1 min read


Usage process.env.NEXT_PUBLIC_* environment variables must be allowlisted.
Table of Contents

Conformance is available on Enterprise plans

This rule is available from version 1.4.0.

The use of process.env.NEXT_PUBLIC_* environment variables may warrant a review from other developers to ensure there are no unintended leakage of environment variables.

When enabled, this rule requires that all usage of NEXT_PUBLIC_* must be included in the allowlist.

This rule will catch any pages or routes that are using process.env.NEXT_PUBLIC_* environment variables.

In the following example, we are using a local variable to initialize our analytics service. As the variable will be visible in the client, a review of the code is required, and the usage should be added to the allowlist.

function HomePage() {
  return <h1>Hello World</h1>;
export default HomePage;

If you hit this issue, include the entry in the Conformance allowlist file.

Last updated on May 18, 2024