Close Open Privacy Scan

link https://github.com/sequelize/sequelize

bolt Snapshot: commit c770094

science engine v1

schedule 2026-06-25T22:10:25.116790+00:00

App Privacy Score

97 /100

Low privacy risk

Low risk · 958 finding(s)

Dependency score: 37 (High risk)

bar_chart Score Breakdown

env_fs −3

list Scan Summary

1 high 5 medium 952 low

First-party packages: 4

Dependency packages: 37

Ecosystem: npm

swap_horiz Application data flows

No application data flows were found. See dependency data flows below.

hub Dependency data flows (6)

high ibm_db dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.

pkgs/npm/[email protected]/installer/driverInstall.js:49 → pkgs/npm/[email protected]/installer/driverInstall.js:778

medium nx dependency PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.

pkgs/npm/[email protected]/src/command-line/init/init-v1.js:23 → pkgs/npm/[email protected]/src/command-line/init/init-v1.js:23

medium nx dependency PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.

pkgs/npm/[email protected]/src/command-line/migrate/migrate.js:1208 → pkgs/npm/[email protected]/src/command-line/migrate/migrate.js:1257

medium ibm_db dependency PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.

pkgs/npm/[email protected]/installer/driverInstall.js:162 → pkgs/npm/[email protected]/installer/driverInstall.js:193

medium esbuild dependency PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.

pkgs/npm/[email protected]/install.js:29 → pkgs/npm/[email protected]/install.js:260

medium esbuild dependency PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.

pkgs/npm/[email protected]/lib/main.js:1889 → pkgs/npm/[email protected]/lib/main.js:1973

</> First-Party Code

first-party (npm)

npm first-party

expand_more 14 low-confidence finding(s)

low env_fs production #a9a4b852ad241466 — Environment-variable access.

repo/build-packages.mjs:74

      PATH: `${process.env.PATH || ''}:${path.join(rootDir, 'node_modules/.bin')}`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e4f5b66004cfd450 — Filesystem access.

repo/dev/sync-exports.mjs:106

    await fs.writeFile(indexPath, fileContents, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1077e8be5de46200 — Filesystem access.

repo/packages/cli/src/_internal/test-helpers.ts:88

        await writeFile(join(migrationsDir, fixture.name), buildJsContent(fixture));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1b014108b38ff36f — Filesystem access.

repo/packages/cli/src/_internal/test-helpers.ts:93

        await writeFile(join(migrationDir, 'up.sql'), up);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #445d47485bb09d08 — Filesystem access.

repo/packages/cli/src/_internal/test-helpers.ts:96

          await writeFile(join(migrationDir, 'down.sql'), down);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ab7efaa30711b4a1 — Filesystem access.

repo/packages/cli/src/api/generate-migration.ts:31

      fs.writeFile(path.join(migrationPath, 'up.sql'), ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c338e426e0f381c4 — Filesystem access.

repo/packages/cli/src/api/generate-migration.ts:32

      fs.writeFile(path.join(migrationPath, 'down.sql'), ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aaa84a58de2fdde4 — Filesystem access.

repo/packages/cli/src/api/generate-seed.ts:31

      fs.writeFile(path.join(seedPath, 'up.sql'), ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fef0421870219c21 — Filesystem access.

repo/packages/cli/src/api/generate-seed.ts:32

      fs.writeFile(path.join(seedPath, 'down.sql'), ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #907f19e0aaeecd05 — Filesystem access.

repo/packages/cli/src/api/get-umzug.ts:110

      const fileContents = await fs.readFile(upFilename, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e0c5cc4808a2b45f — Filesystem access.

repo/packages/cli/src/api/get-umzug.ts:120

      const fileContents = await fs.readFile(downFilename, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8642f364f8ae7867 — Environment-variable access.

repo/packages/core/src/abstract-dialect/query-generator-typescript.ts:984

    if (process.env.npm_lifecycle_event !== 'mocha') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f0868e14eb6b8ef3 — Environment-variable access.

repo/packages/core/src/utils/check.ts:20

  return process.env.NODE_ENV !== 'production';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9233df66eeeb00b0 — Filesystem access.

repo/packages/utils/src/node/read-file-if-exists.ts:15

    return await fs.readFile(filePath, options);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/cli

npm first-party

expand_more 9 low-confidence finding(s)

low env_fs production #1077e8be5de46200 — Filesystem access.

repo/packages/cli/src/_internal/test-helpers.ts:88

        await writeFile(join(migrationsDir, fixture.name), buildJsContent(fixture));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1b014108b38ff36f — Filesystem access.

repo/packages/cli/src/_internal/test-helpers.ts:93

        await writeFile(join(migrationDir, 'up.sql'), up);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #445d47485bb09d08 — Filesystem access.

repo/packages/cli/src/_internal/test-helpers.ts:96

          await writeFile(join(migrationDir, 'down.sql'), down);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ab7efaa30711b4a1 — Filesystem access.

repo/packages/cli/src/api/generate-migration.ts:31

      fs.writeFile(path.join(migrationPath, 'up.sql'), ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c338e426e0f381c4 — Filesystem access.

repo/packages/cli/src/api/generate-migration.ts:32

      fs.writeFile(path.join(migrationPath, 'down.sql'), ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aaa84a58de2fdde4 — Filesystem access.

