npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

secure-env-guard

v1.0.6

Published

A lightweight, type-safe environment variable validator for Node.js applications.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

explorer13explorer13

Keywords

Readme

secure-env-guard

A lightweight, type-safe environment variable validator for Node.js applications.

secure-env-guard ensures that required environment variables exist and match expected types before your application boots — preventing runtime failures caused by misconfiguration.

Designed for production-grade Node.js backends.

Why secure-env-guard?

Misconfigured environment variables are one of the most common causes of production incidents.

This package enforces:

  • Required variable presence
  • Strict type validation (string | number | boolean)
  • Early failure before server start
  • Clean, developer-friendly, colorful CLI output
  • Seamless dotenv integration

Fail fast. Fail clearly. Ship confidently.

Installation

npm install secure-env-guard

Links

Basic Usage

import { validateEnv } from "secure-env-guard";

const env = validateEnv({
  PORT: "number",
  DEBUG: "boolean",
  API_KEY: "string",
};);

console.log(env.PORT); // number
console.log(env.DEBUG); // boolean
console.log(env.API_KEY); // string

What Happens Here?

  • .env is loaded automatically (via dotenv)
  • Each key is validated
  • Values are type-cast safely
  • Application crashes immediately if validation fails

Advanced Usage (Custom Config)

You can configure dotenv behavior manually.

config.ts

import { validateEnv } from "secure-env-guard";

export const configureEnv = () => {
  try {
    const env = validateEnv(
      {
        PORT: "number",
        DB_URL: "string",
        DEV: "boolean",
      },
      {
        path: ".env.example", // custom env file
        load: true, // load using dotenv
      },
    );

    console.log("Environment variables validated successfully");
    return env;
  } catch (error) {
    console.error("Environment validation failed:", error);
    process.exit(1);
  }
};

app.ts

import express from "express";
import { configureEnv } from "./config";

const app = express();
const env = configureEnv();

app.listen(env.PORT, () => {
  console.log(`Server running on port ${env.PORT}`);
});

Type Safety

The returned object is fully inferred and strongly typed:

const env = validateEnv({
  PORT: "number",
  DEBUG: "boolean",
});

Now:

  • env.PORT → number
  • env.DEBUG → boolean

No manual parsing required.

Options

validateEnv(schema, options?)

Schema

{
  [key: string]: "string" | "number" | "boolean"
}

Options

| Option | Type | Default | Description | | ------ | ------- | ------- | ---------------------- | | path | string | .env | Path to env file | | load | boolean | true | Whether to load dotenv |

❌ Error Handling

The package fails fast with expressive CLI messages.

1️⃣ Environment File Not Found

If the specified .env file does not exist:

ENOENT Error

Example:

ERROR ENOENT: no such file or directory, open 'D:\secure-env-guard\.env'

2️⃣ Required Variable Missing

If a required variable is not present:

Missing Variable

Example:

ERROR PORT is missing in .env file

3️⃣ Invalid Type

If a variable does not match expected type:

Invalid Type

Example:

ERROR PORT must be a valid number

✅ Successful Load

When environment variables load successfully:

Success Load

Example:

SUCCESS Successfully loaded .env.example file

Production Recommendation

For production environments:

  • Always validate before app bootstrap
  • Use separate .env.production
  • Crash the process on validation failure
  • Never fallback silently

This package is designed to stop misconfigured deployments before they go live.

Use Cases

  • Express / Fastify backends
  • Microservices
  • CLI tools
  • Next.js custom servers
  • Dockerized apps
  • CI/CD validation

Philosophy

Configuration errors should never reach runtime.

secure-env-guard enforces configuration contracts at application start — similar to how TypeScript enforces types at compile time.

License

MIT © Explore13