BETA · GateTest is in active polish ahead of public launch. Some flows are rough. Found a bug? hello@gatetest.ai — we're reading every message.
Reliability module

Env Vars

process.env / os.environ reads cross-referenced with .env.example and CI env blocks.

One of 104 modules in the GateTest scan suite. Catches the issue before it reaches code review, and on paid tiers opens a pull request with the fix already written.

Example finding from the envVars module

STRIPE_SECRET_KEY read in code but missing from .env.example

Why we catch it

The bugs that don't break on your machine but break in production at 3am.

The Env Vars module sits in this category alongside 6 related modules. Together they form one of the layers of a GateTest scan — checks fire in parallel, findings cluster by root cause, and on paid tiers the AI auto-fix loop reads each finding, writes the fix, validates against the scanner, and opens a PR.

How GateTest covers env vars

  • Runs in every scan. Included on the Full ($99), Scan + Fix ($199), and Forensic Scan ($399) tiers. No additional configuration.
  • Free CLI. npm i -g gatetest && gatetest --module envVars against any local repo. No paywall on the scanning itself.
  • AI auto-fix PR. Scan + Fix tier opens a pull request with the fix, a regression test, and a pair-review by a second Claude. Forensic Scan tier adds per-finding diagnosis and cross-finding attack-chain correlation.
  • Honest confidence rating. Findings come with high / medium / low confidence so noisy patterns don't block the gate. The confidence-calibrator trainer reads customer suppressions and tightens rules over time.

Scan your repo for env vars

Free preview of the headline findings. Pay per scan — no subscription.

Run a scan — from $29See all 104 modules

Frequently asked questions

What does the Env Vars module catch?

process.env / os.environ reads cross-referenced with .env.example and CI env blocks. Example finding: STRIPE_SECRET_KEY read in code but missing from .env.example

Does GateTest fix Env Vars issues automatically?

Yes — on the Scan + Fix tier ($199) and Forensic Scan tier ($399), Claude reads the finding, writes the fix, validates against the scanner, writes a regression test, and opens a pull request for your review.

Which tiers include the Env Vars module?

The Full tier ($99), Scan + Fix tier ($199), and Forensic Scan tier ($399) include all 104 modules including Env Vars. The Quick tier ($29) only includes 4 essential modules.

Can I run the Env Vars module from the CLI for free?

Yes — install with `npm i -g gatetest` and run `gatetest --module envVars` against any local repository. Paid tiers add AI auto-fix and the cross-finding correlation work.

Related modules in Reliability

Error Swallow
Empty catch, .catch(noop), callback-err ignored, floating promises, global silent handlers.
N Plus One
Database calls inside loops across Prisma, Sequelize, TypeORM, Mongoose, Knex, Drizzle.
Retry Hygiene
Tight retry loops, no backoff, unbounded retry, retry-on-4xx across fetch/axios/got/node-http.
Race Condition
TOCTOU, get-or-create anti-pattern, lost-update on counters.
Resource Leak
Unclosed streams, file handles, intervals, sockets across fs/net/ws/events.
Cron Expression
Invalid / impossible / too-frequent cron strings (Feb 30, * * * * *, typo aliases).

Comparing GateTest to another tool?

vs. Snykvs. Sonarqubevs. Semgrepvs. Codeqlvs. Deepsourcevs. Eslintvs. Github Code Scanning