repo/packages/cli/src/api/generate-seed.ts:31

      fs.writeFile(path.join(seedPath, 'up.sql'), ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fef0421870219c21 — Filesystem access.

repo/packages/cli/src/api/generate-seed.ts:32

      fs.writeFile(path.join(seedPath, 'down.sql'), ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #907f19e0aaeecd05 — Filesystem access.

repo/packages/cli/src/api/get-umzug.ts:110

      const fileContents = await fs.readFile(upFilename, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e0c5cc4808a2b45f — Filesystem access.

repo/packages/cli/src/api/get-umzug.ts:120

      const fileContents = await fs.readFile(downFilename, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/core

npm first-party

expand_more 2 low-confidence finding(s)

low env_fs production #8642f364f8ae7867 — Environment-variable access.

repo/packages/core/src/abstract-dialect/query-generator-typescript.ts:984

    if (process.env.npm_lifecycle_event !== 'mocha') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f0868e14eb6b8ef3 — Environment-variable access.

repo/packages/core/src/utils/check.ts:20

  return process.env.NODE_ENV !== 'production';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/utils

npm first-party

expand_more 1 low-confidence finding(s)

low env_fs production #9233df66eeeb00b0 — Filesystem access.

repo/packages/utils/src/node/read-file-if-exists.ts:15

    return await fs.readFile(filePath, options);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

</> Dependencies

ibm_db

npm dependency

high pii_flow dependency Excluded from app score #79a62b7c41a481bb — User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.

pkgs/npm/[email protected]/installer/driverInstall.js:778 · flow /tmp/closeopen-tkon4phc/pkgs/npm/[email protected]/installer/driverInstall.js:49 → /tmp/closeopen-tkon4phc/pkgs/npm/[email protected]/installer/driverInstall.js:778

        var req = https.request(options, function(res) {
            // Handle redirects
            if (res.statusCode >= 300 && res.statusCode < 400 && res.headers.location) {
                var redirectUrl = new URL(res.headers.location);
                options.hostname = redirectUrl.hostname;
                options.path = redirectUrl.pathname;
                res.resume();
                var redirectReq = https.request(options, handleResponse);
                redirectReq.on('error', function(err) {
                    console.error('\nHTTPS request error:', err.message);
                    installationFailed(err.message);
                });
                redirectReq.end();
                return;
            }
            handleResponse(res);
        });

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium pii_flow dependency Excluded from app score #6426a8a547e1130d — PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.

pkgs/npm/[email protected]/installer/driverInstall.js:193 · flow /tmp/closeopen-tkon4phc/pkgs/npm/[email protected]/installer/driverInstall.js:162 → /tmp/closeopen-tkon4phc/pkgs/npm/[email protected]/installer/driverInstall.js:193

              console.log(IBM_DB_LIB, " directory does not exist. Please ",
                  "check if you have set the IBM_DB_HOME environment ",
                  "variable\'s value correctly.\n");

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 54 low-confidence finding(s)

low env_fs dependency Excluded from app score #7b27033f29c9b41f — Filesystem access.

pkgs/npm/[email protected]/installer/driverInstall.js:5

var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b27033f29c9b41f — Filesystem access.

pkgs/npm/[email protected]/installer/driverInstall.js:5

var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #933358920c0895d4 — Environment-variable access.

pkgs/npm/[email protected]/installer/driverInstall.js:30

if(process.env.npm_config_loglevel == 'warn') { // -quiet option

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3849f9418f087c8a — Environment-variable access.

pkgs/npm/[email protected]/installer/driverInstall.js:33

if(process.env.npm_config_loglevel == 'silent') { // -silent option

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48f254ec28ebbb17 — Environment-variable access.

pkgs/npm/[email protected]/installer/driverInstall.js:48

if (process.env.npm_config_cafile) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b454b2561b974600 — Filesystem access.

pkgs/npm/[email protected]/installer/driverInstall.js:49

    const ca = fs.readFileSync(process.env.npm_config_cafile);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e10ac9bdaa26e8b6 — Environment-variable access.

pkgs/npm/[email protected]/installer/driverInstall.js:49

    const ca = fs.readFileSync(process.env.npm_config_cafile);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d64bb8d35ccd6726 — Environment-variable access.

pkgs/npm/[email protected]/installer/driverInstall.js:52

else if (process.env.npm_package_config_cafile) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9630377bd7d4fd6 — Filesystem access.

pkgs/npm/[email protected]/installer/driverInstall.js:53

    const ca = fs.readFileSync(process.env.npm_package_config_cafile);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eccee784463285c9 — Environment-variable access.

pkgs/npm/[email protected]/installer/driverInstall.js:53

    const ca = fs.readFileSync(process.env.npm_package_config_cafile);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #569158328e30ea3f — Environment-variable access.

pkgs/npm/[email protected]/installer/driverInstall.js:61

if(process.env.npm_config_clidriver && process.env.npm_config_clidriver != true) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #569158328e30ea3f — Environment-variable access.

pkgs/npm/[email protected]/installer/driverInstall.js:61

if(process.env.npm_config_clidriver && process.env.npm_config_clidriver != true) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75a116a21889190e — Environment-variable access.

pkgs/npm/[email protected]/installer/driverInstall.js:62

    clidriverVersion = process.env.npm_config_clidriver;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1de44db325ebf625 — Environment-variable access.

