NEXTJS_SAFE_NEXT_PUBLIC_ENV_USAGE
Usage process.env.NEXT_PUBLIC_* environment variables must be allowlisted.Table of Contents
Conformance is available on Enterprise plans
This rule is available from version 1.4.0.
The use of process.env.NEXT_PUBLIC_*
environment variables may warrant a review from other developers to ensure there are no unintended leakage of environment variables.
When enabled, this rule requires that all usage of NEXT_PUBLIC_*
must be included in the allowlist.
This rule will catch any pages or routes that are using process.env.NEXT_PUBLIC_*
environment variables.
In the following example, we are using a local variable to initialize our analytics service. As the variable will be visible in the client, a review of the code is required, and the usage should be added to the allowlist.
app/dashboard/page.tsx
setupAnalyticsService(process.env.NEXT_PUBLIC_ANALYTICS_ID);
function HomePage() {
return <h1>Hello World</h1>;
}
export default HomePage;
If you hit this issue, include the entry in the Conformance allowlist file.
Last updated on July 23, 2024
Was this helpful?