Node.js lesson · 32 min

Node.js Environment Variables

Read configuration from `process.env`, use safe defaults, and avoid leaking secrets.

Code runs locally in your browser

What you will practice

Understand process.env as runtime configuration.
Use fallback values safely.
Recognize secret-handling boundaries.

What this means

Environment variables are configuration values supplied to a running process.

Node.js exposes them through `process.env` in real server code.

They are commonly used for ports, feature flags, database URLs, and secrets, but secrets must never be printed to users or shipped to the browser.

If this is your first time seeing this

Environment variables let deployment settings change without rewriting code.

They are useful for configuration, but secrets should stay secret.

Mini glossary

process.env: Where real Node.js exposes environment variables.
Secret: A sensitive value such as a token, password, or private key.
Fallback: A default value used when configuration is missing.

Example from everyday life

Environment variables are like notes handed to a worker at the start of a shift: use this port, connect to this database, run in production mode. The code can stay the same while the notes change.

How it works step by step

Create `config.js` and read values from `process.env`.
Convert `PORT` from a string to a number.
Use fallback values for missing optional configuration.
Print only safe summaries, not secret values.

Where you will use this

A server reads `PORT` to decide which port to listen on.
A production deployment sets `NODE_ENV=production`.
A backend stores database credentials outside source code.

Before you run the code

Do not commit `.env` files with real secrets.

Do not expose server-only environment variables to frontend code. In real deployments, configure secrets in the hosting platform or container environment.

Run it locally

These examples are meant for a local Node.js project. Create the files shown below, then run the terminal commands from the project folder.

Create the file

mkdir lumio-env-demo
cd lumio-env-demo
touch config.js

Read process.env

config.js

function readConfig() {
  const port = Number(process.env.PORT || 3000);
  const mode = process.env.NODE_ENV || "development";
  const apiToken = process.env.API_TOKEN;

  return {
    port,
    mode,
    hasApiToken: Boolean(apiToken)
  };
}

const config = readConfig();

console.log(`Mode: ${config.mode}`);
console.log(`Port: ${config.port}`);
console.log(`API token configured: ${config.hasApiToken}`);

Run on macOS/Linux

NODE_ENV=production PORT=4000 API_TOKEN=demo-token node config.js

Run in PowerShell

$env:NODE_ENV="production"
$env:PORT="4000"
$env:API_TOKEN="demo-token"
node config.js

Common beginner mistakes

Printing secrets in logs.
Committing real `.env` files.
Assuming every environment variable exists and has the right type.

Why there is no browser runner here

This lesson uses real Node.js APIs and terminal commands. Run the examples locally with Node.js so you learn the same workflow used in actual backend projects.

Try changing this next

Remove `PORT` and check the fallback.
Change `NODE_ENV` to `development`.
Print only whether a token exists, not the token value.

Previous lesson Next lesson