dotenv-diff
Advanced tools
Scan your codebase to detect every environment variable reference. It helps you catch missing, unused, duplicated, and misused variables early, before they cause runtime errors.
First-class support for SvelteKit and Next.js. Also works well in modern JavaScript/TypeScript projects and frameworks like Node.js, Nuxt, and Vue — or any other setup where you want reliable .env file comparison.
→ See Capabilities Documentation for details on what the scanner checks for and how it works.
--init)Generate a default configuration file:
dotenv-diff --init
→ See Configuration Documentation for more details.
Easily integrate dotenv-diff into your Git hooks or CI/CD pipelines to enforce environment variable consistency.
→ See Git Hooks Documentation for more details.
In SvelteKit and Next.js projects, dotenv-diff detects framework-specific environment variable misuses.
Example warning:
Framework issues (Sveltekit):
- PUBLIC_API_URL (src/routes/+page.ts:1)
→ $env/dynamic/private variables must not start with "PUBLIC_"
→ See Framework Documentation for more details.
You can ignore specific environment variable warnings by adding comments in your code. For example:
const apiKey = process.env.API_KEY; // dotenv-diff-ignore
This is helpful when you know a specific warning is safe in your source code.
→ See Ignore Comments Documentation for more details.
Add expiration metadata to your environment variables to get warnings when they are about to expire. For example, in your .env file:
# @expire 2025-12-31
API_TOKEN=
→ See Expiration Documentation for more details.
In monorepos with multiple apps and packages, you can include shared folders:
{
"scripts": {
"dotenv-diff": "dotenv-diff --example .env.example --include-files '../../packages/**/*' --ignore VITE_MODE"
}
}
→ See Monorepo Documentation for more details.
This will:
0 → No errors1 → Errors found (or warnings in strict mode)→ See dotenv-diff Documentation for full documentation
Issues and pull requests are welcome.
→ See CONTRIBUTING for details.
Thanks to these amazing people for contributing to this project:
Licensed under the MIT license.
Created by chrilleweb
FAQs
Detects environment variable issues, usage, and potential security risks.
The npm package dotenv-diff receives a total of 1,115 weekly downloads. As such, dotenv-diff popularity was classified as popular.
We found that dotenv-diff demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.
Security News
Axios compromise traced to social engineering, showing how attacks on maintainers can bypass controls and expose the broader software supply chain.
Security News
Node.js has paused its bug bounty program after funding ended, removing payouts for vulnerability reports but keeping its security process unchanged.