Code Scanner | Not Hacker News!

Discussion (1 comments)

Showing 4 comments

26 days ago

1 reply

I've seen a few tools like this that try to keep things in sync. While it is better than the alternative of doing it manually, it is still a losing battle and not the greatest DX. Often you still have validation (if it exists) and types that also need to be kept in sync, and documentation is scattered throughout the codebase.

Another approach is to turn the example into a schema - and have it be included in the env loading process. This way non-sensitive values can be included directly, and it can never be out of sync. Only values that differ need to be defined in your git-ignored files or injected by the environment. This is precisely how https://varlock.dev solves this problem. The schema becomes the single source of truth, and is used to generate types as well. It also provides validation, leak prevention, and a bunch of other nice tools.

-- Other env-syncing libraries - https://github.com/luqmanoop/sync-dotenv - https://www.npmjs.com/package/dotenv-safe - https://www.npmjs.com/package/generate-env-example

chrilleweb

26 days ago

1 reply

Thanks you for the comment :)

I am currently working on a turbo mono repo frontend on my work with maybe 20-25 different env variables. Here the dotenv-diff is really a game changer, but yea for smaller projects, i might be a bit overkill.

I like the projects you have linked, i will try to see if they have any need to have features that i could use

in `dotenv-diff` you also have the --compare option which will compare your .env whit your .env.example to keeping them in sync, while also have the amount of scanning features that keeps the project safe.

theozero

26 days ago

One really nice thing in varlock for monorepos is the import syntax. This lets you have shared config at the root, or just to break things up however you need. No need for diffing or copy pasting, as the schema validates everything - if something is required, it will yell at you.

chrilleweb

26 days ago

Hello everyone,

I recently built a tool that I personally needed for my own projects, and now I’m super curious if other developers would actually find it useful.

It’s called dotenv-diff, and the main feature is a codebase scanner that finds problems with environment variables before they break things.

Why I built it

I kept seeing the same issues in real projects:

Feature breaks because .env is missing variables

New developer joins → app crashes due to missing env

.env.example goes out of sync

Someone accidentally leaves a secret inside a TS file

Frontend frameworks misused env naming (NEXT_PUBLIC, VITE_, etc.)

I wanted one CLI command that gives me a full health check of environment usage in my project.

Honest question:

Would this be useful in your workflow?

If you want to check it out:

npm package: https://www.npmjs.com/package/dotenv-diff Docs: https://dotenv-diff-docs.vercel.app

Resources