pkgs/npm/[email protected]/installer/driverInstall.js:69

else if(process.env.npm_package_config_clidriver && process.env.npm_package_config_clidriver != true) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1de44db325ebf625 — Environment-variable access.

pkgs/npm/[email protected]/installer/driverInstall.js:69

else if(process.env.npm_package_config_clidriver && process.env.npm_package_config_clidriver != true) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a83c32d5eacb994c — Environment-variable access.

pkgs/npm/[email protected]/installer/driverInstall.js:70

    clidriverVersion = process.env.npm_package_config_clidriver;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce6a1cc58d8fcbc8 — Environment-variable access.

pkgs/npm/[email protected]/installer/driverInstall.js:76

else if(process.env.CLIDRIVER_DOWNLOAD_VERSION) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6741df276ece1480 — Environment-variable access.

pkgs/npm/[email protected]/installer/driverInstall.js:77

    clidriverVersion = process.env.CLIDRIVER_DOWNLOAD_VERSION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ebfd8883c7ba8bf0 — Environment-variable access.

pkgs/npm/[email protected]/installer/driverInstall.js:110

installerURL = process.env.npm_config_IBM_DB_INSTALLER_URL ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be91db327f8b8b40 — Environment-variable access.

pkgs/npm/[email protected]/installer/driverInstall.js:111

               process.env.npm_package_config_IBM_DB_INSTALLER_URL ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5eaffce1034e0799 — Environment-variable access.

pkgs/npm/[email protected]/installer/driverInstall.js:112

               process.env.IBM_DB_INSTALLER_URL || installerURL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #196e02d3f2a824a9 — Environment-variable access.

pkgs/npm/[email protected]/installer/driverInstall.js:144

    if((process.env.DOWNLOAD_CLIDRIVER == "true") &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7278c41d427c490b — Environment-variable access.

pkgs/npm/[email protected]/installer/driverInstall.js:150

    if(process.env.DOWNLOAD_CLIDRIVER == "true"){

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #059aa19b0c108919 — Environment-variable access.

pkgs/npm/[email protected]/installer/driverInstall.js:151

        process.env.IBM_DB_HOME = '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d3433ea5a248bed — Environment-variable access.

pkgs/npm/[email protected]/installer/driverInstall.js:160

    if (process.env.IBM_DB_HOME) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5670d45a62bc72f — Environment-variable access.

pkgs/npm/[email protected]/installer/driverInstall.js:161

        if (fs.existsSync(process.env.IBM_DB_HOME) || platform == "os390") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b3d41ee895cc9122 — Environment-variable access.

pkgs/npm/[email protected]/installer/driverInstall.js:162

          IBM_DB_HOME = process.env.IBM_DB_HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56d3c8b4cfd440ad — Environment-variable access.

pkgs/npm/[email protected]/installer/driverInstall.js:166

          printMsg(process.env.IBM_DB_HOME + " directory does not exist. Please" +

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d214f487d99036bf — Environment-variable access.

pkgs/npm/[email protected]/installer/driverInstall.js:174

        process.env.IBM_DB_HOME = IBM_DB_HOME.replace(/\s/g,'\\ ');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #23a57883dbd2c9dc — Environment-variable access.

pkgs/npm/[email protected]/installer/driverInstall.js:210

                process.env.IBM_DB_HOME = undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #911d8ac65f60beae — Environment-variable access.

pkgs/npm/[email protected]/installer/driverInstall.js:391

                    process.env.IBM_DB_HOME = IBM_DB_HOME.replace(/\s/g,'\\ ');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd94628f2b1c79e6 — Environment-variable access.

pkgs/npm/[email protected]/installer/driverInstall.js:409

                process.env.IBM_DB_HOME = IBM_DB_HOME.replace(/\s/g,'\\ ');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7cd43ad0e690187b — Filesystem access.

pkgs/npm/[email protected]/installer/driverInstall.js:496

                        fs.readFile(ODBC_BINDINGS_VCXPROJ_FILE, 'utf8', function (err,data) {
                            if (err)
                            {
                                console.log('\nReading failure: can not read ' +
                                'build/odbc_bindings.vcxproj! \n' +
                                'Proceeding with Pre-compiled Binary Installation.\n');
                                installPreCompiledBinary();
                                return;
                            }

                            //Removing kernel dependencies from the file.
                            // More flexible pattern to handle variations in formatting
                            var kernelLibsPattern = /kernel32\.lib[;\s]*user32\.lib[;\s]*gdi32\.lib[;\s]*winspool\.lib[;\s]*comdlg32\.lib[;\s]*advapi32\.lib[;\s]*shell32\.lib[;\s]*ole32\.lib[;\s]*oleaut32\.lib[;\s]*uuid\.lib[;\s]*odbc32\.lib[;\s]*DelayImp\.lib[;\s]*/gi;
                            var result = data.replace(kernelLibsPattern, '');
                            
                            // Check if replacement was successful
                            if (data !== result) {
                                printMsg("Successfully updated file build/odbc_bindings.vcxproj");
                            } else {
                                printMsg("Warning: Kernel dependencies pattern not found in build/odbc_bindings.vcxproj - file may have different format");
                            }

