @@ All notable changes to this project will be documented in this file. See [standa
 
 ### Added
 
-* 🎉 support alternate value expansion ([#131](https://github.com/motdotla/dotenv-expand/pull/131))
+* 🎉 support alternate value expansion (see [usage](https://dotenvx.com/docs/env-file#interpolation)) ([#131](https://github.com/motdotla/dotenv-expand/pull/131))
 
 ### Changed
 
 * 🎉 Expansion logic rewritten to match [dotenvx's](https://github.com/dotenvx/dotenvx). (*note: I recommend dotenvx over dotenv-expand when you are ready. I'm putting all my effort there for a unified standard .env implementation that works everywhere and matches bash, docker-compose, and more. In some cases it slightly improves on them. This leads to more reliability for your secrets and config.) ([#131](https://github.com/motdotla/dotenv-expand/pull/131))
 * ⚠️ BREAKING: do NOT expand in reverse order. Instead, order your .env file keys from first to last as they depend on each other for expansion - principle of least surprise. ([#131](https://github.com/motdotla/dotenv-expand/pull/131))
+* ⚠️ BREAKING: do NOT attempt expansion of process.env. This has always been dangerous (unexpected side effects) and is now removed. process.env should not hold values you want to expand. Put expansion logic in your .env file. If you need this ability, use [dotenvx](https://github.com/dotenvx/dotenvx) by shipping an encrypted .env file with your code - allowing safe expansion at runtime. ([#131](https://github.com/motdotla/dotenv-expand/pull/131))
 
 ## [11.0.7](https://github.com/motdotla/dotenv-expand/compare/v11.0.6...v11.0.7) (2024-11-13)
 

README.md

@@ -1,5 +1,5 @@
 <div align="center">
-🎉 announcing <a href="https://github.com/dotenvx/dotenvx">dotenvx</a>. <em><b>better expansion</b>, run anywhere, multi-environment, encrypted envs</em>.
+🎉 announcing <a href="https://github.com/dotenvx/dotenvx">dotenvx</a>. <em><b>expansion AND command substitution</b>, multi-environment, encrypted envs, and more</em>.
 </div>
 
 &nbsp;
@@ -166,28 +166,13 @@ console.log(process.env.HELLO) // undefined
 
 ### What rules does the expansion engine follow?
 
-The expansion engine roughly has the following rules:
-
-* `$KEY` will expand any env with the name `KEY`
-* `${KEY}` will expand any env with the name `KEY` 
-* `\$KEY` will escape the `$KEY` rather than expand
-* `${KEY:-default}` will first attempt to expand any env with the name `KEY`. If not one, then it will return `default`
-* `${KEY-default}` will first attempt to expand any env with the name `KEY`. If not one, then it will return `default`
-
-You can see a full list of rules [here](https://dotenvx.com/docs/env-file#interpolation).
+See a full list of rules [here](https://dotenvx.com/docs/env-file#interpolation).
 
 ### How can I avoid expanding pre-existing envs (already in my `process.env`, for example `pas$word`)?
 
-Modify your `dotenv.config` to write to an empty object and pass that to `dotenvExpand.processEnv`.
-
-```js
-const dotenv = require('dotenv')
-const dotenvExpand = require('dotenv-expand')
-
-const myEnv = dotenv.config({ processEnv: {} }) // prevent writing to `process.env`
+As of `v12.0.0` dotenv-expand no longer expands `process.env`.
 
-dotenvExpand.expand(myEnv)
-```
+If you need this ability, use [dotenvx](https://github.com/dotenvx/dotenvx) by shipping an encrypted .env file with your code - allowing safe expansion at runtime.
 
 ## Contributing Guide