Public prefix shouldn't be allowed on server variables

[Jacob-Lockwood]

You can accidentally include one of your public environment variables in the server object, preventing you from accessing it on the client even though it is public. There should probably be an error if the server variable section has a public prefix, to prevent this from happening.

For example, this env in NextJS:

export const env = createEnv({
  server: {
    DATABASE_URL: z.string().url(),
    NEXT_PUBLIC_API_KEY: z.string().min(1),
//  ^^^^^^^^^^^^ ideally, this should be an error
  },
  client: {
    NEXT_PUBLIC_OTHER_VARIABLE: z.string().url(),
  },
  runtimeEnv: { ... },
});

Not sure how big of an issue this is but it seems like a good and fairly easy fix. I can send a PR if it would be helpful.

[chungweileong94]

Actually, I don't think this is really necessary tho, you can technically access anything on server-side.

[Jacob-Lockwood]

I think it might still be good as a warning if people do it accidentally, because if you make this mistake you won't be able to access your environment variables on the client-side.

[chungweileong94]

I think it might still be good as a warning if people do it accidentally, because if you make this mistake you won't be able to access your environment variables on the client-side.

Well, you got a point.