Catch missing/extra env-var keys before they bite you in prod. Never prints values.
TL;DR:
/env-lint→ "you're missingSTRIPE_WEBHOOK_SECRETin.env.local(referenced in.env.example)" — without ever logging the secret value.
Every team has the same outage: someone adds a new env var to .env.example, forgets to mention it in the PR, and a teammate's local server quietly 500s on a code path that needs it. Or worse, prod is missing a key. env-lint diffs your live env file against .env.example and tells you which keys are missing or extra — and only the keys, never the values. Safe to paste in chat, safe to log to CI.
git clone https://github.com/mturac/pluginpool-env-lint ~/.claude/plugins/env-lintRestart Claude Code; the slash command /env-lint appears.
/env-lintOr directly:
python3 scripts/envlint.py --format md
python3 scripts/envlint.py --example .env.example --env .env.production| Flag | Default | Description |
|---|---|---|
--example |
auto-detect | Path to template (.env.example) |
--env |
auto-detect | Path to actual env file |
--format |
json |
json or md |
When run without --example/--env, it scans the cwd for known pairs: (.env, .env.example), (.env.local, .env.example), (.env.production, .env.example).
# env-lint report
## .env.example ↔ .env.local
- **missing in env**: STRIPE_WEBHOOK_SECRET, SENTRY_DSN
- **extra in env**: LEGACY_API_KEY
- **empty values for**: REDIS_URL
A test in the suite (test_never_emits_values_in_json_or_markdown) writes a fake value SUPERSECRETVALUE123 into a temp .env and asserts that string never appears in either the JSON output or the markdown report. The CI badge above represents that invariant.
| Code | Meaning |
|---|---|
0 |
All required keys present (extras are warnings, not errors) |
1 |
At least one required key is missing |
- Parses each
.envfile asKEY=VALUE(comments and blank lines skipped). - Computes the key-set difference both ways.
- Reports missing keys (template has them, env doesn't), extra keys (env has them, template doesn't), and empty values.
- Doesn't expand
${VAR}references — it only checks key presence. - Quoted values are detected as "present" even if the quoted content is empty (
KEY=""is empty, not missing). - Custom env-file naming conventions need explicit
--example/--env.
Step-by-step walkthroughs with real input fixtures and the helper's actual output live in examples/. Three or four scenarios per plugin — from the happy path to the edge cases the test suite guards.
Ten focused Claude Code plugins for everyday productivity: commit-narrator · pr-storyteller · test-gap · deps-doctor · env-lint · secret-guard · standup-gen · todo-harvest · flaky-detector · changelog-forge
MIT — see LICENSE. Contributions welcome.