validatenv
Advanced tools
Status: Experimental
validatenv is a typesafe library for validating environment variables.
Create a type-safe, straightforward, and lightweight library for validating environment variables using existing validation libraries like Valibot or Zod. Additionally, I didn't trust existing libraries, as reading environment variables is a particularly vulnerable task.
import {
devDefault,
numberMiddleware,
portValidator,
validateEnv,
validateEnvVar
} from 'validatenv';
import { zValidator } from 'validation-adapters/zod';
import * as z from 'zod';
// Load environment variables
import 'dotenv/config';
// Validate multiple environment variables
const env = validateEnv(process.env, {
// Built-in validator
port: {
envKey: 'SERVER_PORT', // Read from SERVER_PORT instead of port
validator: portValidator,
defaultValue: devDefault(3000) // Uses default only in development environment
},
// Zod validator with middleware
MAX_CONNECTIONS: {
validator: zValidator(z.number().min(1).max(100)),
middlewares: [numberMiddleware], // Converts string input to number
defaultValue: 10
},
// Static value
NODE_ENV: 'development'
});
// Validate single environment variable
const apiKey = validateEnvVar(
'API_KEY',
{
validator: zValidator(z.string().min(10)),
description: 'API authentication key', // Shown in validation error messages for better debugging
example: 'abc123xyz789' // Provides usage example in error messages
},
process.env
);
// Type-safe access
console.log(env.port); // number
console.log(env.MAX_CONNECTIONS); // number
console.log(apiKey); // string
FAQs
Validate environment variables
The npm package validatenv receives a total of 3 weekly downloads. As such, validatenv popularity was classified as not popular.
We found that validatenv demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Node.js patched a crash bug where AsyncLocalStorage could cause stack overflows to bypass error handlers and terminate production servers.
Research
/Security News
A malicious Chrome extension steals newly created MEXC API keys, exfiltrates them to Telegram, and enables full account takeover with trading and withdrawal rights.
Security News
CVE disclosures hit a record 48,185 in 2025, driven largely by vulnerabilities in third-party WordPress plugins.