Every developer has deployed to production only to watch it crash because of a missing .env variable. dotenv-scan scan finds those variables before they cause downtime β and cleans up stale ones while it's at it.
Three problems, one command:
| Problem | What happens | How dotenv-scan helps |
|---|---|---|
| Missing variables | Code uses DATABASE_URL but .env doesn't have it |
Detected as β Missing |
| Unused variables | .env has OLD_REDIS_URL nobody uses anymore |
Detected as ποΈ Unused |
| Undocumented variables | .env has INTERNAL_API_KEY but .env.example doesn't |
Detected as β οΈ Undocumented |
- π Zero config β run
npx dotenv-scanin any project directory - π Multi-language β JavaScript, TypeScript, Python, Go, Ruby
- π Structured output β pretty terminal tables or JSON for tooling
- π Auto-generate
.env.exampleβ keeps docs in sync with one command - π€ CI-ready β
dotenv-scan checkexits with code 1 on missing variables - β‘ Fast β scans hundreds of files in under 500ms
npx dotenv-scan scanThat's it. No install needed.
dotenv-scan v1.0.0 Β· scanned 47 files in 284ms
β Missing (3)
DATABASE_URL src/db.ts:12, src/config.ts:8
JWT_SECRET src/auth/middleware.ts:4
STRIPE_API_KEY src/payments/stripe.ts:22
β οΈ Undocumented (2)
INTERNAL_API_KEY
DEBUG_MODE
ποΈ Unused (1)
OLD_REDIS_URL
β
OK (8)
PORT, NODE_ENV, API_BASE_URL, ... (and 5 more)
ββββββββββββββββββββββββββββββββββββββββ
Run `dotenv-scan generate` to update .env.example
Run without installing (recommended):
npx dotenv-scan scanInstall globally:
npm install -g dotenv-scanFrom source:
git clone https://github.com/dotenv-scan/dotenv-scan
cd dotenv-scan && npm install && npm run buildScan and report env variable issues. Always exits 0.
dotenv-scan scan # scan current directory
dotenv-scan scan --dir ./src # scan specific directory
dotenv-scan scan --dotenv .env.local # use specific .env file
dotenv-scan scan --format json # JSON output
dotenv-scan scan --no-color # disable colors
dotenv-scan scan -i "**/vendor/**" # ignore additional patternsSame as scan, but exits 1 if missing variables found. Perfect for CI.
dotenv-scan check # fails on missing vars
dotenv-scan check --strict # also fail on unused/undocumentedCI example (GitHub Actions):
- name: Check env variables
run: npx dotenv-scan checkGenerate or update .env.example from scan results.
dotenv-scan generate # creates/updates .env.example
dotenv-scan generate --example .env.tmpl # custom output path| Flag | Short | Default | Description |
|---|---|---|---|
--dir <path> |
-d |
./ |
Directory to scan |
--dotenv <path> |
-e |
.env |
Path to .env file |
--example <path> |
-x |
.env.example |
Path to .env.example file |
--ignore <patterns> |
-i |
β | Additional glob patterns to ignore |
--format <type> |
-f |
text |
Output format: text or json |
--no-color |
β | Disable colored output | |
--strict |
β | (check only) Fail on unused/undocumented too | |
--version |
β | Print version | |
--help |
β | Print help |
| Language | Patterns detected |
|---|---|
| JavaScript / TypeScript | process.env.VAR, process.env['VAR'], process.env["VAR"] |
| Python | os.environ.get('VAR'), os.environ['VAR'], os.getenv('VAR') |
| Go | os.Getenv("VAR") |
| Ruby | ENV['VAR'], ENV.fetch('VAR') |
Dynamic access warning: Patterns like process.env[dynamicKey] can't be statically analyzed. dotenv-scan detects these and reports them as warnings.
CLI Entry (Commander.js)
β
βββ Scanner ββββ Walker (fast-glob) ββββ Extractors (per-language regex)
β β
β EnvRef[] (used variables)
β
βββ Parser ββββ Dotenv parser ββββ EnvDef[] (defined variables)
β
βββ Analyzer ββ compares used β defined β documented
β
AnalysisResult
β
ββββββ΄βββββ
Reporter Generator
(text/json) (.env.example)
git clone https://github.com/dotenv-scan/dotenv-scan && cd dotenv-scan
npm install
npm run build # build first (required for integration tests)
npm test # run test suite
npm run test:coverage # run with coverage report
npm run lint # check code styleSee CONTRIBUTING.md for full guidelines.
- v1.0 β Core scan, check, generate commands
- v1.1 β PHP and Rust extractors
- v1.2 β
dotenv-scan.config.tssupport - v2.0 β Monorepo multi-.env support, VSCode extension
Contributions are welcome! See CONTRIBUTING.md.
Apache-2.0 β see LICENSE for details.
Made with β€οΈ for developers tired of "undefined is not a string" Β· Star this repo β