DEV Community

Ruhul Amin
Ruhul Amin

Posted on

EnvGuard 3.0: Environment Guardian, CI & 99% Smaller

Missing keys and inconsistent values aren't the only risk in .env files. The bigger danger is accidentally committing a real API key or secret to Git.

EnvGuard 3.0.0 focuses on preventing that while introducing better environment validation—and the extension package is now 99.6% smaller.

🚨 Secret Detection & Leak Prevention
EnvGuard now detects common credentials including:

AWS Access Keys
Stripe Live Keys
GitHub Tokens
Slack Tokens
Google API Keys
Private Keys
JWTs
Generic secret-like values

Template files (.env.example, .env.sample, etc.) and placeholder values are ignored to reduce false positives.

If a file contains real secrets and isn't protected by .gitignore, EnvGuard warns you before those credentials accidentally end up in Git.

📋 Schema Validation

Add an envguard.schema.json file to define rules for your environment variables.You can validate:
Required keys
Numbers
Booleans
URLs
Emails
Regex patterns
Enum values

Validation errors appear directly inside VS Code and are also used by the CLI and Git hooks.

🔄 .env.example Auto Sync
Keeping .env.example updated is now automatic.EnvGuard can:
Preserve comments and ordering
Remove deleted keys
Add new keys
Keep existing placeholder values
Enable auto-sync to regenerate the file every time a .env file is saved.

⚙️ CI Support
The bundled CLI now supports:
node dist/cli/validate.js --ci --json
--ci : Fails the pipeline on validation errors.
--json : Outputs machine-readable validation results.
The same validation rules now run consistently in VS Code, Git hooks, and CI pipelines.

📦 99.6% Smaller Package
The biggest improvement wasn't a feature—it was packaging.
EnvGuard 2.0 shipped as a ~29.4 MB extension because development dependencies were accidentally included by:

Bundling with esbuild
Shipping only compiled files
Excluding unnecessary dependencies
Tightening .vscodeignore

the package shrank to ~103 KB.
Version Package Size
2.0.0 ~29.4 MB
3.0.0 ~103 KB
That's roughly a 99.6% reduction with no functionality removed.

Try It
Update EnvGuard to 3.0.
Test secret detection with a fake credential.
Generate an envguard.schema.json.
Sync your .env.example.
Run the CLI in CI with --ci --json.

Everything still runs 100% locally.

No telemetry
No network calls
No accounts
Your secrets never leave your machine

If these new features help prevent even one leaked credential or broken deployment, they've done their job. 🛡️

— Tuhin

Top comments (0)