npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@awish/env-guardian

v1.1.1

Published

Secure environment variable validation library

Downloads

405

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

awishawish

Keywords

envdotenvenvironmentvariablevalidationsecuritytypescript

Readme

🛡️ @awish/env-guardian

A lightweight, highly secure environment variable validation library for Node.js.

npm version License: MIT Node requirement visitors

env-guardian enforces strict schemas on your .env files and runtime environment variables. It actively prevents prototype pollution, masks sensitive secrets from crash logs, provides interactive CLI tools, and generates static TypeScript definitions.

✨ Features (v1.1)

  • 🔒 Security First: Actively scans for prototype pollution attempts (__proto__, constructor) and limits payload sizes to prevent memory DoS attacks.
  • 🤫 Secret Masking: Automatically prevents sensitive keys (e.g., PASSWORD, API_KEY) from leaking in error traces and detects weak cryptographic strings.
  • 🛡️ Type Safety (TypeScript): Validate at runtime, and easily generate .d.ts type definitions for your IDE.
  • ✅ Schema Validation: Enforce required variables, apply default fallbacks, and restrict to allowedValues.
  • 💻 Interactive CLI: A fully chalk-colored terminal diagnostic tool to verify environments directly from CI/CD pipelines.

📦 Installation

To install the package, run the following command in your project directory:

npm install @awish/env-guardian

💻 Usage

Create a validation schema and pass it to loadAndValidate(). If the validation fails, it throws an early, descriptive error—preventing your app from running in a broken state.

1. Basic Example

import { loadAndValidate } from '@awish/env-guardian';

// Define how your environment should look
const schema = {
  PORT: { 
    type: 'number', 
    required: true, 
    default: 3000 
  },
  NODE_ENV: { 
    type: 'string', 
    allowedValues: ['development', 'staging', 'production'],
    default: 'development'
  },
  SUPER_SECRET_KEY: { 
    type: 'string', 
    required: true 
  },
  ENABLE_FEATURE_X: { 
    type: 'boolean', 
    default: false 
  }
};

// Validate! 
// This automatically loads from '.env' by default and applies your schema
const env = loadAndValidate(schema);

// Your variables are now safely typed and guaranteed to be present
console.log(typeof env.PORT); // "number"
console.log(env.ENABLE_FEATURE_X); // true or false boolean

2. Error Handling & Secret Masking

If a developer configured something incorrectly, env-guardian provides clear errors. However, it will never leak secrets in the stack trace. The system also proactively identifies architectural risks on load via console warnings:

// A developer accidentally typed `SUPER_SECRET_KEY=12345` instead of a strong password

try {
  const env = loadAndValidate(schema);
} catch (error) {
  console.error(error.message); 
  // Output: "Invalid value for SUPER_SECRET_KEY (value masked for security)"
}

// Console Warnings:
// ⚠️  Weak secret detected for SUPER_SECRET_KEY

🛠️ Configuration Options

The loadAndValidate method accepts an optional second argument for configuration:

const env = loadAndValidate(schema, {
  path: './config/.env.production', // Load a custom file path
  skipDotenv: true,                 // Don't read from disk, just validate process.env
});

⌨️ TypeScript Generation

env-guardian can dynamically generate an env.d.ts file based on your runtime schema so your IDE possesses full IntelliSense auto-complete.

import { createEnvTypes } from '@awish/env-guardian';

const schema = { PORT: { type: 'number', required: true } };

// Generates `env.d.ts` in your current working directory
createEnvTypes(schema);

🖥 CLI Tool

Verify your .env configuration instantly via the terminal perfect for CI/CD pipelines (like GitHub Actions). Create a JSON schema file (env-schema.json), then run:

npx @awish/env-guardian

Outputs a cleanly formatted summary:

🛡️  ENV GUARDIAN v1.1
=======================

✅ Success: Environment configuration is valid and secure.

🧪 Testing

To run the internal test suite:

npm test

📄 License

This project is licensed under the MIT License - see the LICENSE file for details.