env-detector 1.1.0 → 1.3.0

package/README.md

@@ -19,16 +19,30 @@ env-detector
 
 ## Commands
 
-| Command | Description |
-|---------|-------------|
-| `env-detector` | Generate `.env` |
-| `env-detector --compare` | Compare env usage |
-| `env-detector --check` | Check missing variables |
-| `env-detector --fix` | Fix unused variables |
-| `env-detector --security` | Security scan |
-| `env-detector --strict` | Strict mode (CI) |
-| `env-detector --ask` | Interactive fill |
-| `env-detector --version` or `env-detector --v` | Show version |
+| Command | Shorthand | Description |
+|---------|-----------|-------------|
+| `env-detector` | | Generate `.env` |
+| `env-detector --ask` | `-a` | Interactive mode to fill missing or empty values |
+| `env-detector --compare` | `-c` | Show detailed comparison of used, missing, empty, and unused variables |
+| `env-detector --check` | `-k` | Exit with error if variables are missing or empty |
+| `env-detector --fix` | `-f` | **Interactive** cleanup of unused variables |
+| `env-detector --security` | `-s` | Scan for hardcoded secrets in source files and `.env` |
+| `env-detector --strict` | `-t` | Strict mode (CI) with detailed failure reporting |
+| `env-detector --help` | `-h` | Show help message |
+| `env-detector --version` | `-v` | Show version |
+
+---
+
+## Features
+
+### 🛠 Interactive Fix
+When running with `--fix` or `-f`, the tool doesn't just delete variables. It lists every unused key it finds and asks for your confirmation (`y/n`) before removing it.
+
+### 🔍 Detailed Strict Mode
+Ideal for CI/CD pipelines. If `strict` mode fails, it will provide a categorized list of exactly what triggered the failure:
+- **Missing**: Variables used in code but not in `.env`.
+- **Empty**: Variables in `.env` without values.
+- **Unused**: Variables in `.env` not found in code.
 
 ---
 

package/bin/env-scan.js

@@ -10,32 +10,47 @@ const envPath = path.join(cwd, ".env");
 
 const args = process.argv.slice(2);
 
-const askMode = args.includes("--ask");
-const compareMode = args.includes("--compare");
-const checkMode = args.includes("--check");
-const fixMode = args.includes("--fix");
-const securityMode = args.includes("--security");
-const strictMode = args.includes("--strict");
-const versionMode = args.includes("--version") || args.includes("--v")
+const askMode = args.includes("--ask") || args.includes("-a");
+const compareMode = args.includes("--compare") || args.includes("-c");
+const checkMode = args.includes("--check") || args.includes("-k");
+const fixMode = args.includes("--fix") || args.includes("-f");
+const securityMode = args.includes("--security") || args.includes("-s");
+const strictMode = args.includes("--strict") || args.includes("-t");
+const versionMode = args.includes("--version") || args.includes("-v")
 const helpMode = args.includes("--help") || args.includes("-h");
 
-let result = scanProject(cwd);
+const validFlags = [
+  "--ask", "-a",
+  "--compare", "-c",
+  "--check", "-k",
+  "--fix", "-f",
+  "--security", "-s",
+  "--strict", "-t",
+  "--version", "-v",
+  "--help", "-h"
+];
+
+const unknownFlag = args.find(arg => arg.startsWith("-") && !validFlags.includes(arg));
+
+if (unknownFlag && !helpMode) {
+  console.log(`\nError: Unknown flag "${unknownFlag}"`);
+}
 
-if (helpMode) {
+if (helpMode || (unknownFlag && !helpMode)) {
   console.log(`
 Usage: env-detector [options]
 
 Options:
-  --ask        Interactive mode to fill missing or empty values
-  --compare    Show detailed comparison of used, missing, empty, and unused variables
-  --check      Exit with error if variables are missing or empty
-  --fix        Remove unused variables from .env
-  --security   Scan for hardcoded secrets in source files and .env
-  --strict     Fail if any issues (missing, empty, or unused) are found
-  --version    Show version information
-  --help, -h   Show this help message
+  -a, --ask        Interactive mode to fill missing or empty values
+  -c, --compare    Show detailed comparison of used, missing, empty, and unused variables
+  -k, --check      Exit with error if variables are missing or empty
+  -f, --fix        Remove unused variables from .env
+  -s, --security   Scan for hardcoded secrets in source files and .env
+  -t, --strict     Fail if any issues (missing, empty, or unused) are found
+  -v, --version    Show version information
+  -h, --help       Show this help message
   `);
-  process.exit(0);
+  process.exit(unknownFlag ? 1 : 0);
 }
 
 if (versionMode) {
@@ -44,6 +59,28 @@ if (versionMode) {
   process.exit(0);
 }
 
+let result = scanProject(cwd);
+
+// interactive fix
+const varsToDelete = new Set();
+
+if (fixMode && result.unused.length) {
+  console.log("\nReview unused variables:");
+  result.unused.forEach(key => {
+    if (readline.keyInYN(`Delete unused variable "${key}"?`)) {
+      varsToDelete.add(key);
+    }
+  });
+  console.log("");
+
+  // update result to reflect choices
+  const originalUnused = [...result.unused];
+  result.unused = originalUnused.filter(k => varsToDelete.has(k));
+  // if we chose NOT to delete it, it's effectively "used" for this run's purposes
+  const kept = originalUnused.filter(k => !varsToDelete.has(k));
+  result.used.push(...kept);
+}
+
 // security
 if (securityMode) {
   const issues = scanSecurity(cwd);
@@ -53,9 +90,11 @@ if (securityMode) {
     process.exit(0);
   }
 
