DEV Community

Rohan Mirjankar
Rohan Mirjankar

Posted on

πŸ›‘οΈ Introducing envguard – Zero-Boilerplate Environment Variable Validation for Node.js

#showdev #npm #productivity #javascript

Hey devs! πŸ‘‹

I just published my latest npm package @rohansm14/envguard and wanted to share it with the community.

The Problem

We've all been there – your app crashes at 2 AM because someone forgot to set DATABASE_URL in production, or DEBUG=false gets treated as a string instead of a boolean. Environment variable bugs are frustrating, hard to debug, and completely preventable.

The Solution

envguard validates all your environment variables at startup with a single function call. No more if (!process.env.X) throw... scattered everywhere. Just define your schema once and you're good to go.

Quick Example 

import 'dotenv/config'
import { guard } from '@rohansm14/envguard'

const env = guard({
  PORT:         { type: 'number',  default: 3000 },
  DATABASE_URL: { type: 'string',  required: true },
  DEBUG:        { type: 'boolean', default: false },
  JWT_SECRET:   { type: 'string',  required: true, minLength: 32 }
})

// env.PORT is 3000 (number, not string!)
// env.DEBUG is false (boolean, not string!)
app.listen(env.PORT)
mongoose.connect(env.DATABASE_URL)
Enter fullscreen mode Exit fullscreen mode

Key Features

  • βœ… Type coercion – "3000" β†’ 3000, "true" β†’ true
  • βœ… Required field validation – throws clear errors for missing vars
  • βœ… Default values – fallback when vars aren't set
  • βœ… String length validation – ensure your secrets are actually secret-worthy
  • βœ… All errors at once – see everything that's wrong, not just the first issue
  • βœ… Zero dependencies – lightweight and simple

Beautiful Error Messages

Instead of cryptic undefined errors buried deep in your app:

[envguard] Missing or invalid environment variables:
  βœ— DATABASE_URL β†’ required but not set
  βœ— JWT_SECRET   β†’ must be at least 32 characters (got 8)
  βœ— PORT         β†’ expected number, got "abc"

Fix these before starting the server.
Enter fullscreen mode Exit fullscreen mode

Schema Options

Option Type Description
type 'string' \ 'number' \
required boolean Throws if not set
default any Fallback value
minLength number Min string length (great for secrets!)

Installation 

npm install @rohansm14/envguard
Enter fullscreen mode Exit fullscreen mode

Test Coverage

The package comes with comprehensive tests covering:

  • Required field validation
  • Default values
  • Type coercion (numbers, booleans, strings)
  • Minimum length constraints
  • Multiple error aggregation
  • Edge cases (empty schemas, extra env vars) 
npm test
Enter fullscreen mode Exit fullscreen mode

Pro Tips

  1. Call it early – Put guard() at the very top of your entry file, before any other imports
  2. Use with dotenv – envguard doesn't load .env files, so pair it with dotenv
  3. Fail fast – envguard throws on startup, so you catch issues before they cause weird runtime behavior
  4. Type safety – Combine with TypeScript or JSDoc for even better DX

Links

What's Next?

I'm planning to add:

  • Custom validators (regex patterns, enums, etc.)
  • TypeScript definitions
  • Async secret loading (AWS Secrets Manager, Vault, etc.)

Feedback Welcome!

This is v1.0.0 and I'd love to hear your thoughts! Drop a comment, open an issue, or shoot me a PR. What features would make this more useful for your workflow?

Top comments (1)

Collapse
 
theoephraim profile image
Theo Ephraim

just use varlock.dev - its a mature solution that solves these problems and a lot more.