                            fs.writeFile(ODBC_BINDINGS_VCXPROJ_FILE, result, 'utf8', function (err) {
                                if (err)
                                {
                                    console.log('\nWriting failure: can not write ' + 'build/odbc_bindings.vcxproj! \n' +
                                    'Proceeding with Pre-compiled Binary Installation. \n');
                                    installPreCompiledBinary();
                                    return;
                                }
                                else printMsg("\nKernel additional dependencies removed successfully!\n");
                            });
                        });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7599a320023377d9 — Filesystem access.

pkgs/npm/[email protected]/installer/driverInstall.js:518

                            fs.writeFile(ODBC_BINDINGS_VCXPROJ_FILE, result, 'utf8', function (err) {
                                if (err)
                                {
                                    console.log('\nWriting failure: can not write ' + 'build/odbc_bindings.vcxproj! \n' +
                                    'Proceeding with Pre-compiled Binary Installation. \n');
                                    installPreCompiledBinary();
                                    return;
                                }
                                else printMsg("\nKernel additional dependencies removed successfully!\n");
                            });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d2c287ef09c58bb — Environment-variable access.

pkgs/npm/[email protected]/lib/odbc.js:27

if (process.env.IBM_DB_HOME) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2513f70e95a03667 — Environment-variable access.

pkgs/npm/[email protected]/lib/odbc.js:28

  clidriver = process.env.IBM_DB_HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f821f9709cb327c — Environment-variable access.

pkgs/npm/[email protected]/lib/odbc.js:32

  process.env.PATH = path.resolve(clidriver, 'bin') + ';' +

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0923580ee324d15c — Environment-variable access.

pkgs/npm/[email protected]/lib/odbc.js:35

                      path.resolve(clidriver, 'lib') + ';' + process.env.PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c6ea3c8b7aa4f7f — Environment-variable access.

pkgs/npm/[email protected]/lib/odbc.js:36

  process.env.LIB =  path.resolve(clidriver, 'bin') + ';' +

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed89363797ceb3ad — Environment-variable access.

pkgs/npm/[email protected]/lib/odbc.js:38

                      path.resolve(clidriver, 'lib') + ';' + process.env.LIB;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97108d44af72557a — Environment-variable access.

pkgs/npm/[email protected]/lib/odbc.js:41

  process.env.PATH = path.resolve(clidriver, 'bin') + ':' +

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d5e32851f0144d4e — Environment-variable access.

pkgs/npm/[email protected]/lib/odbc.js:42

                      path.resolve(clidriver, 'lib') + ':' + process.env.PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61cec8a27b5d5eaa — Environment-variable access.

pkgs/npm/[email protected]/lib/odbc.js:43

  process.env.LD_LIBRARY_PATH = path.resolve(clidriver, 'lib') + ':' +

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #39a1ab0c3b0d0b01 — Environment-variable access.

pkgs/npm/[email protected]/lib/odbc.js:44

                                path.resolve(clidriver, 'lib/icc') + ':' + process.env.LD_LIBRARY_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f01c63c8bdb283a — Environment-variable access.

pkgs/npm/[email protected]/lib/odbc.js:47

  process.env.PATH = path.resolve(clidriver, 'bin') + ':' +

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a3593fd2c48fa6f — Environment-variable access.

pkgs/npm/[email protected]/lib/odbc.js:48

                      path.resolve(clidriver, 'lib') + ':' + process.env.PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #176cb9e32b8f37a4 — Environment-variable access.

pkgs/npm/[email protected]/lib/odbc.js:49

  process.env.DYLD_LIBRARY_PATH = path.resolve(clidriver, 'lib') + ':' +

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a74451c639b3f111 — Environment-variable access.

pkgs/npm/[email protected]/lib/odbc.js:50

                                  path.resolve(clidriver, 'lib/icc') + ':' + process.env.DYLD_LIBRARY_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #74f23bc42b7105a8 — Environment-variable access.

pkgs/npm/[email protected]/lib/odbc.js:53

  process.env.PATH = path.resolve(clidriver, 'bin') + ':' +

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc9012f116bd7d3a — Environment-variable access.

pkgs/npm/[email protected]/lib/odbc.js:54

                      path.resolve(clidriver, 'lib') + ':' + process.env.PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a460b7026936bab — Environment-variable access.

pkgs/npm/[email protected]/lib/odbc.js:55

  process.env.LIBPATH = path.resolve(clidriver, 'lib') + ':' +

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd709db185b8321e — Environment-variable access.

pkgs/npm/[email protected]/lib/odbc.js:56

                        path.resolve(clidriver, 'lib/icc') + ':' + process.env.LIBPATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #caa9ba2f53bc50d8 — Filesystem access.

pkgs/npm/[email protected]/lib/odbc.js:1025

    fs.readFile(sql, function (err, sql) {
        if (err) {
            deferred ? deferred.reject(err) : cb(err);
        }
        else {
            var query = sql.toString();
            var myarray = query.split(delimiter);
            var res = "";
            if (outputfile !== undefined) {
                if (fs.existsSync(outputfile)) {
                    fs.unlinkSync(outputfile)
                }
                else {
                    fs.ensureFileSync(outputfile)
                }
            }
            for (var i = 0; i < myarray.length; i++) {
                query = (myarray[i]).trim();
                var result = [];
                if(query) {
                    result = self.querySync(query);
                    if (!Array.isArray(result)) {
                        if (outputfile === undefined) {
                            deferred ? deferred.reject(result) : cb(result);
                        }
                        else {
                            fs.appendFileSync(outputfile, result);
                        }
                    }
                    if (result.length > 0) {
                        result = JSON.stringify(result);
                        if (outputfile === undefined) {
                            res += result + delimiter;
                        }
                        else {
                            fs.appendFileSync(outputfile, result + delimiter);
                        }
                    }
                }
            }
            deferred ? deferred.resolve(res) : cb(err, res);
        }
    });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb67085a9f4c57a1 — Filesystem access.

