Skip to content

sickagents/env-validator

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

env-validator

A CLI tool to validate and lint environment variable files (.env) with schema validation and security checks.

Features

  • Schema Validation: Define expected environment variables with types and constraints
  • Security Checks: Detect exposed secrets, weak passwords, and insecure configurations
  • Format Linting: Ensure consistent formatting and naming conventions
  • Missing Variable Detection: Identify required variables that are missing
  • Type Checking: Validate that values match expected types (string, number, boolean, URL, etc.)
  • Duplicate Detection: Find duplicate variable definitions
  • Comment Preservation: Maintain comments while validating

Installation

npm install -g env-validator

Or use directly with npx:

npx env-validator validate .env

Usage

Basic Validation

env-validator validate .env

With Schema File

env-validator validate .env --schema .env.schema.json

Check for Security Issues

env-validator security .env

Format/Lint

env-validator lint .env --fix

Schema Format

Create a .env.schema.json file to define your expected environment variables:

{
  "variables": {
    "DATABASE_URL": {
      "type": "url",
      "required": true,
      "description": "PostgreSQL connection string"
    },
    "PORT": {
      "type": "number",
      "required": false,
      "default": 3000,
      "min": 1024,
      "max": 65535
    },
    "NODE_ENV": {
      "type": "enum",
      "required": true,
      "values": ["development", "production", "test"]
    },
    "API_KEY": {
      "type": "string",
      "required": true,
      "pattern": "^sk-[a-zA-Z0-9]{32}$",
      "sensitive": true
    }
  }
}

Security Checks

The tool automatically checks for:

  • Exposed API keys and tokens
  • Weak or default passwords
  • Insecure URLs (http instead of https)
  • Hardcoded secrets in comments
  • Common security misconfigurations

Example Output

✓ .env validation passed

Found 12 variables
✓ All required variables present
✓ No type mismatches
✓ No security issues detected
⚠ 2 warnings:

  LINE 5: DATABASE_URL uses http instead of https
  LINE 8: API_KEY appears to be a placeholder value

Configuration

Create a .envvalidatorrc.json file:

{
  "rules": {
    "naming-convention": "SCREAMING_SNAKE_CASE",
    "require-description": false,
    "allow-empty-values": false,
    "max-line-length": 120
  },
  "security": {
    "check-entropy": true,
    "min-password-length": 12,
    "require-https": true
  }
}

API Usage

const { validateEnv } = require('env-validator');

const result = validateEnv('.env', {
  schema: '.env.schema.json',
  strict: true
});

if (!result.valid) {
  console.error('Validation failed:', result.errors);
  process.exit(1);
}

CI/CD Integration

GitHub Actions

- name: Validate environment files
  run: npx env-validator validate .env.example --schema .env.schema.json

Pre-commit Hook

#!/bin/sh
npx env-validator validate .env --quiet || exit 1

License

MIT

Contributing

Contributions welcome! Please read CONTRIBUTING.md first.

About

A CLI tool to validate and lint environment variable files (.env) with schema validation and security checks

Resources

License

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors