When perfectly good code destroys the production database.
A web application usually runs in three different environments: Local (on your laptop), Staging (for testing), and Production (real users). The code in all three environments is exactly the same. The only thing that changes is the Configuration (API keys, Database URLs), injected via Environment Variables. A catastrophic Environment Misconfiguration occurs when the Staging environment accidentally gets injected with Production credentials, causing tests to overwrite or delete real user data.
To prevent this, modern apps use the 12-Factor App methodology. You never hardcode credentials in your source code. You inject them into the running process. But humans make mistakes when copying keys into CI/CD pipelines or Docker configurations.
// BAD: Hardcoded secrets in code
const db = connect("postgres://prod-db.example.com:5432/main");
// GOOD: 12-Factor App methodology
const db = connect(process.env.DATABASE_URL);
// THE MISCONFIG:
// A developer accidentally ran this in the Staging terminal:
// export DATABASE_URL="postgres://prod-db..."
// npm run test:e2e // -> DELETES ALL PROD DATA
The cost of a misconfiguration is near-fatal. If a test suite runs against a production database, it will often drop tables, truncate data, or send thousands of test emails to real customers. To fix it, you have to restore from a backup and write an embarrassing apology email.