npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

dotenv-guardian

v1.1.3

Published

guardian for your .env files that validates environment variables against a documented example file

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

krazerkrazer

Keywords

dotenvenvenvironmentvalidationsafe-env

Readme

Dotenv-Guardian

A minimal, TypeScript-first library built as an extension of dotenv , adding validation and documentation checks for your environment files (.env), so your Node.js apps stay safe and the missing validation layer for Node.js apps.

🚀 Features

  • Strict validation: Ensures all documented variables (.env.example) exist in the actual .env file and vice versa.
  • Mistake detection: Flags undocumented, missing, or identical-value variables.
  • Dotenv-compatible: Uses original dotenv.config({ ... }) for seamless adoption in existing projects.
  • Zero dependencies: Only relies on dotenv and Node.js core modules.
  • TypeScript-native: Provides strong types and full autocomplete in editors.
  • Strict mode: Optional mode to throw errors or exit the process if validation fails.
  • Gitignore validation: Ensures .env is ignored in Git while .env.example is included, helping teams avoid committing secrets.

📦 Installation

npm install dotenv-guardian
# or
yarn add dotenv-guardian

🛠️ Usage

Before you start

  • Place your .env and .env.example files in your project root.
  • Ensure you have a .gitignore file:
    • Add your .env file to .gitignore.
    • Do not include .env.example in .gitignore.

For convenience, the default file names are .env and .env.example, but you can use custom names if desired just specify them as follow:

  • config({path:.env.customName,pathSuffix:.documented}).

Basic validation (TypeScript or CommonJS)

import { config } from 'dotenv-guardian';
// or: const { config } = require('dotenv-guardian');

const result = config({ path: './.env' });

if (result.error) {
  throw result.error;
}

// result.parsed contains your validated environment variables

Multi-file validation

import { configMultiple } from 'dotenv-guardian';

const results = configMultiple([{ path: './.env' }, { path: './.db.env' }]);

Custom paths

  • By default, validates .env and .env.example.
  • You can set a custom path to validate files like ./.backend.env and ./.backend.env.example.

🧪 API Reference

DotenvConfigOptions & GuardianEnvConfig

  • GuardianEnvConfig inherits all original DotenvConfigOptions options from dotenv package.
  • Adds custom variables:
    • pathSuffix: string — Specify your documented env file name, e.g., .env.docs or .env.template. (Default: .example)
    • strict: boolean — Default: false. If true, validation errors will throw instead of returning them.

config(options?: GuardianEnvConfig): GuardianEnvResults

  • options.path: Path to your env file (e.g., .env, .redis.env, etc.)
  • returns: { error?: GuardianEnvError, parsed?: Record<string, string> }

configMultiple(configs: GuardianEnvConfig[]): GuardianEnvResults[]

  • Validates multiple env files and returns an array of results, one for each configuration.

🔍 What does it check?

  1. Missing vars: Is every variable in .env.example present in your .env?
  2. Undocumented vars: Is every real var documented in .env.example?
  3. Duplicate values: Does any documented variable have the same value in both files? (Helps catch copy-pasting errors.)
  4. gitignore validation: If your original env file is in gitignore and your document env file is not.

💡 Example .env and .env.example

.env

DB_USER=admin
DB_PASS=hunter2
SECRET_KEY=productionsecret123

.env.example

DB_USER=sample
DB_PASS=sample
SECRET_KEY=changeme

If .env and .env.example match except for values, you pass. If any variable is missing or present in only one file, or shares a value, you get a clear error.

✅ CI Integration

Add to your .github/workflows/ci.yml:

- name: Validate environment files
  run: node -e "require('dotenv-guardian').config({ path: './.env' })"

🔄 Migrating from dotenv

  • Drop-in replacement: swap dotenv.config() for dotenv-guardian.config().
  • Extends validation with minimal code change.

👀 Contributing & Issues

PRs, bug reports, and feature requests are welcome! Open an issue describing your use-case, or send a PR.

📄 License

MIT