Is dotenv safe to use?

dotenv has no known vulnerabilities on the latest version (17.4.2). DepScope rates its health at 96/100 (low risk).

What is the latest version of dotenv?

The latest version of dotenv is 17.4.2, released 2026-04-12.

Does dotenv have known vulnerabilities?

No known vulnerabilities on the latest version of dotenv.

Is dotenv deprecated?

No, dotenv is actively maintained. Latest release: 17.4.2 (2026-04-12).

What are alternatives to dotenv?

Popular alternatives to dotenv in npm include: ?, semver, debug, ansi-styles, minimatch.

What license does dotenv use?

dotenv is licensed under BSD-2-Clause.

dotenv

npmv17.4.2

Loads environment variables from .env file

License BSD-2-Clausepermissive104 versions3 maintainers0 deps129,932,079 weekly dl

motdotla/dotenv

/ 100

Health

safe to use

[email protected] is safe to use (health: 96/100)

Health breakdown0 – 100

25/25

maintenance

20/20

popularity

25/25

security

15/15

maturity

11/15

community

0/15

popularity_floor

Vulnerabilities

none known

Bundle & TypeScript

📦

Bundle Size

5.7 KBminified

2.5 KB gzipped

0 direct dependencies

side effects

🌟

TypeScript

10/10typed

bundled

OSS Scorecard

OpenSSF security posture score

4.4/10

weak

Maintainer trust

Active maintainers (3m)

7

Contributors (12m)

7

Primary author dominance

91%

GitHub stars

20,384

single author dominance

Quality signals

OSS Criticality

0.82critical

Download trend

stable(+2.5%)

Publish security

npm signed

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/npm/dotenv

dotenv

npmv17.4.2

Loads environment variables from .env file

License BSD-2-Clausepermissive104 versions3 maintainers0 deps129,932,079 weekly dl

motdotla/dotenv

/ 100

Health

safe to use

[email protected] is safe to use (health: 96/100)

Health breakdown0 – 100

25/25

maintenance

20/20

popularity

25/25

security

15/15

maturity

11/15

community

0/15

popularity_floor

Vulnerabilities

none known

Bundle & TypeScript

📦

Bundle Size

5.7 KBminified

2.5 KB gzipped

0 direct dependencies

side effects

🌟

TypeScript

10/10typed

bundled

OSS Scorecard

OpenSSF security posture score

4.4/10

weak

Maintainer trust

Active maintainers (3m)

7

Contributors (12m)

7

Primary author dominance

91%

GitHub stars

20,384

single author dominance

Quality signals

OSS Criticality

0.82critical

Download trend

stable(+2.5%)

Publish security

npm signed

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/npm/dotenv