A secretlint rule for dotenv
npm install @secretlint/secretlint-rule-no-dotenvPrevents commits .env file because it may contain credentials.
Install with npm:
npm install @secretlint/secretlint-rule-no-dotenv
Via .secretlintrc.json(Recommended)
``json`
{
"rules": [
{
"id": "@secretlint/secretlint-rule-no-dotenv",
"options": {
"allowFileNames": [".env.local", ".env.test"]
}
}
]
}
The allowFileNames option allows you to specify certain .env files that should be allowed. This is useful for environment-specific configuration files that are safe to commit. Note that this option works alongside .secretlintignore, giving you flexibility in how you want to manage your environment files.
Disallow to commit .env file, because dotenv document describe that
> Should I commit my .env file?
>
> No. We strongly recommend against committing your .env file to version control.
>
> --
You can tell Secretlint to ignore .env file by .secretlintignore configuration.
For more details .secretlintignore`, see following document.
-
- Munieru
MIT © secretlint