Env committed
env-committedWhy this matters
Committed env files turn private configuration into repository history. Even after deletion, old commits can keep secrets recoverable.
Detection
Public GitHub repo scans sample repository files and flag committed .env-style files outside safe examples.
Might be okay if
An intentionally empty .env.example is fine; real .env files with values should never be committed.