pkgs/npm/[email protected]/lib/odbc.js:1107

    var query = fs.readFileSync(sql, 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

esbuild

npm dependency

medium pii_flow dependency Excluded from app score #46380f44cf7411f7 — PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.

pkgs/npm/[email protected]/install.js:260 · flow /tmp/closeopen-tkon4phc/pkgs/npm/[email protected]/install.js:29 → /tmp/closeopen-tkon4phc/pkgs/npm/[email protected]/install.js:260

      console.warn(`[esbuild] Ignoring bad configuration: ESBUILD_BINARY_PATH=${ESBUILD_BINARY_PATH}`);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium pii_flow dependency Excluded from app score #5c2d36b59c8cf49b — PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.

pkgs/npm/[email protected]/lib/main.js:1973 · flow /tmp/closeopen-tkon4phc/pkgs/npm/[email protected]/lib/main.js:1889 → /tmp/closeopen-tkon4phc/pkgs/npm/[email protected]/lib/main.js:1973

      console.warn(`[esbuild] Ignoring bad configuration: ESBUILD_BINARY_PATH=${ESBUILD_BINARY_PATH}`);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 26 low-confidence finding(s)

low env_fs dependency Excluded from app score #3d68158a4ef2b9c6 — Filesystem access.

pkgs/npm/[email protected]/install.js:26

var fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d68158a4ef2b9c6 — Filesystem access.

pkgs/npm/[email protected]/install.js:26

var fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e3a9c158c3e3e7f — Environment-variable access.

pkgs/npm/[email protected]/install.js:29

var ESBUILD_BINARY_PATH = process.env.ESBUILD_BINARY_PATH || ESBUILD_BINARY_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97e7732b50fa2e53 — Filesystem access.

pkgs/npm/[email protected]/install.js:89

var fs2 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97e7732b50fa2e53 — Filesystem access.

pkgs/npm/[email protected]/install.js:89

var fs2 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #730be5e1c551867e — Filesystem access.

pkgs/npm/[email protected]/install.js:186

    fs2.writeFileSync(path2.join(installDir, "package.json"), "{}");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0d02f9a44f366b8 — Filesystem access.

pkgs/npm/[email protected]/install.js:192

    binaryIntegrityCheck(pkg, subpath, fs2.readFileSync(installedBinPath));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94cd2bb6f0d09320 — Filesystem access.

pkgs/npm/[email protected]/install.js:217

  fs2.writeFileSync(toPath, `#!/usr/bin/env node
require('child_process').execFileSync(${pathString}, process.argv.slice(2), { stdio: 'inherit' });
`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a87681ef119d9c5 — Filesystem access.

pkgs/npm/[email protected]/install.js:221

  const code = fs2.readFileSync(libMain, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #125ab8ee2f98f3ca — Filesystem access.

pkgs/npm/[email protected]/install.js:222

  fs2.writeFileSync(libMain, `var ESBUILD_BINARY_PATH = ${pathString};
${code}`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac0456aafd8c6501 — Filesystem access.

pkgs/npm/[email protected]/install.js:250

    fs2.writeFileSync(binPath, bytes);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ff410af9e325195 — Filesystem access.

pkgs/npm/[email protected]/lib/main.js:1020

            fs3.readFile(response.code, (err, contents) => {
              if (err !== null) {
                callback(err, null);
              } else {
                response.code = contents;
                next();
              }
            });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d332b1a1bb00f1ef — Filesystem access.

pkgs/npm/[email protected]/lib/main.js:1031

            fs3.readFile(response.map, (err, contents) => {
              if (err !== null) {
                callback(err, null);
              } else {
                response.map = contents;
                next();
              }
            });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d73a64ff0792ba3 — Filesystem access.

pkgs/npm/[email protected]/lib/main.js:1057

      start = () => fs3.writeFile(input, next);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2041b3525a260d88 — Filesystem access.

pkgs/npm/[email protected]/lib/main.js:1714

            contents = streamIn.readFileSync(match[1], "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50ef1da3546a79e1 — Filesystem access.

pkgs/npm/[email protected]/lib/main.js:1886

var fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50ef1da3546a79e1 — Filesystem access.

pkgs/npm/[email protected]/lib/main.js:1886

var fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a87956dca16a3b4 — Environment-variable access.

pkgs/npm/[email protected]/lib/main.js:1889

var ESBUILD_BINARY_PATH = process.env.ESBUILD_BINARY_PATH || ESBUILD_BINARY_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf60462b97bc3651 — Filesystem access.

pkgs/npm/[email protected]/lib/main.js:2080

var fs2 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf60462b97bc3651 — Filesystem access.

pkgs/npm/[email protected]/lib/main.js:2080

var fs2 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e0b3a298f755b44 — Environment-variable access.

