env-detector 1.0.5 → 1.2.0

package/LICENSE

@@ -1,2 +1,21 @@
 MIT License
-Copyright (c) 2026
+
+Copyright (c) 2026 Jenil Gajjar
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -19,16 +19,30 @@ env-detector
 
 ## Commands
 
-| Command | Description |
-|---------|-------------|
-| `env-detector` | Generate `.env` |
-| `env-detector --compare` | Compare env usage |
-| `env-detector --check` | Check missing variables |
-| `env-detector --fix` | Fix unused variables |
-| `env-detector --security` | Security scan |
-| `env-detector --strict` | Strict mode (CI) |
-| `env-detector --ask` | Interactive fill |
-| `env-detector --version` or `env-detector --v` | Show version |
+| Command | Shorthand | Description |
+|---------|-----------|-------------|
+| `env-detector` | | Generate `.env` |
+| `env-detector --ask` | `-a` | Interactive mode to fill missing or empty values |
+| `env-detector --compare` | `-c` | Show detailed comparison of used, missing, empty, and unused variables |
+| `env-detector --check` | `-k` | Exit with error if variables are missing or empty |
+| `env-detector --fix` | `-f` | **Interactive** cleanup of unused variables |
+| `env-detector --security` | `-s` | Scan for hardcoded secrets in source files and `.env` |
+| `env-detector --strict` | `-t` | Strict mode (CI) with detailed failure reporting |
+| `env-detector --help` | `-h` | Show help message |
+| `env-detector --version` | `-v` | Show version |
+
+---
+
+## Features
+
+### 🛠 Interactive Fix
+When running with `--fix` or `-f`, the tool doesn't just delete variables. It lists every unused key it finds and asks for your confirmation (`y/n`) before removing it.
+
+### 🔍 Detailed Strict Mode
+Ideal for CI/CD pipelines. If `strict` mode fails, it will provide a categorized list of exactly what triggered the failure:
+- **Missing**: Variables used in code but not in `.env`.
+- **Empty**: Variables in `.env` without values.
+- **Unused**: Variables in `.env` not found in code.
 
 ---
 

package/bin/env-scan.js

@@ -10,15 +10,48 @@ const envPath = path.join(cwd, ".env");
 
 const args = process.argv.slice(2);
 
-const askMode = args.includes("--ask");
-const compareMode = args.includes("--compare");
-const checkMode = args.includes("--check");
-const fixMode = args.includes("--fix");
-const securityMode = args.includes("--security");
-const strictMode = args.includes("--strict");
-const versionMode = args.includes("--version") || args.includes("--v")
+const askMode = args.includes("--ask") || args.includes("-a");
+const compareMode = args.includes("--compare") || args.includes("-c");
+const checkMode = args.includes("--check") || args.includes("-k");
+const fixMode = args.includes("--fix") || args.includes("-f");
+const securityMode = args.includes("--security") || args.includes("-s");
+const strictMode = args.includes("--strict") || args.includes("-t");
+const versionMode = args.includes("--version") || args.includes("-v")
+const helpMode = args.includes("--help") || args.includes("-h");
+
+const validFlags = [
+  "--ask", "-a",
+  "--compare", "-c",
+  "--check", "-k",
+  "--fix", "-f",
+  "--security", "-s",
+  "--strict", "-t",
+  "--version", "-v",
+  "--help", "-h"
+];
+
+const unknownFlag = args.find(arg => arg.startsWith("-") && !validFlags.includes(arg));
+
+if (unknownFlag && !helpMode) {
+  console.log(`\nError: Unknown flag "${unknownFlag}"`);
+}
 
-let result = scanProject(cwd);
+if (helpMode || (unknownFlag && !helpMode)) {
+  console.log(`
+Usage: env-detector [options]
+
+Options:
+  -a, --ask        Interactive mode to fill missing or empty values
+  -c, --compare    Show detailed comparison of used, missing, empty, and unused variables
+  -k, --check      Exit with error if variables are missing or empty
+  -f, --fix        Remove unused variables from .env
+  -s, --security   Scan for hardcoded secrets in source files and .env
+  -t, --strict     Fail if any issues (missing, empty, or unused) are found
+  -v, --version    Show version information
+  -h, --help       Show this help message
+  `);
+  process.exit(unknownFlag ? 1 : 0);
+}
 
 if (versionMode) {
   const pkg = require("../package.json");
@@ -26,6 +59,28 @@ if (versionMode) {
   process.exit(0);
 }
 
+let result = scanProject(cwd);
+
+// interactive fix
+const varsToDelete = new Set();
+
+if (fixMode && result.unused.length) {
+  console.log("\nReview unused variables:");
+  result.unused.forEach(key => {
+    if (readline.keyInYN(`Delete unused variable "${key}"?`)) {
+      varsToDelete.add(key);
+    }
+  });
+  console.log("");
+
+  // update result to reflect choices
+  const originalUnused = [...result.unused];
+  result.unused = originalUnused.filter(k => varsToDelete.has(k));
+  // if we chose NOT to delete it, it's effectively "used" for this run's purposes
+  const kept = originalUnused.filter(k => !varsToDelete.has(k));
+  result.used.push(...kept);
+}
+
 // security
 if (securityMode) {
   const issues = scanSecurity(cwd);
@@ -82,13 +137,43 @@ if (checkMode) {
 }
 
 
+if (strictMode) {
+  let failed = false;
+
+  if (result.missing.length) {
+    failed = true;
+    console.log("\nMissing variables:");
+    result.missing.forEach(v => console.log(`  - ${v}`));
+  }
+
+  if (result.empty.length) {
+    failed = true;
+    console.log("\nEmpty variables:");
+    result.empty.forEach(v => console.log(`  - ${v}`));
+  }
+
+  if (result.unused.length) {
+    failed = true;
+    console.log("\nUnused variables:");
+    result.unused.forEach(v => console.log(`  - ${v}`));
+  }
+
+  if (failed) {
+    console.log("\n✖ strict mode failed\n");
+    process.exit(1);
+  }
+
+  console.log("✔ strict mode passed\n");
+  process.exit(0);
+}
+
+
 // create env
 if (!fs.existsSync(envPath)) {
   fs.writeFileSync(envPath, "");
 }
 
 
-// grouped generation
 // grouped generation
 if (Object.keys(result.grouped).length && !askMode) {
 
@@ -140,6 +225,8 @@ let content = fs.existsSync(envPath)
 const envMap = {};
 
 content.split("\n").forEach(line => {
+  const trimmed = line.trim();
+  if (!trimmed || trimmed.startsWith("#")) return;
   const [k, ...rest] = line.split("=");
   if (!k) return;
   envMap[k.trim()] = rest.join("=");
@@ -178,7 +265,7 @@ result.missing.forEach(key => {
 
 // fix unused
 if (fixMode) {
-  result.unused.forEach(key => delete envMap[key]);
+  varsToDelete.forEach(key => delete envMap[key]);
 }
 
 
@@ -189,20 +276,4 @@ const newContent = Object.entries(envMap)
 fs.writeFileSync(envPath, newContent + "\n");
 
 
-// strict
-if (strictMode) {
-  if (
-    result.missing.length ||
-    result.empty.length ||
-    result.unused.length
-  ) {
-    console.log("✖ strict mode failed\n");
-    process.exit(1);
-  }
-
-  console.log("✔ strict mode passed\n");
-  process.exit(0);
-}
-
-
 console.log("✔ env scan complete\n");

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "env-detector",
-  "version": "1.0.5",
+  "version": "1.2.0",
   "description": "Smart .env generator and auditor",
   "main": "src/scan.js",
   "bin": {