Yes, I am aware of that dotenv package.
But in order to use that package we have to define the .env file in the repository to use the defined variables, which means if the repository source code is public, then anyone can have access to the environment variables.