check

The main command. Compares .env against .env.example and reports issues in two categories.

Usage

envaudit check
envaudit check --env .env.local --example .env.example
envaudit check --ci

What it checks

Errors

Missing variables — keys defined in .env.example but absent from .env
Leaked secrets — values in .env.example that look like real secrets (API keys, tokens, etc.)

Warnings

Undocumented variables — keys in .env that are not in .env.example
Empty values — keys in .env with no value assigned

Output example

Missing variables (in .env.example but not in .env)
  ✗ API_KEY
  ✗ REDIS_URL

Possible secrets in example file
  ✗ STRIPE_KEY has a value that looks like a real secret

Undocumented variables (in .env but not in .env.example)
  ⚠ DEBUG_MODE

Empty values
  ⚠ SECRET_KEY

4 issues found (3 errors · 1 warning)

Options

Flag	Description
`--env <path>`	Path to `.env` file (default: `.env`)
`--example <path>`	Path to `.env.example` (default: `.env.example`)
`--ci`	Exit with code 1 if any errors are found
`--ignore-empty`	Skip empty value warnings (useful in CI)
`--no-color`	Disable colored output

Exit codes

Code	Meaning
`0`	No errors (warnings may still be present)
`1`	Errors found (only with `--ci` flag)