Keep your .env.example in sync with the environment variables your code actually uses.
Project description
envcheck
Keep your .env.example in sync with the environment variables your code actually uses.
New teammate clones the repo, copies .env.example, runs the app — and it crashes on a
KeyError for some variable nobody documented. envcheck catches that before it happens.
It statically scans your Python (it never imports or runs your code) for os.getenv /
os.environ access, compares the result to your example env file, and reports:
- Undocumented vars — used in code but missing from
.env.example(fails CI) - Possibly unused vars — in
.env.examplebut never read by any code
Zero runtime dependencies, Python 3.8+, CI-friendly.
Demo
The
examples/sampleproject deliberately drifts from its.env.exampleso you can try it immediately:envcheck examples/sample.
Installation
pip install envcheck-sync
Or run from a checkout without installing:
PYTHONPATH=src python -m envcheck path/to/project
Usage
# Scan the current directory (auto-detects .env.example, .env.sample, ...)
envcheck .
# Point at a specific example file
envcheck . --env-file config/.env.template
# Machine-readable output for tooling
envcheck . --format json
Example
$ envcheck examples/sample
Scanned 3 env var(s) in code against examples/sample/.env.example.
Undocumented (1 variable used in code, not in the env file):
- JWT_SECRET (e.g. examples/sample/app.py:9)
Possibly unused (1 variable in the env file, not read by code):
- LEGACY_FLAG
envcheck exits non-zero when undocumented variables are found, so it drops straight into
CI or a pre-commit hook (use --no-fail to report without failing).
What it detects
Static, literal-key access in these forms:
os.getenv("X")andgetenv("X")os.environ.get("X")andenviron.get("X")os.environ["X"]andenviron["X"]os.environ.setdefault("X", ...)
Dynamic keys (e.g. os.getenv(some_variable)) are intentionally ignored — envcheck only
reports what it can prove statically, so it never produces noisy false positives.
How it works
- Walk the project and parse each
.pyfile with the standard-libraryastmodule. - Collect every literal-key environment-variable access, with its file and line.
- Parse the example env file for declared variable names.
- Diff the two sets and report the gaps.
Development
git clone https://github.com/gazzycodes/envcheck
cd envcheck
PYTHONPATH=src python -m unittest discover -s tests -v
Contributions are welcome — please open an issue or PR.
License
MIT — see LICENSE.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file envcheck_sync-0.1.0.tar.gz.
File metadata
- Download URL: envcheck_sync-0.1.0.tar.gz
- Upload date:
- Size: 51.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6db285761077f6e25fe5ac20f6d72b9226e022c7d7e99af104bcdece7800c45f
|
|
| MD5 |
2aa9257e2546444c9c91e63c98c5507e
|
|
| BLAKE2b-256 |
5da78113bc2c6c03db9045083799b746cae32a03a6370025fb5f2cfb7bad593b
|
File details
Details for the file envcheck_sync-0.1.0-py3-none-any.whl.
File metadata
- Download URL: envcheck_sync-0.1.0-py3-none-any.whl
- Upload date:
- Size: 9.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a84dfd62bee589de0839855ac705439521e7308f5b1f991623aee2900bcacf92
|
|
| MD5 |
1d98e2b80f830116a2f8193aa1d9179b
|
|
| BLAKE2b-256 |
721299f462302749bcef88bd7fd9bfd96f98f1e66a383fab070e3ec4e7e776ca
|
