New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

@scaffit/env

Package Overview
Dependencies
Maintainers
1
Versions
6
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@scaffit/env

Environment variable setup with Zod validation for Next.js, React, Vue, Angular, Svelte, Express, Fastify, Node.js projects

latest
Source
npmnpm
Version
1.0.5
Version published
Maintainers
1
Created
Source

@scaffit/env

Environment variable setup with Zod validation.

Features

  • Type-safe environment variables with Zod validation
  • Multi-framework support - Next.js, React, Vue, Angular, Svelte, Express, Fastify, Node.js
  • Automatic framework detection - Adapts configuration based on your project
  • Example variables included for common use cases
  • Feature-based configuration - Choose what to include (database, auth, APIs, etc.)

Installation

Option 1: Using Scaffit CLI (Recommended)

# Add environment scaffold (no installation needed!)
npx scaffit add env

Alternative: Global Installation

# Install CLI globally
npm install -g scaffit

# Add environment scaffold
scaffit add env

Option 2: Direct npm package usage

# Install scaffold directly
npm install @scaffit/env

# Use in your code
import { setupEnv, previewEnv } from '@scaffit/env';

// Setup environment variables with custom options
const result = await setupEnv({
  includeExamples: true,
  useZod: true,
  features: ['database', 'auth', 'apis'],
  projectRoot: './my-project'
});

// Preview changes before applying
const preview = await previewEnv({
  useZod: true,
  features: ['database', 'auth']
});

Note: Both approaches require @scaffit/core to be installed (automatically handled).

Usage

After installation, you can immediately use environment variables:

# Copy the example file and fill in your values
cp .env.example .env.local

# Your environment variables are now validated and type-safe

Note: Environment setup is ready to use immediately after installation.

Configuration Options

  • Use Zod validation: Add Zod schema validation for environment variables
  • Include examples: Add common environment variable examples
  • Select features: Choose from database, auth, APIs, email, storage, analytics
  • Framework: Automatically detected (Next.js, React, Vue, Angular, Svelte, Express, Fastify, Node.js)

Generated Files

.env.example

Template file with example environment variables (framework-specific):

Next.js:

# Next.js Configuration
NEXTAUTH_URL="http://localhost:3000"
NEXTAUTH_SECRET="your-secret-key-here"

# Database
DATABASE_URL="postgresql://username:password@localhost:5432/database"

# API Keys
OPENAI_API_KEY="your-openai-key-here"
STRIPE_SECRET_KEY="your-stripe-secret-key"

React/Vue/Svelte:

# React/Vue/Svelte Configuration
VITE_API_URL="http://localhost:3000"

# Database
DATABASE_URL="postgresql://username:password@localhost:5432/database"

# API Keys
OPENAI_API_KEY="your-openai-key-here"
STRIPE_SECRET_KEY="your-stripe-secret-key"

Express/Fastify/Node.js:

# Express/Fastify Configuration
PORT=3000
NODE_ENV="development"

# Database
DATABASE_URL="postgresql://username:password@localhost:5432/database"

# Authentication
JWT_SECRET="your-jwt-secret-here"
SESSION_SECRET="your-session-secret-here"

env.ts / env.js

Type-safe environment validation (framework-specific):

Next.js:

import { z } from 'zod';

const envSchema = z.object({
  NODE_ENV: z.enum(['development', 'production', 'test']).default('development'),
  NEXTAUTH_URL: z.string().url(),
  NEXTAUTH_SECRET: z.string().min(32),
  DATABASE_URL: z.string().url(),
  OPENAI_API_KEY: z.string().optional(),
  STRIPE_SECRET_KEY: z.string().optional(),
});

export const env = envSchema.parse(process.env);
export type Env = z.infer<typeof envSchema>;

React/Vue/Svelte:

import { z } from 'zod';

const envSchema = z.object({
  NODE_ENV: z.enum(['development', 'production', 'test']).default('development'),
  VITE_API_URL: z.string().url(),
  DATABASE_URL: z.string().url(),
  OPENAI_API_KEY: z.string().optional(),
  STRIPE_SECRET_KEY: z.string().optional(),
});

export const env = envSchema.parse(process.env);
export type Env = z.infer<typeof envSchema>;

Express/Fastify/Node.js:

import { z } from 'zod';

const envSchema = z.object({
  NODE_ENV: z.enum(['development', 'production', 'test']).default('development'),
  PORT: z.string().default('3000'),
  DATABASE_URL: z.string().url(),
  JWT_SECRET: z.string().min(32),
  SESSION_SECRET: z.string().min(32),
  OPENAI_API_KEY: z.string().optional(),
  STRIPE_SECRET_KEY: z.string().optional(),
});

export const env = envSchema.parse(process.env);
export type Env = z.infer<typeof envSchema>;

Dependencies Added

  • zod - Schema validation for environment variables

Next Steps

  • Copy .env.example to .env.local
  • Fill in your actual environment variables
  • Import env in your application files
  • Use type-safe environment variables throughout your app

Example Usage

import { env } from './env';

// Type-safe access to environment variables
const dbUrl = env.DATABASE_URL; // string
const secret = env.NEXTAUTH_SECRET; // string

Keywords

environment-variables
env
zod
validation
typescript
javascript

FAQs

Package last updated on 26 Oct 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Supply Chain Attack on Axios Pulls Malicious Dependency from npm

Research

Supply Chain Attack on Axios Pulls Malicious Dependency from npm

A supply chain attack on Axios introduced a malicious dependency, plain-crypto-js@4.2.1, published minutes earlier and absent from the project’s GitHub releases.

By Socket Research Team  -  Mar 31, 2026