ckmtools / envscan / for Node.js

envscan for Node.js

Node.js projects accumulate process.env references over time. New engineers fork the repo, miss a var, get a cryptic undefined error, and spend an hour debugging. envscan scans every .js and .ts file to find them all — and generates the .env.example your README forgot.

$ envscan scan .
Found 8 environment variables:
  DATABASE_URL     type: url     src/db.js:23
  JWT_SECRET       type: secret  src/auth.js:12
  PORT             type: number  src/server.js:5
  REDIS_URL        type: url     src/cache.js:8
  SMTP_HOST        type: string  src/mailer.js:31
  SMTP_PORT        type: number  src/mailer.js:32
  API_RATE_LIMIT   type: number  src/middleware.js:7
  NODE_ENV         type: string  src/config.js:2

Missing from .env.example: JWT_SECRET, REDIS_URL (2/8 undocumented)
Exit code: 1
Join the waitlist

Free — we'll email you when it launches

Why Node.js projects lose track of env vars

Node.js projects accumulate process.env references across dozens of files as the codebase grows. Each developer adds one, maybe updates the README, maybe doesn't. Six months later the .env.example is missing four vars and nobody knows it.

The symptom is always the same: a new engineer clones the repo, runs npm start, and gets "Cannot read properties of undefined (reading 'split')" or "TypeError: Invalid URL" — because DATABASE_URL or REDIS_URL wasn't in the .env.example they copied.

grep -r "process.env" works once. It doesn't generate .env.example, it doesn't tell you which vars are missing from docs, and it doesn't fail your CI build when someone adds a new one.

envscan makes it one command: scan, report, generate. Run it as a prestart hook and stop debugging missing env vars in development.

What envscan finds

Scans .js and .ts files

Reads every source file for process.env.VAR_NAME references. Infers type from naming conventions: _PORT → number, _SECRET / _KEY / _TOKEN → secret (redacted in .env.example output), _URL → url, everything else → string. Reports file name and line number for each var.

Generates .env.example

Writes a documented .env.example with an inline comment for each var showing which file and line uses it. Secret vars are redacted automatically (JWT_SECRET=***). Run once to bootstrap the file, then in CI to keep it current.

CI integration

Returns exit code 1 when undocumented vars are found. Wire into npm scripts or a GitHub Action — if a developer adds process.env.NEW_SECRET without updating .env.example, the check fails with a clear diff before the PR merges.

Wire it into your npm scripts

{
  "scripts": {
    "check-env": "envscan scan . --fail-on-undocumented",
    "prestart": "npm run check-env",
    "prebuild": "npm run check-env"
  }
}

prestart runs before npm start. prebuild runs before npm run build. Any process.env reference that isn't in .env.example causes an immediate exit with a clear error — before your server starts or your bundler runs.

Join the waitlist

envscan is in development. Join the waitlist and we'll email you when it's ready. Free tier planned: unlimited repo scans, .env.example generation, GitHub Actions CI check.

Notify Me When It's Ready

Free — no credit card required

← Back to envscan overview