We’ve all experienced it. You push a new feature to staging or production, the deployment finishes, and then... a sudden crash.
You open the logs only to find a familiar error: process.env.STRIPE_API_KEY is undefined or invalid port: "3000px".
Someone added a new third-party API key to the codebase, or defined a PORT as a word instead of a number in their local environment, but forgot to update the staging configurations.
To solve this problem once and for all, I built envguard: an offline-first linter and validator for environment variables, written in Go.
What is envguard?
Traditional dotenv validators only check if files exist, often causing config drifts. envguard is different: it statically scans your codebase files to find what environment variables your code is actually referencing, and validates them against your .env configuration file.
It warns you about:
- ❌ Missing variables: Your code uses them (e.g.
process.env.DB_URL), but they are not defined in.env. - ⚠️ Unused variables: They exist in
.env, but your code doesn't actually use them. - 🚫 Invalid formats: A database URL that isn't a valid URL, or a port that is not a number.
⚡ Zero-Install Quick Start
If you have Node.js installed, you can scan your project instantly without installing anything:
bash
# Set up a validation config (one-time setup)
npx envguard-bin init
# Audit your environment variables
npx envguard-bin audit
If you prefer to run it globally or use other languages:
# Go
go install github.com/Vamshavardhan50/envguard@latest
# Python
pip install envguard-bin
# NPM
npm install -g envguard-bin
Top comments (0)