EnvVars

Detect exposed environment variables and hardcoded secrets in React, Vue, Angular, Svelte, Next.js, and other frontend frameworks.

EnvVars is a powerful Chrome extension that instantly detects environment variables and hardcoded secrets exposed in your frontend JavaScript bundles. Perfect for security audits, code reviews, and ensuring production builds don't leak sensitive information. Developed by GTM Enterprises LLC - Learn more at https://gtmenterprisesllc.com WHAT IT DETECTS Environment Variables: • React: REACT_APP_* variables • Vue 3: VITE_* variables • Svelte: VITE_* variables • Next.js: NEXT_PUBLIC_* variables • Angular: Environment object properties • Vite: VITE_* variables • Nuxt: NUXT_PUBLIC_* variables • Gatsby: GATSBY_* variables • Generic: NODE_ENV, PUBLIC_URL, BASE_URL Hardcoded Secrets (NEW in v3.0): • AWS Access Keys (AKIA...) • AWS Secret Keys (40-char base64) • Stripe API Keys (sk_live_, pk_test_, etc.) • Google API Keys (AIza...) • UUIDs (common in tokens) • Generic API Keys (32+ character alphanumeric) • Payment provider credentials (PayPal, Square, Twilio) KEY FEATURES Secret Detection: • Automatically identifies hardcoded credentials • Visual warning banner when secrets detected • Dedicated Secrets filter for quick review • Helps prevent accidental credential leaks Multi-Framework Support: • Supports 8+ popular frameworks • Detects both prefixed variables and minified code • Works with production and development builds • Handles webpack, Vite, and esbuild outputs Easy to Use: • Click extension icon on any webpage • Instantly see all detected variables • Filter by framework (React, Vue, Next.js, etc.) • Search functionality for quick lookup • Tab-based interface for organized navigation • Search across all page scripts in dedicated search tab • Copy individual values with one-click button • Copy all, export as JSON, or export as .env file Advanced Detection: • Scans inline and external JavaScript files • Parses minified and obfuscated code • Detects key-value pairs and object literals • Supports unquoted keys in minified output • Analyzes up to 10 external scripts per page Security & Privacy: • No data collection - All processing happens locally in your browser • No external requests - Extension only reads JavaScript from the current page • Open source - Full source code available on GitHub • Offline capable - Works without internet connection PERFECT FOR • Security researchers and penetration testers • DevOps engineers reviewing production builds • Frontend developers debugging configuration issues • Code reviewers checking for credential leaks • QA teams validating environment setups USER INTERFACE Clean, modern interface with: • Gradient header with extension icon and refresh button • Tab-based navigation (Variables + Script Search) • Searchable variable list • Framework-specific filter buttons (compact design) • Icon-based source indicators with hover tooltips • Dedicated script search tab to search all page scripts • Warning banners for detected secrets • Copy to clipboard functionality • Export to JSON or .env format for reports • Responsive design that fits your workflow RECENT UPDATES (v3.4.0) New in v3.4.0: • Tab-based navigation (Variables tab + Script Search tab) • Extension icon in header for better branding • Fixed false positive detection of generic properties (name, value, etc.) • Cleaner, more organized interface v3.3.0: • Individual copy buttons for each variable value • Export to .env format (KEY=value, one per line) • Full secret values displayed (no truncation) • Quick copy with visual feedback v3.2.0 - UI/UX Improvements: • Replaced source text with icons + popovers (cleaner, saves space) • Icons: external, inline/bundled, window, hardcoded • Script search feature across all page scripts • Compact button design v3.1.0 - Framework Support: • Full Vue 3, Svelte, Angular support • Fixed false positive NODE_ENV detection • Improved pattern matching for minified code v3.0.0 - Secret Detection: • Hardcoded secret detection (AWS, Stripe, Google, UUIDs) • Security warning banner • 21+ detection patterns Quality Assurance: • Comprehensive Playwright E2E test suite (9 passing tests) • Automated testing for all 8 frameworks • Docker-based testing infrastructure • Well-tested and production-ready USE CASES Security Audit: Navigate to your production site, click the extension, and instantly see all exposed environment variables and secrets. Perfect for pre-release security reviews. Development Debugging: Quickly check which environment variables made it into your build. Useful when debugging configuration issues or verifying build processes. Code Review: Validate that sensitive credentials are not hardcoded in frontend bundles. The Secrets filter highlights potential security issues. Compliance Check: Ensure your application meets security standards by verifying no API keys, tokens, or credentials are exposed in client-side code. REPORT ISSUES Found a bug or have a feature request? Report it on GitHub: https://github.com/GTM-Enterprises-LLC/chrome-extension-front-end-environment-variable-viewer/issues TIPS • Use the search box to quickly find specific variables • Click Secrets filter to review detected credentials • Export to JSON for documentation or reports • Check both development and production builds • Regular audits help catch accidental credential commits TECHNICAL DETAILS • Manifest Version: 3 (latest Chrome extension standard) • Permissions: activeTab, scripting, host_permissions • Detection Patterns: 21+ regex patterns for comprehensive coverage • Performance: Optimized to limit script scanning (max 10 files) • Size: Lightweight extension, minimal resource usage WHY ENVVARS? Unlike manual inspection of JavaScript files, EnvVars: • Instantly finds variables across multiple files • Understands framework-specific patterns • Detects minified and obfuscated code • Provides a clean, organized interface • Filters out noise, shows what matters • Identifies security risks automatically DOCUMENTATION & LINKS GitHub Repository: https://github.com/GTM-Enterprises-LLC/chrome-extension-front-end-environment-variable-viewer Report Issues: https://github.com/GTM-Enterprises-LLC/chrome-extension-front-end-environment-variable-viewer/issues Developer Website: https://gtmenterprisesllc.com Privacy Policy: https://gtmenterprisesllc.com/privacy-policy-envvars Support: https://gtmenterprisesllc.com/support Full documentation, testing guide, and demo applications available in the GitHub repository. Ready to secure your frontend? Install EnvVars today and ensure your environment variables and secrets are properly managed! Developed by GTM Enterprises LLC - https://gtmenterprisesllc.com ========================================