A secretlint rule for dotenv.

Prevents commits .env file because it may contain credentials.

Install with npm:

npm install @secretlint/secretlint-rule-no-dotenv

Via .secretlintrc.json(Recommended)

{
    "rules": [
        {
            "id": "@secretlint/secretlint-rule-no-dotenv"
        }
    ]
}

found .env file

Disallow to use .env file, because dotenv document describe that

Should I commit my .env file?

No. We strongly recommend against committing your .env file to version control.

-- https://github.com/motdotla/dotenv#should-i-commit-my-env-file

You can tell Secretlint to ignore .env file by .secretlintignore configuration.

For more details .secretlintignore, see following document.

• https://github.com/secretlint/secretlint/blob/master/docs/configuration.md#secretlintignore

• Munieru

MIT © secretlint