Every Node.js developer has faced this at least once:
App crashes in production.
"Cannot read property of undefined."
2 hours of debugging later — someone forgot to set DATABASE_URL.
I got tired of this. So I built dotenv-audit — a CLI tool that scans your actual code, finds every process.env usage, and tells you exactly what's missing.
The Problem with Existing Tools
dotenv → loads .env file. Doesn't validate anything.
envalid → validates, but you have to write a schema manually:
// With envalid - you write this for EVERY variable
const env = cleanEnv(process.env, {
DATABASE_URL: str(),
JWT_SECRET: str(),
PORT: port({ default: 3000 }),
REDIS_HOST: str(),
// ... 20 more lines
})
The problem? You already wrote process .env.DATABASE_URL in your code. Why write it again in a schema?
The Solution
npx dotenv-audit --ask
That's it. One command. It:
Scans your .js, .ts, .jsx, .tsx, .vue, .svelte files
Finds every process.env.XXXX automatically
Shows what's missing with exact file locations
Generates a .env file with smart placeholder values
Output
dotenv-audit v1.0.2
──────────────────────────────────────────
Scanned 47 files · Found 12 env variables
✗ MISSING (3)
✗ DATABASE_URL
→ src/db/connect.ts:14
✗ JWT_SECRET
→ src/auth/middleware.js:7
✗ STRIPE_KEY
→ src/payments/stripe.ts:22
⚠ 2 warning(s) — use --verbose to see details
✓ SET (9)
──────────────────────────────────────────
3 missing · 9 set
Smart .env Generation
When you run --ask mode, it asks:
? Generate ENV_SETUP.md with all missing variables? (yes/no): yes
? Create new .env file with missing variables? (yes/no): yes
And generates a .env with context-aware placeholder values:
# ── Database ────────────────────────────────
DATABASE_URL=mongodb://localhost:27017/your_database_name
REDIS_HOST=localhost
REDIS_PORT=6379
# ── Authentication ──────────────────────────
JWT_SECRET=your_jwt_secret_key_min_32_chars_long
# ── Stripe ──────────────────────────────────
STRIPE_KEY=sk_test_your_stripe_secret_key_here
# ── AI / LLM ────────────────────────────────
OPENAI_API_KEY=sk-your_openai_api_key_here
It even reads your package.json — if you use mongoose, it gives mongodb:// URLs. If you use pg, it gives postgresql:// URLs.
Detection Patterns
It catches all the ways developers access env variables:
// All detected:
process.env.DATABASE_URL // dot access
process.env["API_KEY"] // bracket access
const { PORT, HOST } = process.env // destructuring
process.env.PORT || 3000 // defaults (shown as warning)
import.meta.env.VITE_API_URL // Vite
// Smart filtering:
import.meta.env.DEV // SKIPPED (Vite built-in)
import.meta.env.MODE // SKIPPED (Vite built-in)
// process.env.COMMENTED // SKIPPED (in comments)
Monorepo Support
If you have a monorepo (pnpm workspaces, lerna, turbo), it auto-detects services and creates separate .env files:
? Create .env inside each service folder? (yes/no): yes
✓ api/.env — created with 18 variables
✓ client/.env — created with 8 variables
✓ services/auth/.env — created with 5 variables
✓ Done! 3 service .env files processed
No more dumping all variables into one file.
Use in CI/CD
Add this to your GitHub Actions:
- name: Validate env vars
run: npx dotenv-audit --ci --json
If any required variable is missing, the pipeline fails — before your app does.
Quick Comparison
| Feature | dotenv | envalid | dotenv-audit |
|---|---|---|---|
| Auto-detect from code | No | No | Yes |
| Zero schema needed | - | No | Yes |
Generate .env file |
No | No | Yes |
| Database auto-detect | No | No | Yes |
| Monorepo support | No | No | Yes |
| Zero dependencies | Yes | No | Yes |
Try It
npx dotenv-audit --ask
npm: https://www.npmjs.com/package/dotenv-audit
This is my first npm package. I'd genuinely love feedback — what features would make this more useful for your workflow?
Top comments (0)