The --baseline flag helps you adopt dotenv-diff in projects that already contain known warnings.
It records the current warning state into a baseline file, so future runs can focus on newly introduced issues.
When you run:
dotenv-diff --baselinedotenv-diff will:
- scan your codebase as normal
- collect the warnings from the current scan result
- write a
dotenv-diff.baseline.jsonfile in the working directory - exit cleanly (
exit code 0) after writing the file
On later runs (without --baseline), dotenv-diff automatically loads this file and suppresses matching warnings.
The baseline file is written in your current working directory:
dotenv-diff.baseline.json
In monorepos, this means each app/package can keep its own baseline by running dotenv-diff from that folder.
Baseline suppression supports the same categories produced by scan usage checks, including:
- missing variables
- unused variables
- duplicate keys (
.env/.env.example) - framework warnings
- uppercase key warnings
- inconsistent naming warnings
- expiration warnings
- secret findings (stored as fingerprints)
.env.examplesecret warnings- logged variable usages (
console.logof env variables)
You can combine baseline with JSON output:
dotenv-diff --baseline --jsonSuccess output includes:
filewarningsStored
If writing fails, the process will exit with an exit code of 1.
- Create a baseline once for the current state:
dotenv-diff --baseline-
Commit
dotenv-diff.baseline.json. -
Run dotenv-diff normally in local development and CI.
-
Fix issues incrementally and remove stale baseline entries over time.
-
Recreate the baseline only when you intentionally accept a new known warning set.
- Review baseline changes in pull requests like any other code change.
- Keep the baseline file small by removing entries after fixes.
- Prefer fixing warnings over growing the baseline indefinitely.
- Avoid regenerating baseline automatically in CI; treat it as a reviewed artifact.