pkgs/npm/[email protected]/lib/main.js:2084

if (process.env.ESBUILD_WORKER_THREADS !== "0") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1345bb060247e3e2 — Filesystem access.

pkgs/npm/[email protected]/lib/main.js:2122

      let contents = fs2.readFileSync(tempFile, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e21c46144fb6725d — Filesystem access.

pkgs/npm/[email protected]/lib/main.js:2135

      fs2.writeFileSync(tempFile, contents);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #437028cdb3cbbdac — Filesystem access.

pkgs/npm/[email protected]/lib/main.js:2145

      fs2.readFile(tempFile, "utf8", (err, contents) => {
        try {
          fs2.unlink(tempFile, () => callback(err, contents));
        } catch {
          callback(err, contents);
        }
      });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa1e1c202491fbaa — Filesystem access.

pkgs/npm/[email protected]/lib/main.js:2159

      fs2.writeFile(tempFile, contents, (err) => err !== null ? callback(null) : callback(tempFile));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ec9f55fac948cd4 — Environment-variable access.

pkgs/npm/[email protected]/lib/main.js:2380

    maxBuffer: +process.env.ESBUILD_MAX_BUFFER || 16 * 1024 * 1024

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

nx

npm dependency

medium pii_flow dependency Excluded from app score #8cfd707517a50ba7 — PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.

pkgs/npm/[email protected]/src/command-line/init/init-v1.js:23 · flow /tmp/closeopen-tkon4phc/pkgs/npm/[email protected]/src/command-line/init/init-v1.js:23 → /tmp/closeopen-tkon4phc/pkgs/npm/[email protected]/src/command-line/init/init-v1.js:23

        console.log(`Using version ${process.env.NX_VERSION}`);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium pii_flow dependency Excluded from app score #ab421ec7a0980c00 — PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.

pkgs/npm/[email protected]/src/command-line/migrate/migrate.js:1257 · flow /tmp/closeopen-tkon4phc/pkgs/npm/[email protected]/src/command-line/migrate/migrate.js:1208 → /tmp/closeopen-tkon4phc/pkgs/npm/[email protected]/src/command-line/migrate/migrate.js:1257

        console.error(`Failed to install the ${version} version of the migration script. Using the current version.`);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 403 low-confidence finding(s)

low env_fs dependency Excluded from app score #9b784b07372fdcba — Environment-variable access.

pkgs/npm/[email protected]/bin/init-local.js:15

    process.env.NX_CLI_SET = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1fa8171f21aa3ac5 — Environment-variable access.

pkgs/npm/[email protected]/bin/init-local.js:119

    if (process.argv[2] === 'update' && process.env.FORCE_NG_UPDATE != 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b3c839eea91381b — Environment-variable access.

pkgs/npm/[email protected]/bin/nx.js:41

        process.env.NX_DAEMON = 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf14d6402fa6f3af — Environment-variable access.

pkgs/npm/[email protected]/bin/nx.js:74

            process.env.NX_DAEMON = 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6736acec7b4c26d6 — Environment-variable access.

pkgs/npm/[email protected]/bin/nx.js:171

    if (process.env.NX_CLI_SET) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e36ab6f92dfbfb6 — Filesystem access.

pkgs/npm/[email protected]/bin/run-executor.js:3

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e36ab6f92dfbfb6 — Filesystem access.

pkgs/npm/[email protected]/bin/run-executor.js:3

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5a45a94bdc45e24 — Environment-variable access.

pkgs/npm/[email protected]/bin/run-executor.js:5

if (process.env.NX_TERMINAL_OUTPUT_PATH) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef50dc38786df57e — Environment-variable access.

pkgs/npm/[email protected]/bin/run-executor.js:6

    setUpOutputWatching(process.env.NX_TERMINAL_CAPTURE_STDERR === 'true', process.env.NX_STREAM_OUTPUT === 'true');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef50dc38786df57e — Environment-variable access.

pkgs/npm/[email protected]/bin/run-executor.js:6

    setUpOutputWatching(process.env.NX_TERMINAL_CAPTURE_STDERR === 'true', process.env.NX_STREAM_OUTPUT === 'true');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b146aba9ff7754f7 — Environment-variable access.

pkgs/npm/[email protected]/bin/run-executor.js:8

if (!process.env.NX_WORKSPACE_ROOT) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ff00b161c3d3381 — Environment-variable access.

pkgs/npm/[email protected]/bin/run-executor.js:12

process.env.NX_CLI_SET = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8cedd925d967850 — Environment-variable access.

pkgs/npm/[email protected]/bin/run-executor.js:27

    const outputPath = process.env.NX_TERMINAL_OUTPUT_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b3eeca0a873635c1 — Environment-variable access.

pkgs/npm/[email protected]/bin/run-executor.js:59

        const statusCode = await (0, run_1.run)(process.cwd(), process.env.NX_WORKSPACE_ROOT, message.targetDescription, message.overrides, message.isVerbose, message.taskGraph);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44bbc97dc99703e3 — Filesystem access.

pkgs/npm/[email protected]/src/adapter/angular-json.js:9

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44bbc97dc99703e3 — Filesystem access.

pkgs/npm/[email protected]/src/adapter/angular-json.js:9

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69debaf31dd28fb0 — Filesystem access.

pkgs/npm/[email protected]/src/adapter/decorate-cli.js:5

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69debaf31dd28fb0 — Filesystem access.

