What is envaudit?

Catch missing variables, leaked secrets, and env drift before they break your app. Zero dependencies, runs in milliseconds.

Get Started Commands View on GitHub

Why envaudit?

.env files are critical but fragile. A missing variable can crash your app in production. A real secret in .env.example can end up on GitHub. envaudit catches these problems automatically.

Audit

Compare .env against .env.example — find missing variables, undocumented keys, empty values, and leaked secrets in one command.

Diff

Compare any two env files side by side. Secret-looking values are automatically masked in the output.

Sync

Add missing keys from .env.example to .env and vice versa. Preview changes with --dry-run before writing.

Document

Generate a markdown table of all env variables, grouped by prefix, with columns for required status, defaults, and grouping.

Secret Detection

Flags real secrets in .env.example (API keys, tokens, AWS credentials) while ignoring common placeholders like changeme or your-key-here.

Zero Dependencies

No npm packages. Only Node.js built-in modules. Installs instantly, runs in milliseconds, never breaks due to dependency updates.

Quick Example

$ envaudit check

Missing variables (in .env.example but not in .env)
  ✗ API_KEY
  ✗ REDIS_URL

Possible secrets in example file
  ✗ STRIPE_KEY has a value that looks like a real secret

Undocumented variables (in .env but not in .env.example)
  ⚠ DEBUG_MODE

Empty values
  ⚠ SECRET_KEY

4 issues found (3 errors · 1 warning)

Next Steps

Installation

Install envaudit globally or use it with npx — takes seconds.

CI Integration

Add to your pipeline to catch env issues before they reach production.