dotenv - dependency health snapshot - depmedic

depmedic / health / dotenv

dotenv v16.0.3

Loads environment variables from .env file

A
96/100 depmedic health score
snapshot taken 2026-04-28T07:20:00.865Z

Score breakdown

Popularity87/100
Maintenance100/100
Quality100/100
Risk (penalty for deprecated)100/100

Snapshot

Weekly downloads
0
Monthly downloads
117.4M
npm dependents
0
GitHub stars
16.3K
Open issues
45
License
BSD-2-Clause
TypeScript types
no
Maintainers (top 5)
~jcblw, scottmotte, motdotla

Embed the badge

Drop one of these into your README. Updates whenever depmedic re-runs the snapshot.

depmedic health: 96/100 (A)

![depmedic health](https://depmedicdev-byte.github.io/health/badge/dotenv.svg)

Use depmedic locally on this package

# In your project that depends on dotenv:
npm install dotenv
npx depmedic                    # vulnerability triage on your install
npx depmedic --severity=high    # CI-friendly: exits 1 on high+critical

Want a deep audit of dotenv for vendor review?

The Vendor Dossier PDF goes deeper than this snapshot: full advisory list (resolved + open), maintainer drift, release cadence, transitive risk, license tree. $9 one-time per package.

Order Vendor Dossier ($9) More tools

Org-wide monitoring

Track every package across your repos. Get an email when any one slips below your minimum grade. $19/mo.

Org Dep Health Monitor ($19/mo)