npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

env-sanitizer

v2.4.0

Published

A library to validate, sanitize, and safely load .env variables

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

kishan-ghetiyakishan-ghetiya

Keywords

dotenvenvsanitizervalidationnodejs

Readme

env-sanitizer

NPM version TypeScript Coverage Status npm downloads Known Vulnerabilities License

A library to validate, sanitize, and safely load .env variables in your Node.js application. Supports TypeScript!

Installation

You can install env-sanitizer via npm:

npm install env-sanitizer

Features

  • Validation: Ensure your environment variables meet specific conditions (e.g., required fields, valid types).
  • Sanitization: Cast values to the expected types (e.g., string, number, boolean, JSON, array, date, URL, BigInt, UUID).
  • Default Values: Provide default values if the environment variable is missing.
  • Error Handling: Throw descriptive errors when a variable is missing or invalid.
  • Custom Validators: Easily create custom validation logic for any environment variable.

Usage

1. Set up your .env file

Create a .env file in the root of your project with some environment variables:

STRING_VAR=hello
NUMBER_VAR=123
BOOLEAN_VAR=true
CONFIG={"key":"value"}
USERS=one,two,three
LAUNCH_DATE=2025-04-30
API_URL=https://api.example.com

2. Define your schema

Use EnvSchema to define the types, required status, default values, and optional custom validation for your environment variables.

import { sanitizeEnv, EnvSchema, EnvType } from 'env-sanitizer';

const schema: EnvSchema<{
  STRING_VAR: string;
  NUMBER_VAR: number;
  BOOLEAN_VAR: boolean;
  CONFIG: object;
  USERS: string[];
  LAUNCH_DATE: Date;
  API_URL: URL;
}> = {
  STRING_VAR: { type: "string" as EnvType, required: true },
  NUMBER_VAR: { type: "number" as EnvType, required: true },
  BOOLEAN_VAR: { type: "boolean" as EnvType, required: true },
  CONFIG: { type: "json" as EnvType, required: true },
  USERS: { type: "array" as EnvType, required: true },
  LAUNCH_DATE: { type: "date" as EnvType, required: true },
  API_URL: { type: "url" as EnvType, required: true },
};

const config = sanitizeEnv(schema);

console.log(config.STRING_VAR); // "hello"
console.log(config.NUMBER_VAR); // 123
console.log(config.BOOLEAN_VAR); // true
console.log(config.CONFIG); // { key: "value" }
console.log(config.USERS); // ["one", "two", "three"]
console.log(config.LAUNCH_DATE); // Date object
console.log(config.API_URL); // URL object

3. Handle Missing or Invalid Variables

If a required variable is missing or invalid, an error will be thrown:

const schema: EnvSchema<{ REQUIRED_MISSING: string }> = {
  REQUIRED_MISSING: { type: "string" as EnvType, required: true },
};

try {
  sanitizeEnv(schema);
} catch (error) {
  console.error(error.message); // "Missing required environment variable: REQUIRED_MISSING"
}

4. Use Default Values

You can define default values for optional variables:

const schema: EnvSchema<{ OPTIONAL_VAR: string }> = {
  OPTIONAL_VAR: { type: "string" as EnvType, default: "default-value" },
};

const config = sanitizeEnv(schema);

console.log(config.OPTIONAL_VAR); // "default-value"

5. Custom Validators

You can define custom validation logic for your environment variables:

const schema: EnvSchema<{ CUSTOM_VAR: string }> = {
  CUSTOM_VAR: {
    type: "string" as EnvType,
    required: true,
    validator: (value) => value.length > 5,
  },
};

try {
  sanitizeEnv(schema);
} catch (error) {
  console.error(error.message); // "Validation failed for environment variable: CUSTOM_VAR"
}

6. Support for New Types

In addition to basic types such as string, number, and boolean, env-sanitizer now supports the following advanced types:

  • JSON: Automatically parse environment variables as JSON objects.
  • Array: Parse environment variables as arrays (e.g., comma-separated values).
  • Date: Convert environment variables to Date objects.
  • URL: Parse environment variables as URL objects.
  • BigInt: Parse environment variables as BigInt values.
  • UUID: Parse environment variables as UUIDs (using regex validation).
const schema: EnvSchema<{
  DATE_VAR: Date;
  BIGINT_VAR: BigInt;
  UUID_VAR: string;
}> = {
  DATE_VAR: { type: "date" as EnvType, required: true },
  BIGINT_VAR: { type: "bigint" as EnvType, required: true },
  UUID_VAR: { type: "uuid" as EnvType, required: true },
};

const config = sanitizeEnv(schema);

console.log(config.DATE_VAR); // Date object
console.log(config.BIGINT_VAR); // BigInt object
console.log(config.UUID_VAR); // UUID string

API

sanitizeEnv<T>(schema: EnvSchema<T>): T

  • Parameters:
    • schema: An object defining the environment variables and their validation rules.
  • Returns:
    • An object where each key corresponds to an environment variable, and its value has been sanitized and validated.

EnvSchema<T>

A schema object used to define the validation rules for your environment variables. It has the following properties:

  • type: The expected type of the environment variable (e.g., "string", "number", "boolean", "json", "array", "date", "url", "bigint", "uuid").
  • required (optional): Whether the environment variable is required.
  • default (optional): The default value to use if the environment variable is missing.
  • validator (optional): A custom validation function for the environment variable.

EnvType

An enum defining the possible types for environment variables:

  • "string"
  • "number"
  • "boolean"
  • "json"
  • "array"
  • "date"
  • "url"
  • "bigint"
  • "uuid"

Contributing

If you'd like to contribute, feel free to fork the repository, create a new branch, and submit a pull request. Ensure that you write tests for your changes.

License

This project is licensed under the MIT License - see the LICENSE file for details.

Author

Kishan Ghetiya - GitHub