secretlint@secretlint/secretlint-rule-no-dotenv
A secretlint rule for dotenv.
Prevents commits .env file because it may contain credentials.
Install
Install with npm:
npm install @secretlint/secretlint-rule-no-dotenv
Usage
Via .secretlintrc.json(Recommended)
{
"rules": [
{
"id": "@secretlint/secretlint-rule-no-dotenv",
"options": {
"allowFileNames": [".env.local", ".env.test"]
}
}
]
}
The allowFileNames option allows you to specify certain .env files that should be allowed. This is useful for environment-specific configuration files that are safe to commit. Note that this option works alongside .secretlintignore, giving you flexibility in how you want to manage your environment files.
MessageIDs
FOUND_DOTENV_FILE
found .env file
Disallow to commit .env file, because dotenv document describe that
Should I commit my .env file?
No. We strongly recommend against committing your .env file to version control.
-- https://github.com/motdotla/dotenv#should-i-commit-my-env-file
You can tell Secretlint to ignore .env file by .secretlintignore configuration.
For more details .secretlintignore, see following document.
Author
License
MIT © secretlint