direnv

Shell extension that loads/unloads environment variables when you cd into/out of directories. Each project has an .envrc file that runs on directory entry and is unloaded on exit. Supports loading .env files, setting PATH, activating virtual environments, loading Nix shells, and running arbitrary shell commands. The de-facto standard for per-project environment management in Unix environments.

Evaluated Mar 06, 2026 (0d ago) v2.x
Homepage ↗ Repo ↗ Developer Tools shell environment dotenv nix project-specific cd-hooks bash zsh fish
⚙ Agent Friendliness
66
/ 100
Can an agent use this?
🔒 Security
86
/ 100
Is it safe for agents?
⚡ Reliability
88
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
--
Documentation
85
Error Messages
78
Auth Simplicity
95
Rate Limits
100

🔒 Security

TLS Enforcement
95
Auth Strength
88
Scope Granularity
82
Dep. Hygiene
88
Secret Handling
78

Security model: .envrc must be explicitly allowed via 'direnv allow' to prevent automatic execution of untrusted code. Secrets in .envrc files should not be committed. MIT licensed.

⚡ Reliability

Uptime/SLA
88
Version Stability
90
Breaking Changes
88
Error Recovery
85
AF Security Reliability

Best When

You need per-project environment variables that automatically load on cd — the standard Unix tool for this exact use case.

Avoid When

You need cross-platform support (Windows) or tool installation — direnv sets environment variables but doesn't install tools.

Use Cases

  • Auto-load project-specific environment variables (API keys, DATABASE_URL) when entering a project directory
  • Activate Python virtual environments automatically when cd-ing into a Python project without manual 'source venv/bin/activate'
  • Load Nix development shells with 'use nix' or 'use flake' for reproducible environments per project
  • Set project-specific PATH extensions, tool versions, and shell configuration that unloads when leaving the directory
  • Load .env files securely for local development without committing secrets to version control

Not For

  • Windows environments — direnv is Unix-only (macOS, Linux, WSL); not natively supported on Windows PowerShell
  • Reproducible environment definitions — direnv loads environment but doesn't install tools; use Devbox, Nix, or mise for tool installation
  • Server-side environment management — use Vault, AWS SSM, or Kubernetes secrets for server environments

Interface

REST API
No
GraphQL
No
gRPC
No
MCP Server
No
SDK
No
Webhooks
No

Authentication

Methods: none
OAuth: No Scopes: No

No authentication — local shell extension. .envrc files are trusted via 'direnv allow'.

Pricing

Model: open_source
Free tier: Yes
Requires CC: No

MIT licensed. Completely free.

Agent Metadata

Pagination
none
Idempotent
Full
Retry Guidance
Not documented

Known Gotchas

  • .envrc files must be explicitly trusted with 'direnv allow' — new or changed files are blocked until allowed (security feature)
  • direnv runs .envrc in a bash subprocess — complex shell functions, aliases, and sourced files may not work as expected
  • Secrets in .envrc are loaded into environment — avoid putting .envrc in version control if it contains real credentials
  • direnv hooks must be added to shell rc file (eval '$(direnv hook bash)') — missing hook means .envrc doesn't auto-load
  • Nix integration ('use nix' or 'use flake') requires Nix installation — direnv itself doesn't provide Nix
  • Performance of complex .envrc (running commands, activating venvs) adds latency to every cd command — keep .envrc fast

Alternatives

devbox-api mise-api

Full Evaluation Report

Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for direnv.

$99
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-06.

5215
Packages Evaluated
26151
Need Evaluation
173
Need Re-evaluation
Community Powered