dotenv-diff can be configured using CLI flags or a configuration file. CLI flags always take precedence over configuration file values.
- --init
- --env
- --example
- --allow-duplicates
- --ignore
- --ignore-regex
- --fix
- --json
- --color
- --no-color
- --ci
- --yes
- --strict
- --secrets
- --no-secrets
- --ignore-urls
- --uppercase-keys
- --no-uppercase-keys
- --expire-warnings
- --no-expire-warnings
- --inconsistent-naming-warnings
- --no-inconsistent-naming-warnings
You can generate a default configuration file using the --init flag:
dotenv-diff --initThis creates a dotenv-diff.config.json file in the project root with an example configuration
Note: You can use all CLI flags in the config file
Path to a specific .env file (default: .env).
Example usage:
dotenv-diff --env .env.productionThis is the .env file that will be compared against your codebase.
Commonly used together with the --compare flag:
dotenv-diff --compare --env .env.production --example .env.exampleThis compares the specified .env.production file against the .env.example file.
Usage in the configuration file:
{
"env": ".env.production"
}Path to the example .env file.
Example usage:
dotenv-diff --example .env.testThis can also be used as the .env file that will be compared against your codebase. (The --example flag will override the --env flag if both are provided.)
Again, this is also commonly used with the --compare flag:
dotenv-diff --compare --env .env.production --example .env.testThis compares the specified .env.production file against the .env.test file.
Usage in the configuration file:
{
"example": ".env.test"
}In short, --env defines the runtime environment file, while --example defines the reference file used for comparison.
Allows duplicate keys in .env files without throwing a warning (or error in strict mode).
Example usage:
dotenv-diff --allow-duplicatesThis is useful when you have legitimate reasons for duplicate keys in your environment files.
This flag can also be used together with the --compare flag:
Usage in the configuration file:
{
"allowDuplicates": true
}Specify a comma-separated list of keys to ignore during the comparison other than the default ignored keys which is:
PWDNODE_ENVVITE_MODEMODEBASE_URLPRODDEVSSRCIGITHUB_ACTIONSINIT_CWDPORTPATHHOMEUSERSHELLLANGTMPTEMPTMPDIRNODE_PATH
This is useful when you have certain environment variables that are expected to differ between environments and you want to exclude them from the comparison.
Example usage:
dotenv-diff --ignore SECRET_KEY,API_TOKENThis flag can also be used together with the --compare flag:
Usage in the configuration file:
{
"ignore": ["SECRET_KEY", "API_TOKEN"]
}Specify a comma-separated list of regex patterns to ignore keys matching those patterns during the comparison.
This is useful when you have patterns of environment variable names that are expected to differ between environments and you want to exclude them from the comparison.
Example usage:
dotenv-diff --ignore-regex SECRET_,API_This flag can also be used together with the --compare flag:
Usage in the configuration file:
{
"ignoreRegex": ["SECRET_", "API_"]
}Automatically fix issues found during the comparison by adding missing keys, remove duplicates and add .env to .gitignore if missing.
Example usage:
dotenv-diff --fixThis flag can also be used together with the --compare flag:
Usage in the configuration file:
{
"fix": true
}Outputs the results in JSON format.
Example usage:
dotenv-diff --jsonThis flag can also be used together with the --compare flag:
Usage in the configuration file:
{
"json": true
}Enables colored output in the terminal (enabled by default).
Example usage:
dotenv-diff --colorUsage in the configuration file:
{
"color": true
}Disables colored output in the terminal.
Example usage:
dotenv-diff --no-colorUsage in the configuration file:
{
"noColor": true
}Run in CI mode: non-interactive and read-only. Prevents all file creation and modification, including prompts for missing files. Always exits with an error if issues are found. Recommended for CI/CD pipelines.
Example usage:
dotenv-diff --compare --ciUsage in the configuration file:
{
"ci": true
}Run non-interactively and automatically accept all prompts with "yes".
Useful for automation when you want to auto-create missing files or apply fixes without manual confirmation.
Cannot be combined with --ci (use one or the other).
Example usage:
dotenv-diff --compare --fix --yesUsage in the configuration file:
{
"yes": true
}Note: Default file patterns: .ts, .js, jsx, tsx, vue, .mjs, .mts, .cjs, .cts, .svelte
Specify a comma-separated list of file patterns to scan for environment variable usage.
This completely replaces the default file patterns (use --include-files to extend instead).
Useful when you want full control over which files are scanned.
Example usage:
dotenv-diff --files "src/**/*.ts,config/*.js"Usage in the configuration file:
{
"files": ["src/**/*.ts", "config/*.js"]
}Specify a comma-separated list of file patterns to add to the default scan patterns.
This extends the default patterns rather than replacing them (unlike --files).
Useful when you want to include additional file types while keeping the defaults.
Example usage:
dotenv-diff --include-files "*.config.js,scripts/*.sh"Usage in the configuration file:
{
"includeFiles": ["*.config.js", "scripts/*.sh"]
}Specify a comma-separated list of file patterns to exclude from scanning. These patterns are added on top of the built-in default exclude patterns. This is useful when you want to skip additional files or directories that should not be scanned in your project.
