I am currently using SvelteKit to code an application. I am a beginner with frontend code and don’t understand when my env variable will be exposed to the public. I have heard that private env variables on the “client side” are potentially readable.
If I have a folder outside of my src/ directory, is that still on the “client side?” Will my env variables be exposed to the public?
It would also be really helpful to know how people read env variables on the client, so for the future I could detect this for myself.
Edit for clarity: The code that will have the env variable will not be a part of the website per say, but rather a folder outside the src directory so my students can run a node test/main.js -like command that will perform some action. I just want it to be in the same general folder as the website as well
By 'client side', developers normally refer to anything that is delivered to the browser. Anything loaded in the browser is readable by the user, since they can always inspect any html/js/etc file that is loaded.
Assuming you use Svelte out of the box, only files in
srcandstaticare part of your bundle delivered to the browser, so all your other files are safe. After building the site, you can inspect the output folder to see that nothing sensitive is in there before delivering it to your hosting provider.