npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@saboteur-labs/varsentry

v0.2.0

Published

Deterministic environment validation CLI for Node.js projects. Validate .env variables and configuration integrity.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

jedaisaboteurjedaisaboteur

Keywords

envdotenvenvironmentenvironment-variablesconfigconfigurationvalidationvalidatorclinodenodejssemvercidevopsbuildpreflightdiagnosticsstatic-analysistooling

Readme

Varsentry

Deterministic environment validation CLI for Node.js projects. Validate .env variables and configuration integrity before your application runs.

Varsentry is designed for local development, CI pipelines, and production preflight checks. It provides structured output and stable exit codes for automation.

Quick Start

npm install -D @saboteur-labs/varsentry

Create a varsentry.config.js at your project root:

module.exports = {
    PORT: { type: "number", required: true },
    NODE_ENV: { type: "enum", enum: ["development", "production", "test"], required: true },
    DATABASE_URL: { type: "url", required: true, secret: true },
};

Run before your app starts:

varsentry --schema varsentry.config.js

Varsentry exits 0 if everything is valid, non-zero otherwise — making it CI-native by default.

Why Varsentry?

Most tools validate environment variables inside application code. Varsentry validates configuration before execution.

It is built for:

  • Preventing misconfiguration from reaching production

  • CI pipeline enforcement

  • Enforcing required environment contracts

  • Producing deterministic machine-readable output

Varsentry does not modify files. It performs analysis only.

Installation

npm install -D @saboteur-labs/varsentry

Or run directly

npx @saboteur-labs/varsentry

If installed locally, you can run

varsentry

Example Usage

Run against current directory:

varsentry

Run against a specific path:

varsentry --file ./app/.env.development

JSON output:

varsentry --json --schema varsentry.config.js

Safe-for-logging mode (redacts raw error values and secret-marked variable values):

varsentry --json --redact --schema varsentry.config.js

Exit Codes

Varsentry uses deterministic exit codes:

| Code | Meaning | Status | | ---- | --------------------------------------- | ------- | | 0 | No errors (warnings allowed) | locked | | 1 | Parser errors present | locked | | 2 | CLI misuse | locked | | 3 | Validation errors present | locked | | 4 | Schema issues present | locked | | 5 | License validation failure (future use) | pending |

JSON Output

Pass --json to receive structured output on stdout:

{
    "version": "0.1.0",
    "hasErrors": true,
    "parseErrors": [],
    "issues": [
        {
            "severity": "error",
            "code": "VAR_MISSING",
            "variable": "DATABASE_URL",
            "message": "Required variable \"DATABASE_URL\" is missing",
            "raw": "DATABASE_URL="
        }
    ],
    "values": {
        "PORT": 3000
    }
}

Pass --redact to produce safe-for-logging output: raw fields are omitted from parseErrors and issues, and any variable marked secret: true in the schema has its value replaced with "[REDACTED]" in values.

--redact also suppresses raw error values from human-readable (non-JSON) stderr output.

The JSON schema is additive-only after 1.0.0.

Project Status

Varsentry is currently in early development (0.x).

Breaking changes may occur until 1.0.0. After 1.0.0, strict Semantic Versioning will be enforced.

Development

Requirements

  • Node.js >= 18
  • pnpm (recommended) or npm

Setup

pnpm install

Build

pnpm build

Test

pnpm test

Jest is used for behavior-locking tests to ensure deterministic output and stable contracts.

Philosophy

Varsentry is:

  • Deterministic
  • Non-destructive
  • CI-first
  • Explicit in failure modes
  • Focused on configuration integrity

It is not:

  • A runtime schema validation library
  • A dotenv replacement
  • A configuration mutation tool

License

MIT © Saboteur Labs

Contributing

Contributions are welcome.

Before submitting changes that alter observable behavior (CLI flags, exit codes, JSON schema), please open an issue for discussion.

Roadmap

Varsentry is being developed as a deterministic preflight validation tool for Node.js environments. The roadmap reflects both feature maturity and long-term sustainability.

Phase 0 — Core Stability (0.x)

Goal: Lock the public contract.

  • [x] .env parsing and variable validation
  • [x] Required / optional enforcement
  • [x] Type validation (number, boolean, url, enum, semver)
  • [x] Deterministic exit codes
  • [x] Stable JSON output schema
  • [x] Behavior-locking test suite

Focus during this phase is correctness, predictability, and CI safety.

Phase 1 — 1.0 Release

Goal: Establish a stable, CI-safe validation contract.

  • JSON schema declared stable (additive-only)
  • CLI flags frozen under SemVer discipline
  • Documentation hardened for production use

After 1.0.0, breaking changes occur only in major releases.