Security & Quality

dotenv Environment Management

Load environment variables from .env files into process.env for local development and configuration.

Claude Code Cursor Copilot Windsurf Gemini CLI Codex

Overview

dotenv is a zero-dependency module that loads environment variables from a .env file into process.env. It follows the twelve-factor app methodology by separating configuration from code, making it easy to change settings between environments without modifying application code.

The library supports variable expansion (referencing other variables), multiline values, and comments. The dotenv-expand companion package enables variable interpolation within .env files. For TypeScript projects, dotenv provides type definitions and works seamlessly with validation libraries like Zod or t3-env to ensure all required environment variables are present and correctly typed.

Security best practices with dotenv include never committing .env files to version control (add to .gitignore), providing a .env.example file with placeholder values for documentation, and using different .env files for different environments (.env.local, .env.production). The dotenv-vault extension adds encrypted .env file management for team collaboration and CI/CD deployments.

Who Is This For?

Load database URLs and API keys from .env files
Set up environment-specific configuration for dev/staging/prod
Validate environment variables with Zod schemas
Share environment configs securely across a team

Installation

Setup for Claude Code

npm install dotenv

Configuration

// .env
DATABASE_URL="postgresql://user:pass@localhost:5432/mydb"
API_KEY="sk-1234567890"

// app.ts
import "dotenv/config"
// or
import dotenv from "dotenv"
dotenv.config()

console.log(process.env.DATABASE_URL)