criticalsecurity
Environment File Not Gitignored
Checks if .env files are properly excluded from git to prevent credential exposure.
Why This Is Bad
You are about to upload your passwords to the public internet. Anyone can see your database credentials, API keys, and secrets.
How To Fix
Add .env to your .gitignore file immediately:
gitignore
# .gitignore
.env
.env.local
.env.*.localThen remove any previously committed .env files from git history using `git filter-branch` or BFG Repo Cleaner.
When You Pass This Check
Your .env file is properly gitignored. Well done!
Check If Your Repo Has This Issue
Our free scanner will detect this and 17 other common issues in your codebase.