Close Open Privacy Scan

bolt Snapshot: commit 18aba13
science engine v3
schedule 2026-07-08T00:05:46.691053+00:00

verified_user No application data leak found

No high-confidence exfiltration was found in application code.

App Privacy Score

97 /100
Low privacy risk

Low risk · 4 finding(s)

Dependency score: 100 (Low risk)

bar_chart Score Breakdown

env_fs −3

list Scan Summary

0 high 0 medium 4 low
First-party packages: 1
Dependency packages: 0
Ecosystem: npm

swap_horiz Application data flows

No high- or medium-confidence application data-flow findings in this scan.

</> First-Party Code

first-party (npm)

npm first-party
expand_more 4 low-confidence finding(s)
low env_fs production #53ed67e4cd25443d Filesystem access.
repo/scripts/locales.js:1
var fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4bed5bb72df62ae1 Filesystem access.
repo/scripts/locales.js:20
        var content = fs.readFileSync(path.join(localeDir, locale), {encoding: 'utf-8'}),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c31e73fbca0e2342 Environment-variable access.
repo/tasks/check_sauce_creds.js:6
        if (process.env.SAUCE_USERNAME === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d7359ab6873120da Environment-variable access.
repo/tasks/nuget.js:26
        grunt.option('key', process.env.NUGET_KEY);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.