Example usage:
dotenv-diff --exclude-files "tests/**,*.spec.ts"Usage in the configuration file:
{
"excludeFiles": ["tests/**", "*.spec.ts"]
}dotenv-diff already excludes the following paths by default:
[
'node_modules',
'.sveltekit',
'.svelte-kit',
'_actions',
'dist',
'build',
'.next',
'.nuxt',
'coverage',
'.git',
'.vscode',
'.idea',
'.test.',
'.spec.',
'__tests__',
'__mocks__',
'test',
'tests',
'fixtures',
'fixture',
'examples',
'example',
'samples',
'sandbox',
'.turbo',
'.cache',
'.output',
'.vercel',
'.yarn',
'.pnpm-store',
'.parcel-cache',
'.rollup.cache',
'.DS_Store'
]Your custom --exclude-files patterns are appended to that list.
If you later want to scan files from one of the default excluded paths, use --include-files or --files to explicitly include them.
List variables that are defined in .env but not used in the codebase (enabled by default).
Helps identify environment variables that may be outdated or unnecessary.
Example usage:
dotenv-diff --show-unusedUsage in the configuration file:
{
"showUnused": true
}Do not list variables that are defined in .env but not used in code.
Use this flag to hide the unused variables section from the output.
Example usage:
dotenv-diff --no-show-unusedUsage in the configuration file:
{
"showUnused": false
}Display statistics about the scan or comparison results (enabled by default). Shows metrics like files scanned, total usages, unique variables, and warnings count.
Example usage:
dotenv-diff --show-statsUsage in the configuration file:
{
"showStats": true
}Do not display statistics in the output. Use this flag to hide the statistics section for a cleaner output.
Example usage:
dotenv-diff --no-show-statsUsage in the configuration file:
{
"showStats": false
}Enable strict mode: treat all warnings as errors and exit with error code 1. In strict mode, issues like unused variables, duplicates, secrets, and framework warnings will cause the process to fail. Useful for enforcing strict environment variable hygiene in CI/CD pipelines.
Example usage:
dotenv-diff --strictUsage in the configuration file:
{
"strict": true
}Enable secret detection during codebase scan (enabled by default). Scans your code for hardcoded secrets like API keys, tokens, passwords, and other sensitive values. Detects high and medium severity secrets that may pose security risks.
Example usage:
dotenv-diff --secretsUsage in the configuration file:
{
"secrets": true
}Disable secret detection during scan. Use this flag to skip the secret scanning phase and improve scan performance.
Example usage:
dotenv-diff --no-secretsUsage in the configuration file:
{
"secrets": false
}Specify a comma-separated list of URLs to ignore during secret detection. Useful for whitelisting known safe URLs that might otherwise be flagged as potential secrets. Uses case-insensitive substring matching.
Example usage:
dotenv-diff --ignore-urls https://safesecretUsage in the configuration file:
{
"ignoreUrls": ["https://example.com", "localhost"]
}Enable validation that environment variable keys follow UPPER*SNAKE_CASE naming convention (enabled by default).
Warns about keys that don't match the pattern [A-Z0-9*]+ and suggests properly formatted alternatives.
Helps maintain consistent naming conventions across your environment files.
Example usage:
dotenv-diff --uppercase-keysUsage in the configuration file:
{
"uppercaseKeys": true
}Disable uppercase key validation. Use this flag if your project uses different naming conventions for environment variables.
Example usage:
dotenv-diff --no-uppercase-keysUsage in the configuration file:
{
"uppercaseKeys": false
}Enable detection of expiration dates for environment variables (enabled by default).
Detects @expire or # @expire YYYY-MM-DD comments in .env files and warns when variables are approaching or past their expiration date.
Useful for managing temporary API keys, tokens, or time-sensitive credentials.
Example usage:
dotenv-diff --expire-warningsUsage in the configuration file:
{
"expireWarnings": true
}Disable expiration date warnings.
Use this flag to skip checking for @expire annotations in environment files.
Example usage:
dotenv-diff --no-expire-warningsUsage in the configuration file:
{
"expireWarnings": false
}Detects inconsistent naming patterns in environment variable keys (enabled by default). This helps identify keys that are semantically the same but use different formatting styles (e.g., API_KEY vs APIKEY, DATABASE_URL vs DATABASEURL). The tool compares keys and warns when they match after removing underscores, suggesting the snake_case version as the standard.
Use this to maintain consistent naming conventions across your environment variables and avoid confusion.
Example usage:
dotenv-diff --inconsistent-naming-warningsUsage in the configuration file:
{
"inconsistentNamingWarnings": true
}Disable inconsistent naming pattern warnings.
Example usage:
dotenv-diff --no-inconsistent-naming-warningsUsage in the configuration file:
{
"inconsistentNamingWarnings": false
}This is flags related to comparing two .env files.
And can only be used in combination with the --compare flag.
Explicitly enables the comparison between the specified .env file and the example .env file.
Example usage:
dotenv-diff --compareThis flag is useful when you want to ensure that your runtime environment file matches the structure of your example file.
Usage in the configuration file:
{
"compare": true
}Compare not only the keys but also the values of the environment variables between the two files.
This flag can only be used in combination with the --compare flag.
Example usage:
dotenv-diff --compare --check-valuesUsage in the configuration file:
{
"checkValues": true
}Specify a comma-separated list of keys to exclusively check in the comparison.
Example usage:
dotenv-diff --compare --only missing,duplicateThis flag can only be used in combination with the --compare flag.
--only accepts the following values:
missing: Check for missing keys in the runtime.envfile compared to the example file.extra: Check for extra keys in the runtime.envfile that are not present in the example file.empty: Check for keys that have empty values in the runtime.envfile.duplicate: Check for duplicate keys in either of the.envfiles.gitignore: check if the.envfile is listed in.gitignore.
Usage in the configuration file:
{
"only": ["missing", "duplicate"]
}