npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@shiftescape/astro-env-inspector

v0.1.2

Published

Dev toolbar integration for Astro that shows your environment variables grouped, masked, and searchable — only active in development mode.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

shiftescapeshiftescape

Keywords

astroastro-integrationwithastrodev-toolbarenvenvironmentvariablestoolingdeveloper-experiencedx

Readme

@shiftescape/astro-env-inspector

version downloads MIT License

A dev toolbar integration for Astro that shows all your environment variables — grouped, masked, and searchable — directly inside astro dev. Zero footprint in production.

ENV Inspector (1 leaking) (1 missing) (8 vars)
─────────────────────────────────────────────────────
PUBLIC: 3   PRIVATE: 8   ASTRO: 4
─────────────────────────────────────────────────────
🌐 Public (PUBLIC_*)
  🟢 PUBLIC_SITE_NAME        My Astro Site
  🟢 PUBLIC_API_URL          https://api.example.com
  🟠 PUBLIC_API_KEY          ••••••••            👁 📋

🔒 Private / Server-only
  🟢 DATABASE_URL            postgres://localhost/db
  🟢 STRIPE_SECRET_KEY       ••••••••            👁 📋
  🔴 SENDGRID_API_KEY        not set

🚀 Astro Built-ins
  🟢 MODE                    development
  🟢 DEV                     true
─────────────────────────────────────────────────────

Features

  • 🔒 Dev-only — completely stripped in astro build and astro preview, zero production footprint
  • 📋 Grouped — variables organised into Public, Private, Astro built-ins
  • Set vs missing — instantly spot variables that are unset
  • 👁 Masked by default — sensitive values hidden with a per-variable reveal toggle
  • ⚠️ Leak detection — warns when a PUBLIC_* variable looks like it contains a secret
  • 🔍 Searchable — filter by key or value in real time
  • 📋 Copy on click — copy any value to clipboard instantly

Install

npm install -D @shiftescape/astro-env-inspector
# or
pnpm add -D @shiftescape/astro-env-inspector

Usage

// astro.config.mjs
import { defineConfig } from "astro/config";
import envInspector from "@shiftescape/astro-env-inspector";

export default defineConfig({
  integrations: [envInspector()],
});

Open your site in astro dev, click the toolbar icon in the bottom bar, and the panel appears.

With options

envInspector({
  // Extra key patterns to always treat as sensitive and mask
  sensitivePatterns: ["MY_APP_SECRET", "INTERNAL_*"],

  // Hide Astro built-ins (MODE, DEV, PROD, SITE, BASE_URL)
  showAstroBuiltins: false,

  // Start with all values revealed (not recommended for shared screens)
  revealByDefault: false,
});

Options

| Option | Type | Default | Description | | ------------------- | ---------- | ------- | --------------------------------------------------------- | | sensitivePatterns | string[] | [] | Extra key patterns to mask. Supports * suffix wildcard. | | showAstroBuiltins | boolean | true | Show MODE, DEV, PROD, SITE, BASE_URL etc. | | revealByDefault | boolean | false | Start with all values unmasked. |

Built-in sensitive patterns

The following patterns are always masked regardless of options: KEY, SECRET, TOKEN, PASSWORD, PASS, PWD, PRIVATE, AUTH, CREDENTIAL, CERT, API_KEY, APIKEY, ACCESS_KEY, CLIENT_SECRET

Leak detection

If a PUBLIC_* variable matches any sensitive pattern, the inspector flags it with a ⚠ warning — both in the panel and in the terminal. For example, PUBLIC_API_KEY would trigger this warning since it's publicly exposed to the browser but looks like a secret.

Dev-only guarantee

The integration checks command === 'dev' in astro:config:setup and returns early for build and preview. The toolbar app entrypoint is never registered, never bundled, and never shipped to users.

License

MIT © Alvin James Bellero