ckmtools / envscan / for Docker

envscan for Docker

Docker containers fail at runtime when env vars are missing — not at build time. envscan scans your source files and docker-compose.yml before you push, so every required var is documented in .env.example before the container starts.

$ envscan scan --include-yaml docker-compose.yml .
Found 9 environment variables:
  DATABASE_URL     type: url     src/db.ts:12
  PORT             type: number  src/server.ts:5
  JWT_SECRET       type: secret  src/auth.ts:8
  REDIS_URL        type: url     src/cache.ts:3
  SMTP_HOST        type: string  src/mailer.ts:15
  docker-compose:  POSTGRES_PASSWORD, POSTGRES_USER, POSTGRES_DB, APP_PORT

Missing from .env.example: JWT_SECRET, REDIS_URL (2/9 undocumented)
Exit code: 1
Join the waitlist

Free — we'll email you when it launches

Why Docker deployments break on missing env vars

Docker containers exit when a required env var is missing — and the error is often cryptic. "Cannot read property 'host' of undefined" is almost always a missing DATABASE_URL. The container starts, tries to connect, and crashes without telling you why.

docker-compose.yml references env vars from your host, .env files, and service definitions. They rarely agree with what your Node.js code actually uses. A variable declared under environment: in Compose may not match what process.env references in your source — and nothing checks this at build time.

Manual audit: grep -r "process.env" across your codebase, cross-reference with .env.example, repeat for every new engineer who joins. envscan makes it one command that covers both source files and Compose definitions.

Add it to your Docker build check and fail fast before the image gets pushed. Catch the gap on your laptop, not in staging.

What envscan finds in Docker projects

Source file scanning

Parses every .js and .ts file for process.env.VAR_NAME references. Infers type: _PORT → number, _SECRET / _KEY / _TOKEN → secret (redacted in output), _URL → url, _HOST / _PATH → string.

docker-compose.yml support

Pass --include-yaml and envscan scans your Compose file for environment: blocks, env_file: references, and ${VAR} substitution patterns. Maps each variable to service name and line number for easy cross-referencing.

.env.example generation

Generates a documented .env.example with inline comments showing where each var is used. Secret vars are redacted automatically. Run in CI to fail when new vars are added without documentation.

Add it to your Docker workflow

# Makefile target
check-env:
	npx envscan scan --include-yaml docker-compose.yml . --fail-on-undocumented

# Run before docker build
docker-build: check-env
	docker build -t myapp .
	docker push myapp:latest

Add envscan to your pre-build step. When a developer adds process.env.NEW_SECRET without updating .env.example, the build fails with a clear error — before the image is built or pushed.

Join the waitlist

envscan is in development. Join the waitlist and we'll email you when it's ready. Free tier planned: unlimited repo scans, docker-compose.yml support, GitHub Actions CI check.

Notify Me When It's Ready

Free — no credit card required

← Back to envscan overview