Gathering detailed insights and metrics for next-env
Gathering detailed insights and metrics for next-env
Gathering detailed insights and metrics for next-env
Gathering detailed insights and metrics for next-env
@next/env
Next.js dotenv file loading
postcss-preset-env
Convert modern CSS into something browsers understand
next-runtime-env
Next.js Runtime Environment Configuration - Populates your environment at runtime rather than build time.
eslint-plugin-eslint-comments
Additional ESLint rules for ESLint directive comments.
Automatic static (build-time) or runtime environment variables injection for Next.js
npm install next-env
Typescript
Module System
Node Version
NPM Version
46.1
Supply Chain
76.7
Quality
74.4
Maintenance
100
Vulnerability
91.4
License
JavaScript (100%)
Total Downloads
2,628,669
Last Day
273
Last Week
5,704
Last Month
27,786
Last Year
366,770
87 Stars
12 Commits
3 Forks
1 Watchers
16 Branches
1 Contributors
Updated on Mar 10, 2025
Minified
Minified + Gzipped
Latest Version
1.1.1
Package Id
next-env@1.1.1
Unpacked Size
6.88 kB
Size
2.58 kB
File Count
5
NPM Version
6.14.2
Node Version
13.7.0
Cumulative downloads
Total Downloads
Last Day
175.8%
273
Compared to previous day
Last Week
-12.3%
5,704
Compared to previous week
Last Month
-3.8%
27,786
Compared to previous month
Last Year
-30.6%
366,770
Compared to previous year
Automatic static (build-time) or runtime environment variables injection for Next.js.
The plugin doesn't handle loading of dotenv files. Use dotenv or dotenv-load.
1npm install --save next-env dotenv-load
or
1yarn add next-env dotenv-load
Your project can consume variables declared in your environment as if they were declared locally in your JS files.
By default any environment variables starting with NEXT_STATIC_
will be embedded in the js bundles on build time.
Variables starting with NEXT_PUBLIC_
are injected on runtime (using Next.js publicRuntimeConfig internally).
On node-side (SSR) all environment variables are available by default, but it is a good idea to follow the naming convention NEXT_SERVER_
.
This module exposes a function that allows to configure the plugin.
In your next.config.js
:
1const nextEnv = require('next-env'); 2const dotenvLoad = require('dotenv-load'); 3 4dotenvLoad(); 5 6const withNextEnv = nextEnv(); 7 8module.exports = withNextEnv({ 9 // Your Next.js config. 10});
In your .env
:
NEXT_SERVER_TEST_1=ONLY_ON_SSR
NEXT_PUBLIC_TEST_1=INJECTED_BY_SSR
NEXT_STATIC_TEST_1=STATIC_TEXT
In your pages/index.js
:
1export default () => ( 2 <ul> 3 <li>{process.env.NEXT_SERVER_TEST_1}</li> 4 <li>{process.env.NEXT_PUBLIC_TEST_1}</li> 5 <li>{process.env.NEXT_STATIC_TEST_1}</li> 6 </ul> 7)
In the above example the output of process.env.NEXT_SERVER_TEST_1
should only be visible until client-side rendering kicks in.
In your next.config.js
:
1const nextEnv = require('next-env'); 2const dotenvLoad = require('dotenv-load'); 3 4dotenvLoad(); 5 6const withNextEnv = nextEnv({ 7 staticPrefix: 'CUSTOM_STATIC_', 8 publicPrefix: 'CUSTOM_PUBLIC_', 9}); 10 11module.exports = withNextEnv({ 12 // Your Next.js config. 13});
In your .env
:
CUSTOM_SERVER_TEST_1=ONLY_ON_SSR
CUSTOM_PUBLIC_TEST_1=INJECTED_BY_SSR
CUSTOM_STATIC_TEST_1=STATIC_TEXT
In your next.config.js
:
1const withPlugins = require('next-compose-plugins'); 2const nextEnv = require('next-env'); 3const dotenvLoad = require('dotenv-load'); 4 5dotenvLoad(); 6 7const nextConfig = { 8 // Your Next.js config. 9}; 10 11module.exports = withPlugins([ 12 13 nextEnv({ 14 staticPrefix: 'CUSTOM_STATIC_', 15 publicPrefix: 'CUSTOM_PUBLIC_', 16 }), 17 18 // another plugin with a configuration 19 [typescript, { 20 typescriptLoaderOptions: { 21 transpileOnly: false, 22 }, 23 }], 24 25], nextConfig);
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
Found 0/8 approved changesets -- score normalized to 0
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
Reason
license file not detected
Details
Reason
project is not fuzzed
Details
Reason
branch protection not enabled on development/release branches
Details
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
Reason
86 existing vulnerabilities detected
Details
Score
Last Scanned on 2025-06-30
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More