Help with .env safety (REACT). | w3schools | Page 1

chrome shard Feb 29, 2024, 4:30 AM

#

Is it safe in using data read from env files in frontend part of a react app (build file)?

#

I have a react app with a file named supabase.js (./src/database/supabase.js)

import { createClient } from '@supabase/supabase-js'

const { REACT_APP_SUPABASE_URL, REACT_APP_SUPABASE_API_KEY } = process.env;
const supabaseClient = createClient(REACT_APP_SUPABASE_URL, REACT_APP_SUPABASE_API_KEY);

export default supabaseClient;

Is it safe to use the env in frontend part? I am using backend as a service from supabase.

But after building the app, i noticed that the env file is not needed for the app to work which means it is embedded in the code? is it hackable?

#

i implemented a login feature

#

and even after removing env file it works fine which means it is embedded in the code.

real thunder Feb 29, 2024, 9:24 AM

#

It is not

#

If you serve envs to the frontend they will be visible

#

In a way you described

#

Login is usually run in the backend, for obvious security issues

real thunder Feb 29, 2024, 9:26 AM

#

chrome shard I have a react app with a file named supabase.js (`./src/database/supabase.js`) ...

So this is not supposed to be in the frontend app at all

#Help with .env safety (REACT).