Skip to main content

nextjs-env-variables

Manages Next.js environment variables with file precedence and deployment configurations for seamless application setup.

Install this skill

or
0/100

Security score

The nextjs-env-variables skill was audited on Mar 1, 2026 and we found 49 security issues across 2 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

low line 18

Access to .env file

SourceSKILL.md
18├── .env # Shared defaults (committed)
low line 19

Access to .env file

SourceSKILL.md
19├── .env.local # Local secrets (gitignored)
low line 20

Access to .env file

SourceSKILL.md
20├── .env.development # Development defaults (committed)
low line 21

Access to .env file

SourceSKILL.md
21├── .env.development.local # Local dev overrides (gitignored)
low line 22

Access to .env file

SourceSKILL.md
22├── .env.production # Production defaults (committed)
low line 23

Access to .env file

SourceSKILL.md
23├── .env.production.local # Production secrets (gitignored)
low line 24

Access to .env file

SourceSKILL.md
24├── .env.test # Test environment (committed)
low line 25

Access to .env file

SourceSKILL.md
25└── .env.example # Documentation (committed)
medium line 32

Access to .env file

SourceSKILL.md
321. `.env.$(NODE_ENV).local` (e.g., `.env.production.local`)
medium line 33

Access to .env file

SourceSKILL.md
332. `.env.local` (not loaded in test environment)
medium line 34

Access to .env file

SourceSKILL.md
343. `.env.$(NODE_ENV)` (e.g., `.env.production`)
medium line 35

Access to .env file

SourceSKILL.md
354. `.env`
medium line 37

Access to .env file

SourceSKILL.md
37**Example**: In production, if `DATABASE_URL` is defined in both `.env` and `.env.production.local`, the value from `.env.production.local` wins.
low line 46

Access to .env file

SourceSKILL.md
46# .env.local
low line 56

Access to .env file

SourceSKILL.md
56const apiUrl = process.env.NEXT_PUBLIC_API_URL;
low line 60

Access to .env file

SourceSKILL.md
60return <div>API: {process.env.NEXT_PUBLIC_API_URL}</div>;
low line 79

Access to .env file

SourceSKILL.md
79# .env.local
low line 90

Access to .env file

SourceSKILL.md
90const dbUrl = process.env.DATABASE_URL;
low line 96

Access to .env file

SourceSKILL.md
96const secret = process.env.JWT_SECRET;
low line 102

Access to .env file

SourceSKILL.md
102const dbUrl = process.env.DATABASE_URL; // undefined!
medium line 108

Access to .env file

SourceSKILL.md
108### .env (Committed - Shared Defaults)
low line 115

Access to .env file

SourceSKILL.md
115# Database (overridden in .env.local)
medium line 122

Access to .env file

SourceSKILL.md
122### .env.local (Gitignored - Local Secrets)
medium line 134

Access to .env file

SourceSKILL.md
134### .env.production (Committed - Production Defaults)
medium line 146

Access to .env file

SourceSKILL.md
146### .env.example (Committed - Documentation)
low line 149

Access to .env file

SourceSKILL.md
149# Copy this to .env.local and fill in actual values
low line 171

Access to .env file

SourceSKILL.md
171# Development (.env.local)
low line 234

Access to .env file

SourceSKILL.md
234python scripts/validate_env.py .env.local --framework nextjs
low line 236

Access to .env file

SourceSKILL.md
236# Compare with .env.example
low line 237

Access to .env file

SourceSKILL.md
237python scripts/validate_env.py .env.local --compare-with .env.example
low line 246

Access to .env file

SourceSKILL.md
246# List all .env files
low line 247

Access to .env file

SourceSKILL.md
247ls -la .env*
low line 250

Access to .env file

SourceSKILL.md
250for file in .env*; do
medium line 273

Access to .env file

SourceSKILL.md
273**Symptom**: `process.env.MY_VAR` is `undefined` in component.
medium line 297

Access to .env file

SourceSKILL.md
297**Symptom**: App works with `.env.local`, fails in production.
medium line 299

Access to .env file

SourceSKILL.md
299**Solution**: Ensure all variables from `.env.local` are set in Vercel:
medium line 310

Access to .env file

SourceSKILL.md
310- [ ] `.env.local` in `.gitignore`
medium line 311

Access to .env file

SourceSKILL.md
311- [ ] `.env.*.local` in `.gitignore`
medium line 313

Access to .env file

SourceSKILL.md
313- [ ] No `.env` files committed with real secrets
medium line 314

Access to .env file

SourceSKILL.md
314- [ ] `.env.example` has structure, not actual values
low line 47

External URL reference

SourceSKILL.md
47NEXT_PUBLIC_API_URL=https://api.example.com
low line 131

External URL reference

SourceSKILL.md
131NEXT_PUBLIC_API_URL=http://localhost:4000/api
low line 138

External URL reference

SourceSKILL.md
138NEXT_PUBLIC_API_URL=https://api.production.com
low line 152

External URL reference

SourceSKILL.md
152NEXT_PUBLIC_API_URL=https://api.example.com
low line 212

External URL reference

SourceSKILL.md
212NEXT_PUBLIC_API_URL=https://api.example.com # ✅ Exposed to browser
low line 279

External URL reference

SourceSKILL.md
279API_URL=https://api.example.com
low line 282

External URL reference

SourceSKILL.md
282NEXT_PUBLIC_API_URL=https://api.example.com
low line 319

External URL reference

SourceSKILL.md
319- [Next.js Environment Variables Documentation](https://nextjs.org/docs/basic-features/environment-variables)
low line 320

External URL reference

SourceSKILL.md
320- [Vercel Environment Variables](https://vercel.com/docs/environment-variables)
Scanned on Mar 1, 2026
View Security Dashboard

Install this skill with one command

/learn @macphobos/toolchains-javascript-frameworks-nextjs
Rate this skill
Categorydevelopment
UpdatedMarch 29, 2026
openclawbackendfrontend-developerproduct-managerdevops-sreverceldevelopmentproduct
MacPhobos/research-mind