09a385669b
We've seen too many instances of folks accidentally committing their `.env` files that I feel it's time to make this change. Up until now, Next.js has recommended that you use `.env.local` when working locally to store your environment variables. Some developers do intentionally want to commit their `.env` file without secret values to source control. However, the ecosystem is fragmented on `.local` support. There are tools which require secrets values that do _not_ support `.local` and require using `.env`. This means that it's possible to dump your secret values into a `.env` file and commit to source control, thinking that the defaults would have you covered. This change updates the defaults for `create-next-app` to ignore all `.env` files by default. If you want to commit then, you opt-in by modifying your `.gitignore`, versus the opposite. Related: https://x.com/complexlity/status/1755890800527892716 --------- Co-authored-by: Sam Ko <sam@vercel.com> |
||
---|---|---|
.. | ||
create-next-app | ||
eslint-config-next | ||
eslint-plugin-next | ||
font | ||
next | ||
next-bundle-analyzer | ||
next-codemod | ||
next-env | ||
next-mdx | ||
next-plugin-storybook | ||
next-polyfill-module | ||
next-polyfill-nomodule | ||
next-swc | ||
react-refresh-utils | ||
third-parties |