pkgs/npm/[email protected]/src/adapter/decorate-cli.js:5

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48465f8e34796c00 — Filesystem access.

pkgs/npm/[email protected]/src/ai/set-up-ai-agents/set-up-ai-agents.js:5

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48465f8e34796c00 — Filesystem access.

pkgs/npm/[email protected]/src/ai/set-up-ai-agents/set-up-ai-agents.js:5

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ca13c6b4d67cd3c — Environment-variable access.

pkgs/npm/[email protected]/src/ai/set-up-ai-agents/set-up-ai-agents.js:19

    if (process.env.NX_AI_FILES_USE_LOCAL === 'true' || inner) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #438a91f36275acac — Filesystem access.

pkgs/npm/[email protected]/src/ai/utils.js:6

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #438a91f36275acac — Filesystem access.

pkgs/npm/[email protected]/src/ai/utils.js:6

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #579903c007d93482 — Filesystem access.

pkgs/npm/[email protected]/src/command-line/add/add.js:6

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #579903c007d93482 — Filesystem access.

pkgs/npm/[email protected]/src/command-line/add/add.js:6

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4964167e5bd381d3 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/add/add.js:86

                process.env.NX_ADD_PLUGINS !== 'false'))) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d159a8fedf6305ce — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/affected/affected.js:19

    loadDotEnvFiles: process.env.NX_LOAD_DOT_ENV_FILES !== 'false',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25b861835e820890 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/affected/command-object.js:21

        const exitCode = await (0, handle_errors_1.handleErrors)(args.verbose ?? process.env.NX_VERBOSE_LOGGING === 'true', async () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8f4ee4fd1b211b4 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/affected/command-object.js:32

        const exitCode = await (0, handle_errors_1.handleErrors)(args.verbose ?? process.env.NX_VERBOSE_LOGGING === 'true', async () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d13700838d1c4269 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/affected/command-object.js:46

        const exitCode = await (0, handle_errors_1.handleErrors)(args.verbose ?? process.env.NX_VERBOSE_LOGGING === 'true', async () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f054aad6cdf3e49 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/affected/command-object.js:60

        const exitCode = await (0, handle_errors_1.handleErrors)(args.verbose ?? process.env.NX_VERBOSE_LOGGING === 'true', async () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b5db91491193330 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/affected/command-object.js:74

        const exitCode = await (0, handle_errors_1.handleErrors)(args.verbose ?? process.env.NX_VERBOSE_LOGGING === 'true', async () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba14a04e0def5512 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/configure-ai-agents/configure-ai-agents.js:16

    if (process.env.NX_AI_FILES_USE_LOCAL === 'true' || inner) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22e57202223a2984 — Filesystem access.

pkgs/npm/[email protected]/src/command-line/exec/exec.js:8

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22e57202223a2984 — Filesystem access.

pkgs/npm/[email protected]/src/command-line/exec/exec.js:8

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f6bbe8fd9416018a — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/exec/exec.js:26

    if (process.env.NX_TASK_TARGET_PROJECT) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69d7f51ae29ca20d — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/exec/exec.js:34

                NX_PROJECT_NAME: process.env.NX_TASK_TARGET_PROJECT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d89ea1437e602bea — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/exec/exec.js:35

                NX_PROJECT_ROOT_PATH: projectGraph.nodes?.[process.env.NX_TASK_TARGET_PROJECT]?.data?.root,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1735304236c362cf — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/exec/exec.js:47

    const targetName = process.env.npm_lifecycle_event;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f32760cdd331c3af — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/format/command-object.js:56

            process.env.NX_FORMAT_SORT_TSCONFIG_PATHS !== 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6e0c5945b8eeb4b — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/format/command-object.js:58

        process.env.NX_FORMAT_SORT_TSCONFIG_PATHS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ffcc2f3f428dcce — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/generate/command-object.js:41

        if (process.env.NX_INTERACTIVE === 'false') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9354d888e88d910f — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/generate/command-object.js:45

            process.env.NX_INTERACTIVE = `${args.interactive}`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e3ffc8a717793ee — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/generate/command-object.js:47

        if (process.env.NX_DRY_RUN === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c5775dc6606fea26 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/generate/command-object.js:51

            process.env.NX_DRY_RUN = `${args.dryRun}`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb6c9354368987bd — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/generate/command-object.js:53

        if (process.env.NX_GENERATE_QUIET === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1ec5b23317ee78a — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/generate/command-object.js:57

            process.env.NX_GENERATE_QUIET = `${args.quiet}`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d318e2b68104c7f — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/generate/generator-utils.js:41

        throw new Error(`Unable to resolve ${collectionName}:${generatorName}.\n${process.env.NX_VERBOSE_LOGGING === 'true' ? e.stack : e.message}`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6a1ddfad57ef4d2 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/import/import.js:27

    process.env.NX_RUNNING_NX_IMPORT = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6fb2030e1fbbd81 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/init/command-object.js:28

    return (process.env['NX_ADD_PLUGINS'] !== 'false' &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #93654fafb29278c5 — Filesystem access.

pkgs/npm/[email protected]/src/command-line/init/configure-plugins.js:18

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #93654fafb29278c5 — Filesystem access.

