Security Tool

env-guard-cli

Catch exposed .env files before they reach GitHub. Scan your project, check every .gitignore, and know exactly what is protected.

View on GitHub See Usage
terminal
$ pip install env-guard-cli
Why use it

What it covers

๐Ÿ”

Recursive Scan

Walks your entire project tree, skipping .git, node_modules, and .venv automatically.

๐Ÿ›ก๏ธ

Pattern Matching

Supports exact names, prefix wildcards like .env*, suffix wildcards, and relative paths.

โš™๏ธ

CI Ready

Use --strict to exit with code 1 on any exposed file. Drop it into any GitHub Actions workflow.

๐Ÿ“ฆ

Zero Dependencies

Pure Python standard library. No third-party packages required.

How to use it

Example output

$ env-guard /path/to/project ๐Ÿ” Scanning: /path/to/project โœ… Protected (1): /path/to/project/.env โš ๏ธ EXPOSED (1) โ€” not in any .gitignore: /path/to/project/.env.local Add these to your .gitignore to prevent accidental commits.