Ignoring Lines and Sections

dotenv-diff can skip certain lines or code sections from being flagged during secret detection. This is helpful when you know a specific URL or key is safe to include in your source code.

Ignore a Single Line

example.ts
const apiKey = 'https://safe-service.com'; // dotenv-diff-ignore

This will suppress potential secret warnings for the hardcoded URL but still allow dotenv-diff to report other issues (like missing variables) elsewhere.

Ignore in HTML/ Files

index.html
<a href="https://safe.example.com">Link</a> <!-- dotenv-diff-ignore -->

Ignore Entire Sections

template.html 
<!-- dotenv-diff-ignore-start -->
<p>Hardcoded data, images or links that are safe to ignore</p>
<img src="https://cdn.safe-service.com/image.png" />
<!-- dotenv-diff-ignore-end -->

All lines between <!-- dotenv-diff-ignore-start --> and <!-- dotenv-diff-ignore-end --> are ignored.

When to Use

  • When a hardcoded value (like a URL or test key) is intentionally safe.
  • To prevent false positives during CI/CD scans.
  • To skip irrelevant HTML or legacy code sections.

Best Practices

  • Use ignore comments sparingly — prefer environment variables for real secrets.
  • Never use it to hide actual API keys or production credentials.
  • Combine with --strict to still fail on non-ignored warnings.
← Scan Flags →