Use this file to discover all available pages before exploring further.
Envark analyzes your environment variables to identify potential issues, security risks, and configuration problems. Each variable receives a risk score and classification based on multiple factors.
Envark builds a cumulative risk score (0-5) by evaluating multiple conditions:
Critical: Missing Variable (+5 points)
Condition: Variable is used in code but never defined anywhere and has no default value.
if (variable.usedInCode && !variable.definedInEnvFile && !variable.hasDefault) { score += 5;}
Example:
// Code uses DATABASE_URLconst db = connect(process.env.DATABASE_URL);// ❌ Not in .env// ❌ Not in .env.example // ❌ No default value// Result: CRITICAL - Score +5
Impact: Application will fail at runtime.
High: Exposed Secret (+4 points)
Condition: Variable name looks like a secret, defined in .env but not in .env.example.
if (variable.definedInEnvFile && !variable.definedInExample && looksLikeSecret(variable.name)) { score += 4;}
Variable is used in code but not defined in any .env file
Detection:
if (variable.usedInCode && !variable.definedInEnvFile && !variable.hasDefault) { issue = { type: 'MISSING', severity: 'critical', message: `${variable.name} is used in code but not defined`, recommendation: `Add ${variable.name} to your .env file` };}
Example:
// Used in codeconst key = process.env.STRIPE_API_KEY;// Not in .env or .env.example// Issue: MISSING (Critical)
Variable is not in .env.example and has no documentation
Detection:
if (!variable.isDocumented && variable.usedInCode) { issue = { type: 'UNDOCUMENTED', severity: 'low', message: `${variable.name} is not documented`, recommendation: `Add to .env.example with a comment` };}
if (variable.definedInEnvFile && !variable.usedInCode) { issue = { type: 'DEAD', severity: 'low', message: `${variable.name} is defined but never used`, recommendation: `Remove or verify it's needed` };}
if (variable.usedInCode && !variable.hasDefault && variable.usages.length > 1) { issue = { type: 'NO_DEFAULT', severity: 'medium', message: `Used in ${variable.usages.length} places with no default`, recommendation: `Add a default value or validate at startup` };}
if (variable.defaultValues.some(v => v === '' || v === '""' || v === "''")) { issue = { type: 'EMPTY_VALUE', severity: 'low', message: `Defined with an empty value`, recommendation: `Set an actual value or remove` };}
Examples:Add DATABASE_URL to your .env fileMove API_SECRET to .env.local or ensure .env is in .gitignoreEnsure PORT has consistent values or document why they differAdd LOG_LEVEL to .env.example with a descriptive comment
General Recommendations
For variables used extensively:
if (variable.usedInCode && variable.usages.length > 3 && !variable.hasDefault) { recommendations.push( `Consider creating a config module that validates ${variable.name} at startup` );}
For multi-language projects:
if (variable.languages.length > 1) { recommendations.push( `${variable.name} is used across ${variable.languages.join(', ')} - ensure consistent handling` );}
import { filterByRisk } from 'envark';const result = await analyze(projectPath);// Only critical issuesconst criticalVars = filterByRisk(result, 'critical');// Medium and aboveconst importantVars = filterByRisk(result, 'medium');