env-validation
Validates environment variables on server start and before builds, ensuring clear error messages for missing or invalid configurations.
Install this skill
Security score
The env-validation skill was audited on Feb 9, 2026 and we found 47 security issues across 4 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 77 | const green = (s: string) => `\x1b[32m${s}\x1b[0m`; |
Template literal with variable interpolation in command context
| 78 | const yellow = (s: string) => `\x1b[33m${s}\x1b[0m`; |
Template literal with variable interpolation in command context
| 79 | const red = (s: string) => `\x1b[31m${s}\x1b[0m`; |
Template literal with variable interpolation in command context
| 80 | const dim = (s: string) => `\x1b[2m${s}\x1b[0m`; |
Template literal with variable interpolation in command context
| 81 | const bold = (s: string) => `\x1b[1m${s}\x1b[0m`; |
Template literal with variable interpolation in command context
| 123 | console.log(dim(` Environment: ${environment}\n`)); |
Template literal with variable interpolation in command context
| 138 | console.log(dim(` ✓ ${path.relative(projectDir, file.path)}`)); |
Template literal with variable interpolation in command context
| 163 | console.log(dim(` Found ${configFiles.length} config files:\n`)); |
Template literal with variable interpolation in command context
| 176 | console.log(green(` ✓ ${relativePath}`)); |
Template literal with variable interpolation in command context
| 182 | console.log(dim(` ○ ${relativePath} (feature disabled)`)); |
Template literal with variable interpolation in command context
| 185 | console.log(red(` ✗ ${relativePath}`)); |
Template literal with variable interpolation in command context
| 199 | console.log(red(` ${file}:`)); |
Template literal with variable interpolation in command context
| 202 | console.log(red(` ${message}\n`)); |
Template literal with variable interpolation in command context
| 288 | if (new RegExp(`^${envVar}\\s*=`, "m").test(content)) { |
Template literal with variable interpolation in command context
| 313 | console.log(yellow(` ⚠ ${name}`)); |
Template literal with variable interpolation in command context
| 314 | console.log(dim(` defined in: ${files.join(", ")}`)); |
Template literal with variable interpolation in command context
| 322 | console.log(` Configs validated: ${green(String(validated.length))}`); |
Template literal with variable interpolation in command context
| 324 | ` Validation errors: ${errors.length > 0 ? red(String(errors.length)) : green("0")}`, |
Template literal with variable interpolation in command context
| 327 | ` Unused env vars: ${unusedVars.length > 0 ? yellow(String(unusedVars.length)) : green("0")}`, |
Access to .env file
| 69 | * 4. Warns about env variables in .env files that aren't used by any config |
Access to .env file
| 100 | // Patch process.env to track access |
Access to .env file
| 102 | const originalEnv = process.env; |
Access to .env file
| 111 | process.env = new Proxy(originalEnv, handler); |
Access to .env file
| 121 | const environment = args.environment ?? process.env.NODE_ENV ?? "development"; |
Access to .env file
| 122 | (process.env as Record<string, string>).NODE_ENV = environment; |
Access to .env file
| 126 | // Second param `dev` tells loadEnvConfig to load .env.development files |
Access to .env file
| 142 | console.log(dim(" No .env files found")); |
Access to .env file
| 206 | // Find unused env variables (in .env files but not referenced by configs) |
Access to .env file
| 276 | // Find vars in .env files but not referenced by configs |
Access to .env file
| 306 | " These variables are defined in .env files but not used by any config:\n", |
Access to .env file
| 355 | Use the `env:validate` and `env:validate:prod` scripts to validate all your configs (`config.ts` files in `src/lib/*/`) against your `.env` files. |
Access to .env file
| 361 | 1. Loads `.env` files using Next.js's `loadEnvConfig` (respects the same load order as Next.js) |
Access to .env file
| 365 | 5. Warns about variables defined in `.env` files but not used by any config |
Access to .env file
| 375 | ✓ .env.local |
Access to .env file
| 376 | ✓ .env.development |
Access to .env file
| 390 | Did you correctly set all required environment variables in your .env* file? |
Access to .env file
| 408 | ✓ .env.local |
Access to .env file
| 409 | ✓ .env.development |
Access to .env file
| 421 | These variables are defined in .env files but not used by any config: |
Access to .env file
| 424 | defined in: .env.local |
Hex-encoded characters
| 77 | const green = (s: string) => `\x1b[32m${s}\x1b[0m`; |
Hex-encoded characters
| 78 | const yellow = (s: string) => `\x1b[33m${s}\x1b[0m`; |
Hex-encoded characters
| 79 | const red = (s: string) => `\x1b[31m${s}\x1b[0m`; |
Hex-encoded characters
| 80 | const dim = (s: string) => `\x1b[2m${s}\x1b[0m`; |
Hex-encoded characters
| 81 | const bold = (s: string) => `\x1b[1m${s}\x1b[0m`; |
External URL reference
| 17 | - URL: https://fullstackrecipes.com/recipes/env-validation |
External URL reference
| 48 | bunx --bun shadcn@latest add https://fullstackrecipes.com/r/validate-env.json |