EnvVars

Name: EnvVars
Author: gtmenterprises

Detect exposed environment variables and hardcoded secrets in React, Vue, Angular, Svelte, Next.js, and other frontend frameworks.

As of June 2026, EnvVars has 23 users in the Developer Tools category.

gtmenterprises Developer Tools

Chrome Web Store ↗.crx

Users+91.7%

Rating0%

—

— reviews

Reviews0%

—

Version

3.5.0

Manifest V3

History

8 snapshots

Tracking since Apr 16, 2026.

View as table

Date	Users	Rating	Reviews	Version
Apr 16, 2026	12	—	—	3.5.0
Apr 22, 2026	17	—	—	3.5.0
Apr 27, 2026	18	—	—	3.5.0
May 10, 2026	18	—	—	3.5.0
May 15, 2026	19	—	—	3.5.0
May 21, 2026	22	—	—	3.5.0
May 27, 2026	21	—	—	3.5.0
Jun 5, 2026	20	—	—	3.5.0
Now	23	—	—	3.5.0

Permissions & access

Permissions: activeTabscriptingstorage
Host access: <all_urls>

Screenshots

About

EnvVars is a powerful Chrome extension that instantly detects environment
  variables and hardcoded secrets exposed in your frontend JavaScript bundles.
  Perfect for security audits, code reviews, and ensuring production builds
  don't leak sensitive information.

  Developed by GTM Enterprises LLC - Learn more at https://gtmenterprisesllc.com

  WHAT IT DETECTS

  Environment Variables:
  • React: REACT_APP_* variables
  • Vue 3: VITE_* variables
  • Svelte: VITE_* variables
  • Next.js: NEXT_PUBLIC_* variables
  • Angular: Environment object properties
  • Vite: VITE_* variables
  • Nuxt: NUXT_PUBLIC_* variables
  • Gatsby: GATSBY_* variables
  • Generic: NODE_ENV, PUBLIC_URL, BASE_URL

  Hardcoded Secrets (NEW in v3.0):
  • AWS Access Keys (AKIA...)
  • AWS Secret Keys (40-char base64)
  • Stripe API Keys (sk_live_, pk_test_, etc.)
  • Google API Keys (AIza...)
  • UUIDs (common in tokens)
  • Generic API Keys (32+ character alphanumeric)
  • Payment provider credentials (PayPal, Square, Twilio)

  KEY FEATURES

  Secret Detection:
  • Automatically identifies hardcoded credentials
  • Visual warning banner when secrets detected
  • Dedicated Secrets filter for quick review
  • Helps prevent accidental credential leaks

  Multi-Framework Support:
  • Supports 8+ popular frameworks
  • Detects both prefixed variables and minified code
  • Works with production and development builds
  • Handles webpack, Vite, and esbuild outputs

  Easy to Use:
  • Click extension icon on any webpage
  • Instantly see all detected variables
  • Filter by framework (React, Vue, Next.js, etc.)
  • Search functionality for quick lookup
  • Tab-based interface for organized navigation
  • Search across all page scripts in dedicated search tab
  • Copy individual values with one-click button
  • Copy all, export as JSON, or export as .env file

  Advanced Detection:
  • Scans inline and external JavaScript files
  • Parses minified and obfuscated code
  • Detects key-value pairs and object literals
  • Supports unquoted keys in minified output
  • Analyzes up to 10 external scripts per page

  Security & Privacy:
  • No data collection - All processing happens locally in your browser
  • No external requests - Extension only reads JavaScript from the current page
  • Open source - Full source code available on GitHub
  • Offline capable - Works without internet connection

  PERFECT FOR
  • Security researchers and penetration testers
  • DevOps engineers reviewing production builds
  • Frontend developers debugging configuration issues
  • Code reviewers checking for credential leaks
  • QA teams validating environment setups

