Missing keys and inconsistent values aren't the only risk in .env files. The bigger danger is accidentally committing a real API key or secret to Git.
EnvGuard 3.0.0 focuses on preventing that while introducing better environment validation—and the extension package is now 99.6% smaller.
🚨 Secret Detection & Leak Prevention
EnvGuard now detects common credentials including:
AWS Access Keys
Stripe Live Keys
GitHub Tokens
Slack Tokens
Google API Keys
Private Keys
JWTs
Generic secret-like values
Template files (.env.example, .env.sample, etc.) and placeholder values are ignored to reduce false positives.
If a file contains real secrets and isn't protected by .gitignore, EnvGuard warns you before those credentials accidentally end up in Git.
📋 Schema Validation
Add an envguard.schema.json file to define rules for your environment variables.You can validate:
Required keys
Numbers
Booleans
URLs
Emails
Regex patterns
Enum values
Validation errors appear directly inside VS Code and are also used by the CLI and Git hooks.
🔄 .env.example Auto Sync
Keeping .env.example updated is now automatic.EnvGuard can:
Preserve comments and ordering
Remove deleted keys
Add new keys
Keep existing placeholder values
Enable auto-sync to regenerate the file every time a .env file is saved.
⚙️ CI Support
The bundled CLI now supports:
node dist/cli/validate.js --ci --json
--ci : Fails the pipeline on validation errors.
--json : Outputs machine-readable validation results.
The same validation rules now run consistently in VS Code, Git hooks, and CI pipelines.
📦 99.6% Smaller Package
The biggest improvement wasn't a feature—it was packaging.
EnvGuard 2.0 shipped as a ~29.4 MB extension because development dependencies were accidentally included by:
Bundling with esbuild
Shipping only compiled files
Excluding unnecessary dependencies
Tightening .vscodeignore
the package shrank to ~103 KB.
Version Package Size
2.0.0 ~29.4 MB
3.0.0 ~103 KB
That's roughly a 99.6% reduction with no functionality removed.
Try It
Update EnvGuard to 3.0.
Test secret detection with a fake credential.
Generate an envguard.schema.json.
Sync your .env.example.
Run the CLI in CI with --ci --json.
Everything still runs 100% locally.
No telemetry
No network calls
No accounts
Your secrets never leave your machine
If these new features help prevent even one leaked credential or broken deployment, they've done their job. 🛡️
— Tuhin
Top comments (0)