npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@semantic-innovations/envsync

v1.0.0

Published

Validate, compare, lint, and secure .env files — zero dependencies CLI tool

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

myasir786myasir786

Keywords

envdotenvenvironmentenvironment-variablesvalidationclisyncsecretssecret-scanningconfigurationdevtoolsdeveloper-toolslintlinterenv-checkenv-diffenv-lintenv-scancisecuritydotenv-vaultenv-file

Readme

The Problem

Every developer has been here. Every. Single. One.

 App crashes       →  "DATABASE_URL is not defined"
 Deploy fails      →  Someone added a new env var, forgot to tell the team
 New teammate      →  Spends half a day asking "what env vars do I need?"
 Security panic    →  Someone committed .env to git
 Staging is weird  →  .env and .env.staging have different variables

Your .env.example says one thing. Your .env says another. Production says nothing — it just breaks.

The Solution

One tool. Five commands. Zero headaches.

npm install -g @semantic-innovations/envsync

That's it. No config files. No setup. No dependencies to install.

Quick Start

envsync check       # Are all required env vars present?
envsync diff        # What's different between two env files?
envsync lint        # Any typos, duplicates, or bad formats?
envsync scan        # Did someone leak secrets in the code?
envsync template    # Generate .env.example automatically

Or run without installing:

npx @semantic-innovations/envsync check

Commands

envsync check

Validates your .env against .env.example — instantly see what's missing, what's empty, and what's extra.

envsync check                              # Auto-detects .env + .env.example
envsync check --env .env.local             # Check a specific env file
envsync check --example .env.template      # Use a specific example file
envsync check --ci                         # Exit code 1 on errors (for CI)

envsync diff

Compares two env files side by side — see what changed, what's missing, and what's extra. Values are masked by default so it's safe to share output.

envsync diff .env .env.staging             # Compare two files
envsync diff .env .env.prod --show         # Show full values (unmasked)
envsync diff .env .env.prod --all          # Also show matching vars

envsync scan

Scans your codebase for leaked secrets — catches API keys, tokens, and credentials before they reach GitHub.

AWS Access Keys   GitHub Tokens   GitLab Tokens   Stripe Keys   Slack Tokens   Private Keys   Bearer Tokens   Basic Auth   Generic Secrets

envsync scan                               # Scan current directory
envsync scan ./src                         # Scan specific directory
envsync scan --ci                          # Exit code 1 on findings

envsync lint

Checks your .env for formatting issues — catches invalid keys, duplicates, wrong types, and bad URLs before they cause silent bugs.

$ envsync lint

  envsync lint
  ────────────────────────────────────────
  ✗ Line 5: 123BAD
    Invalid key name (use A-Z, 0-9, _)
  ⚠ Line 8: PORT
    Value "abc" doesn't look like a port number
  ⚠ Line 12: DATABASE_URL
    Duplicate key (first defined on line 3)

  ────────────────────────────────────────
  9 passed · 1 failed · 2 warnings
envsync lint                               # Lint .env
envsync lint --env .env.production         # Lint a specific file
envsync lint --ci                          # Exit code 1 on errors

envsync template

Generates .env.example from your .env — strips all real values, preserves comments and structure. Never manually maintain .env.example again.

$ envsync template --dry-run

# Database
DATABASE_URL=
REDIS_URL=

# Server
PORT=
HOST=

# API Keys
API_KEY=
STRIPE_KEY=
envsync template                           # Generate .env.example
envsync template --output .env.sample      # Custom output name
envsync template --force                   # Overwrite existing
envsync template --dry-run                 # Preview without writing

CI Integration

GitHub Actions

# .github/workflows/env-check.yml
name: Env Check
on: [push, pull_request]

jobs:
  env-check:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
      - run: npx @semantic-innovations/envsync check --ci
      - run: npx @semantic-innovations/envsync scan --ci

Pre-commit Hook

{
  "scripts": {
    "prestart": "envsync check",
    "precommit": "envsync scan"
  }
}

Or with husky:

npx husky add .husky/pre-commit "npx @semantic-innovations/envsync scan --ci"

GitLab CI

env-check:
  script:
    - npx @semantic-innovations/envsync check --ci
    - npx @semantic-innovations/envsync scan --ci

Use as a Library

const { check, diff, lint, scan, template } = require('envsync');

const result = check({ env: '.env', example: '.env.example' });
// { passed: 12, failed: 2, warnings: 1 }

Why envsync?

Key Features

Contributing

Contributions welcome! Each command is a standalone file in src/commands/ — easy to understand, easy to extend.

git clone https://github.com/semantic-innovations/envsync.git
cd envsync
npm test

Ideas for contributions:

  • New secret patterns for scan
  • Additional lint rules
  • YAML/TOML env file support
  • VS Code extension
  • Git hook installer command
  • envsync init — interactive setup wizard

License

MIT - LICENSE