In scripts/validate-env-examples.js, the script validates that all env variables are documented in .env.example files but does not check that .env.example files don't contain real secret values (e.g., actual API keys, private keys).
File: scripts/validate-env-examples.js
Fix: Add a check that scans .env.example values for patterns that look like real secrets (e.g., long hex strings, base58 keys) and fails CI if any are found.
In
scripts/validate-env-examples.js, the script validates that all env variables are documented in.env.examplefiles but does not check that.env.examplefiles don't contain real secret values (e.g., actual API keys, private keys).File:
scripts/validate-env-examples.jsFix: Add a check that scans
.env.examplevalues for patterns that look like real secrets (e.g., long hex strings, base58 keys) and fails CI if any are found.