-  console.log("\nSecurity issues:\n");
-  issues.forEach(i => console.log(" -", i.file));
-  console.log("");
+  console.log("\nSecurity issues found:\n");
+  issues.forEach(i => {
+    console.log(` - ${i.file}:${i.line}`);
+    console.log(`   ${i.snippet}\n`);
+  });
 
   process.exit(0);
 }
@@ -100,6 +139,37 @@ if (checkMode) {
 }
 
 
+if (strictMode) {
+  let failed = false;
+
+  if (result.missing.length) {
+    failed = true;
+    console.log("\nMissing variables:");
+    result.missing.forEach(v => console.log(`  - ${v}`));
+  }
+
+  if (result.empty.length) {
+    failed = true;
+    console.log("\nEmpty variables:");
+    result.empty.forEach(v => console.log(`  - ${v}`));
+  }
+
+  if (result.unused.length) {
+    failed = true;
+    console.log("\nUnused variables:");
+    result.unused.forEach(v => console.log(`  - ${v}`));
+  }
+
+  if (failed) {
+    console.log("\n✖ strict mode failed\n");
+    process.exit(1);
+  }
+
+  console.log("✔ strict mode passed\n");
+  process.exit(0);
+}
+
+
 // create env
 if (!fs.existsSync(envPath)) {
   fs.writeFileSync(envPath, "");
@@ -157,6 +227,8 @@ let content = fs.existsSync(envPath)
 const envMap = {};
 
 content.split("\n").forEach(line => {
+  const trimmed = line.trim();
+  if (!trimmed || trimmed.startsWith("#")) return;
   const [k, ...rest] = line.split("=");
   if (!k) return;
   envMap[k.trim()] = rest.join("=");
@@ -195,7 +267,7 @@ result.missing.forEach(key => {
 
 // fix unused
 if (fixMode) {
-  result.unused.forEach(key => delete envMap[key]);
+  varsToDelete.forEach(key => delete envMap[key]);
 }
 
 
@@ -206,20 +278,4 @@ const newContent = Object.entries(envMap)
 fs.writeFileSync(envPath, newContent + "\n");
 
 
-// strict
-if (strictMode) {
-  if (
-    result.missing.length ||
-    result.empty.length ||
-    result.unused.length
-  ) {
-    console.log("✖ strict mode failed\n");
-    process.exit(1);
-  }
-
-  console.log("✔ strict mode passed\n");
-  process.exit(0);
-}
-
-
 console.log("✔ env scan complete\n");

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "env-detector",
-  "version": "1.1.0",
+  "version": "1.3.0",
   "description": "Smart .env generator and auditor",
   "main": "src/scan.js",
   "bin": {

package/src/scan.js

@@ -215,14 +215,20 @@ function scanSecurity(rootDir) {
   const issues = [];
 
   const regex =
-    /(password|secret|token|apikey|key)\s*[:=]\s*['"][^'"]+['"]/gi;
+    /(?<![a-zA-Z0-9])(password|secret|token|apikey|key)\b\s*[:=]\s*['"](?!(string|varchar|text|number|boolean|uuid|auto_increment|primary_key|null|undefined|true|false|name|id|type|label|department|category|field|header|consumption|duration)['"])[^'"]{8,}['"]/gi;
 
   function scan(dir) {
     const files = fs.readdirSync(dir);
 
     for (const file of files) {
 
-      if (file === "node_modules" || file === ".git") continue;
+      if (
+        file === "node_modules" ||
+        file === ".git" ||
+        file === "dist" ||
+        file === "build" ||
+        file.startsWith(".")
+      ) continue;
 
       const full = path.join(dir, file);
       const stat = fs.statSync(full);
@@ -232,9 +238,34 @@ function scanSecurity(rootDir) {
       } else if (/\.(js|ts|env)$/.test(file)) {
         const content = fs.readFileSync(full, "utf8");
 
-        if (regex.test(content)) {
-          issues.push({ file: full });
-        }
+        const lines = content.split("\n");
+        lines.forEach((line, index) => {
+          regex.lastIndex = 0;
+          const match = regex.exec(line);
+          if (match) {
+            const matchedWord = match[1].toLowerCase();
+            const fullMatch = match[0];
+            const valMatch = fullMatch.match(/['"](.*?)['"]/);
+            if (!valMatch) return;
+
+            const value = valMatch[1];
+
+            // Ignore paths/URLs
+            if (value.startsWith("/")) return;
+
+            // Stricter check for generic "key" property
+            if (matchedWord === "key") {
+              const hasComplexity = /[0-9!@#$%^&*()+\-=\[\]{};':"\\|,.<>\/?]/.test(value);
+              if (!hasComplexity) return;
+            }
+
+            issues.push({
+              file: full,
+              line: index + 1,
+              snippet: line.trim()
+            });
+          }
+        });
       }
     }
   }