Closed titanism closed 1 year ago
Additional comments at https://github.com/twilio/twilio-node/pull/939
Temporary workarounds to monkey-patch:
const client = twilio(accountSid, authToken, { env: {} });
Or:
const client = new twilio.Twilio(accountSid, authToken, { env: {} });
Or:
const client = twilio(accountSid, authToken);
client.env = {};
Duplicate of #933, #932, #931, #933, #932
Hi @titanism, I have merged the fix for this issue to refer only twilio specific required values from process.env and not loading all of them. Fix will be available from next release Thanks, Athira
This line exposes the entire
process.env
to the client, which is unnecessary.Without explicitly setting
env
option, it sets this entire object in memory.If someone were to log the
client
object, then this too would be exposed, which is a security issue.Please remove change this line of code: