ckmtools / envscan

envscan

Reads your code. Knows which env vars you need.

From the team behind textlens — 96 npm downloads/week · 6 GitHub stars

$ npm install -g envscan
# discover all process.env references
$ envscan scan

# fail if any discovered vars are missing
$ envscan validate
npm version MIT license
Get Early Access

$0 — no credit card required

What it does

Auto-discovery

Scans every .js and .ts file in your project. Finds every process.env.VARIABLE reference without configuration.

Generate .env.example

Outputs a documented .env.example stub from discovered vars. Keep it in sync automatically, not manually.

Validate before deploy

Run envscan validate in CI. Fails loudly when required vars are missing, with the file and line number.

Type inference

Detects likely type from var name: _PORT → number, _URL → URL, _SECRET → redacted, _ENABLED → boolean.

Zero config

No schema files to maintain. Point it at your project and it figures out the rest.

CI integration

GitHub Action posts inline PR comments when vars are added to code but missing from .env.example.

Usage

Four commands. No configuration file required.

# Scan source code for env vars
envscan scan

# Generate .env.example from scan results
envscan generate

# Validate current .env against discovered schema
envscan validate

# Full output (all discovered vars with types and locations)
envscan scan --verbose

Sample output from envscan scan --verbose:

Found 8 environment variables:

  DATABASE_URL       type: url      src/db.ts:12
  PORT               type: number   src/server.ts:5
  JWT_SECRET         type: secret   src/auth.ts:8, src/auth.ts:23
  REDIS_URL          type: url      src/cache.ts:3
  SENDGRID_API_KEY   type: secret   src/email.ts:7
  APP_ENV            type: string   src/config.ts:2
  LOG_LEVEL          type: string   src/config.ts:3
  DEBUG              type: boolean  src/config.ts:4

Validation: 7/8 vars set. Missing: SENDGRID_API_KEY

How it's different

Every other env var tool — dotenv-safe, envalid, env-var, dotenvx — requires you to manually declare which vars your code uses. You maintain the list. You forget to update it. envscan reads your source code instead. The schema is your codebase.

Join the Waitlist

envscan is in development. Join the waitlist to get notified at launch — no charge, cancel any time.

Get Early Access

$0 — no credit card required

Pricing

Free

$0 /mo
  • CLI scan + generate + validate
  • Unlimited local use
  • All 4 commands
Install CLI
Most Popular

CI

$6 /mo
  • Everything in Free
  • GitHub Action on every PR
  • Inline comments for missing vars
  • README badge
Coming soon

Team

$12 /mo
  • Everything in CI
  • Shared .env schema
  • Version history
  • Audit log
  • Team management
Coming soon

GitHub Action (CI tier)

Add env var checking to every pull request in two lines of YAML.

# .github/workflows/env-check.yml
name: Env Check
on: [pull_request]
jobs:
  validate:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: ckmtools/envscan-action@v1
        with:
          token: ${{ secrets.GITHUB_TOKEN }}

envscan-action posts inline PR comments when a new process.env reference appears in the diff without a corresponding .env.example entry.

Get started

$ npm install -g envscan
npm GitHub