Two weeks ago I deployed a service that crashed on the first request. Not because the code was wrong — because process.env.DATABASE_URL was undefined and nobody caught it until a user hit the endpoint.
I've made this mistake enough times to recognize the pattern: environment variables in Node.js are string | undefined. TypeScript shrugs. Validation is your problem. Most teams don't do it, or they scatter it across 15 files with parseInt() and ?? operators.
The Three Lies process.env Tells You
1. "This variable exists"
const dbUrl = process.env.DATABASE_URL
// ^? string | undefined — TypeScript can't help
It might exist. It might not. You won't know until runtime. If it's undefined, the error surfaces at the point of first use — not at startup.
2. "This value is the right type"
const port = process.env.PORT // "3000" — it's a string!
app.listen(port + 1) // listens on "30001", not 3001
PORT is semantically a number. At runtime it's a string. Every consumer has to parse it. Nobody does it consistently.
3. "The format is correct"
// .env
DATABASE_URL=localhost:5432/myapp // forgot postgres://
// somewhere in your app
new URL(process.env.DATABASE_URL) // TypeError: Invalid URL
No error at import. No error at server start. The first database query crashes.
The Manual Approach
I've written this function more times than I can count:
function getEnv() {
const dbUrl = process.env.DATABASE_URL
if (!dbUrl) throw new Error("DATABASE_URL is required")
const port = parseInt(process.env.PORT ?? "3000", 10)
if (isNaN(port) || port < 1 || port > 65535) {
throw new Error("PORT must be between 1 and 65535")
}
const nodeEnv = process.env.NODE_ENV ?? "development"
if (!["development", "production", "test"].includes(nodeEnv)) {
throw new Error(`Invalid NODE_ENV: ${nodeEnv}`)
}
return { dbUrl, port, nodeEnv } as const
}
It works. But it's repetitive, undocumented, and TypeScript can't infer literal types from it. Every project reinvents this same function with slightly different bugs.
Schema-Based Validation
CtroEnv does the same thing with a schema:
import { defineEnv, string, number, pick } from "@ctroenv/core"
const env = defineEnv({
DATABASE_URL: string().url().describe("PostgreSQL connection URL"),
PORT: number().port().default(3000),
NODE_ENV: pick(["development", "production", "test"] as const).default("development"),
})
-
env.PORTisnumber— already parsed -
env.NODE_ENVis"development" | "production" | "test"— exact union, no typos -
env.DATABASE_URLisstring— guaranteed present and valid
If anything is missing or invalid, defineEnv() throws immediately with every error grouped:
● Missing required (1)
DATABASE_URL Add this variable to your .env file
✗ Invalid (1)
PORT Expected a port number (1-65535), received 0
No hunting through logs. The app crashes at import time, not on the first request.
What You Get
| Problem | Raw process.env | CtroEnv |
|---|---|---|
| Type safety | `string \ | undefined` |
| Startup validation | None | All vars validated |
| Error clarity | cannot read property of undefined |
Grouped, descriptive |
| Defaults | Manual ??
|
.default() |
| Secret handling | Silent |
.secret() masks at runtime |
| CI integration | None |
ctroenv check, ctroenv validate
|
The Validators
string().url() // valid URL
string().email() // valid email (HTML5 regex)
string().port() // port 1-65535
string().min(8) // minimum length
string().max(255) // maximum length
string().hostname() // RFC 1123 hostname
string().regex(/^[a-z]+$/) // custom pattern
number().int() // integer
number().positive() // > 0
number().port() // 1-65535
number().min(1) // minimum value
number().max(100) // maximum value
boolean() // "true"/"false", "yes"/"no", "1"/"0", "y"/"n"
pick(["dev", "prod"]) // exact string union
// Chainable on all validators:
.optional() .default(v) .describe(t) .secret() .validate(fn)
One line per variable, and TypeScript infers everything from the schema.
npm install @ctroenv/core
Top comments (3)
Use varlock (also free and open source) - its a mature solution with an active user base. Plugins and integrations for everything. Supports built in hardware backed encryption, or pulling from any common vaults. Log redaction, leak prevention, tons of very powerful features.
Honest question, since you tease the Zod comparison in the next post. For someone already calling z.object on process.env at startup, what's the day-one reason to switch? From your examples the real wins look like the grouped missing-and-invalid summary and the .secret() masking, with the typed parsing being roughly parity. If that's the pitch, it's a fair one, that error output is genuinely friendlier than Zod's default throw. I just want to be sure I'm reading the delta right and not missing something deeper in the validator chain.
yes brother, you're reading the delta correctly for the parsing layer itself. The typed validation between
z.object({ PORT: z.coerce.number().min(1).max(65535).default(3000) })andnumber().port().default(3000)is roughly parity. Same guarantees, similar expressiveness.The deeper differences are around the schema, not the parsing:
Zero dependencies. Zod adds ~50 KB to your bundle. CtroEnv core is 6.5 KB with zero runtime deps. If you're building a CLI tool or a serverless function, that difference shows up in cold start times and install speed.
Error collection. Zod throws on the first validation failure. You fix it, re-run, hit the next one. CtroEnv collects every error before throwing, so you get the full picture in one pass. The grouped output is a nicer default, but the real win is not having to iterate.
Secret masking. The
.secret()proxy is deeper than justconsole.logprotection. It trapsget,getOwnPropertyDescriptor,has,ownKeys,JSON.stringify, andutil.inspect. A Zod schema doesn't prevent a strayJSON.stringify(config)from leaking secrets into your log aggregator. With CtroEnv it's masked at every exit point by default.Framework adapters. If you're using Vite or Next.js, you need to wire up
import.meta.envor the server/client split yourself with Zod. CtroEnv has adapters that handle those sources. Same schema, different source, no code changes.CLI tooling.
ctroenv check --source .env.exampleruns in CI without importing your schema.ctroenv docsgenerates anENVIRONMENT.mdthat's always accurate. Neither exists in the Zod ecosystem.Coercion strictness.
z.coerce.number()accepts"0xFF"(parses as 255) and"1e2"(parses as 100). CtroEnv'snumber()rejects both. For env vars, silent coercion of hex or scientific notation is usually a bug, not a feature.If parsing parity is all you need, sticking with Zod is fine. The day-one reason to switch is the tooling, the secret guarantees, and the smaller dependency footprint. The validation is table stakes -- everything else around it is where the time gets saved.