Hello from the current maintainer of django-environ,
I apologize for such a late response. There have been too many changes in my life over the past year, including the war in Ukraine, my family’s move to Europe, difficulties at work, legalization in another country, and so on.
The devil is in the details. To simply read an environment variable, you don’t need a complex system. This can be achieved with standard approaches. The difficulties usually come with user requests for some non-standard interpretation, for example, reading complexly organized data structures and extracting some information from there, typing, validation, using variables from different sources, forming specially formatted formats for Django, evaluation, etc. As soon as you start taking all this into account, trying to think through a universal tool, you immediately start playing a different game. The complexity of such a project increases exponentially.
Moreover, I must admit that when I was researching similar libraries and tools in various ecosystems, I came to the conclusion that they all have something in common, but even more so they are different. This difference is manifested in the form of details, additional features, or some peculiarity when performing one or another operation.
Regarding django-environ, I can say that if you have found a vulnerability that has not been reported before, please let me know. You can do this by opening an issue on GitHub, sending me a private message on this forum, or even sending me an email. As I mentioned above, I am a bit overloaded right now, so I can’t guarantee a lightning-fast response. But I do review all issues and pay attention to them. If anyone wants to help by making a Pull Request with a fix or addition, it is also welcome.