  USER INTERFACE

  Clean, modern interface with:
  • Gradient header with extension icon and refresh button
  • Tab-based navigation (Variables + Script Search)
  • Searchable variable list
  • Framework-specific filter buttons (compact design)
  • Icon-based source indicators with hover tooltips
  • Dedicated script search tab to search all page scripts
  • Warning banners for detected secrets
  • Copy to clipboard functionality
  • Export to JSON or .env format for reports
  • Responsive design that fits your workflow

  RECENT UPDATES (v3.5.0)

  New in v3.5.0:
  • Minor stability improvements and bug fixes

  v3.4.0:
  • Tab-based navigation (Variables tab + Script Search tab)
  • Extension icon in header for better branding
  • Fixed false positive detection of generic properties (name, value, etc.)
  • Cleaner, more organized interface

  v3.3.0:
  • Individual copy buttons for each variable value
  • Export to .env format (KEY=value, one per line)
  • Full secret values displayed (no truncation)
  • Quick copy with visual feedback

  v3.2.0 - UI/UX Improvements:
  • Replaced source text with icons + popovers (cleaner, saves space)
  • Icons: external, inline/bundled, window, hardcoded
  • Script search feature across all page scripts
  • Compact button design

  v3.1.0 - Framework Support:
  • Full Vue 3, Svelte, Angular support
  • Fixed false positive NODE_ENV detection
  • Improved pattern matching for minified code

  v3.0.0 - Secret Detection:
  • Hardcoded secret detection (AWS, Stripe, Google, UUIDs)
  • Security warning banner
  • 21+ detection patterns

  Quality Assurance:
  • Comprehensive Playwright E2E test suite (9 passing tests)
  • Automated testing for all 8 frameworks
  • Docker-based testing infrastructure
  • Well-tested and production-ready

  USE CASES

  Security Audit: Navigate to your production site, click the extension, and
  instantly see all exposed environment variables and secrets. Perfect for
  pre-release security reviews.

  Development Debugging: Quickly check which environment variables made it into
  your build. Useful when debugging configuration issues or verifying build
  processes.

  Code Review: Validate that sensitive credentials are not hardcoded in frontend
   bundles. The Secrets filter highlights potential security issues.

  Compliance Check: Ensure your application meets security standards by
  verifying no API keys, tokens, or credentials are exposed in client-side code.

  REPORT ISSUES

  Found a bug or have a feature request? Report it on GitHub:
  https://github.com/GTM-Enterprises-LLC/chrome-extension-front-end-environment-
  variable-viewer/issues

  TIPS
  • Use the search box to quickly find specific variables
  • Click Secrets filter to review detected credentials
  • Export to JSON for documentation or reports
  • Check both development and production builds
  • Regular audits help catch accidental credential commits

  TECHNICAL DETAILS
  • Manifest Version: 3 (latest Chrome extension standard)
  • Permissions: activeTab, scripting, host_permissions
  • Detection Patterns: 21+ regex patterns for comprehensive coverage
  • Performance: Optimized to limit script scanning (max 10 files)
  • Size: Lightweight extension, minimal resource usage

  WHY ENVVARS?

  Unlike manual inspection of JavaScript files, EnvVars:
  • Instantly finds variables across multiple files
  • Understands framework-specific patterns
  • Detects minified and obfuscated code
  • Provides a clean, organized interface
  • Filters out noise, shows what matters
  • Identifies security risks automatically

  DOCUMENTATION & LINKS

  GitHub Repository: https://github.com/GTM-Enterprises-LLC/chrome-extension-fro
  nt-end-environment-variable-viewer
  Report Issues: https://github.com/GTM-Enterprises-LLC/chrome-extension-front-e
  nd-environment-variable-viewer/issues
  Developer Website: https://gtmenterprisesllc.com
  Privacy Policy: https://gtmenterprisesllc.com/privacy-policy-envvars
  Support: https://gtmenterprisesllc.com/support

  Full documentation, testing guide, and demo applications available in the
  GitHub repository.

  Ready to secure your frontend? Install EnvVars today and ensure your
  environment variables and secrets are properly managed!

  Developed by GTM Enterprises LLC - https://gtmenterprisesllc.com