pkgs/npm/[email protected]/src/command-line/init/configure-plugins.js:18

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50c9d62b2fd41bc5 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/init/configure-plugins.js:64

        if (process.env.NX_VERBOSE_LOGGING === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9c818d8f9701b22 — Filesystem access.

pkgs/npm/[email protected]/src/command-line/init/implementation/add-nx-to-monorepo.js:5

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9c818d8f9701b22 — Filesystem access.

pkgs/npm/[email protected]/src/command-line/init/implementation/add-nx-to-monorepo.js:5

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8dc718e967610e4 — Filesystem access.

pkgs/npm/[email protected]/src/command-line/init/implementation/angular/standalone-workspace.js:4

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8dc718e967610e4 — Filesystem access.

pkgs/npm/[email protected]/src/command-line/init/implementation/angular/standalone-workspace.js:4

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a78a78e41df91e36 — Filesystem access.

pkgs/npm/[email protected]/src/command-line/init/implementation/dot-nx/add-nx-scripts.js:11

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a78a78e41df91e36 — Filesystem access.

pkgs/npm/[email protected]/src/command-line/init/implementation/dot-nx/add-nx-scripts.js:11

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df93469469097339 — Filesystem access.

pkgs/npm/[email protected]/src/command-line/init/implementation/dot-nx/nxw.js:11

const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df93469469097339 — Filesystem access.

pkgs/npm/[email protected]/src/command-line/init/implementation/dot-nx/nxw.js:11

const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #08bed6c8401eaedb — Filesystem access.

pkgs/npm/[email protected]/src/command-line/init/implementation/dot-nx/nxw.js:55

    fs.writeFileSync(installationPath, JSON.stringify({
        name: 'nx-installation',
        devDependencies: {
            nx: nxJson.installation.version,
            ...nxJson.installation.plugins,
        },
    }));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c3bf52016fc3f1b — Filesystem access.

pkgs/npm/[email protected]/src/command-line/init/implementation/dot-nx/nxw.js:71

        fs.writeFileSync(installationPath, JSON.stringify(currentInstallation));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81111b2ea605ee4d — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/init/implementation/dot-nx/nxw.js:113

if (!process.env.NX_WRAPPER_SKIP_INSTALL) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4df6a03e38305813 — Filesystem access.

pkgs/npm/[email protected]/src/command-line/init/implementation/react/index.js:6

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4df6a03e38305813 — Filesystem access.

pkgs/npm/[email protected]/src/command-line/init/implementation/react/index.js:6

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #08a5d1cc6d89ae68 — Filesystem access.

pkgs/npm/[email protected]/src/command-line/init/implementation/react/write-vite-config.js:4

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #08a5d1cc6d89ae68 — Filesystem access.

pkgs/npm/[email protected]/src/command-line/init/implementation/react/write-vite-config.js:4

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #393fdff18b3ea80e — Filesystem access.

pkgs/npm/[email protected]/src/command-line/init/implementation/react/write-vite-index-html.js:4

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #393fdff18b3ea80e — Filesystem access.

pkgs/npm/[email protected]/src/command-line/init/implementation/react/write-vite-index-html.js:4

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29dc25e305fa1488 — Filesystem access.

pkgs/npm/[email protected]/src/command-line/init/implementation/utils.js:22

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29dc25e305fa1488 — Filesystem access.

pkgs/npm/[email protected]/src/command-line/init/implementation/utils.js:22

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6afdd973cd91b7d1 — Filesystem access.

pkgs/npm/[email protected]/src/command-line/init/init-v1.js:6

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6afdd973cd91b7d1 — Filesystem access.

pkgs/npm/[email protected]/src/command-line/init/init-v1.js:6

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #087db2f2db4e8e2a — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/init/init-v1.js:21

    const version = process.env.NX_VERSION ?? ((0, semver_1.prerelease)(versions_1.nxVersion) ? versions_1.nxVersion : 'latest');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #804ad48a6812729e — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/init/init-v1.js:22

    if (process.env.NX_VERSION) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9f45ebf0c89d0fd — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/init/init-v1.js:23

        console.log(`Using version ${process.env.NX_VERSION}`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58e280f14adcfa4b — Filesystem access.

pkgs/npm/[email protected]/src/command-line/init/init-v2.js:5

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58e280f14adcfa4b — Filesystem access.

pkgs/npm/[email protected]/src/command-line/init/init-v2.js:5

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9eed9bfee07e4aa5 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/init/init-v2.js:28

    process.env.NX_RUNNING_NX_INIT = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5dcfaab407905104 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/init/init-v2.js:29

    const version = process.env.NX_VERSION ?? ((0, semver_1.prerelease)(versions_1.nxVersion) ? versions_1.nxVersion : 'latest');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f6302c68a9a55e9b — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/init/init-v2.js:30

    if (process.env.NX_VERSION) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2603ae8f0d80d54e — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/init/init-v2.js:31

        output_1.output.log({ title: `Using version ${process.env.NX_VERSION}` });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e2952f253301e89 — Filesystem access.

pkgs/npm/[email protected]/src/command-line/migrate/migrate-ui-api.js:18

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e2952f253301e89 — Filesystem access.

pkgs/npm/[email protected]/src/command-line/migrate/migrate-ui-api.js:18

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9307b55711db2ba9 — Filesystem access.

pkgs/npm/[email protected]/src/command-line/migrate/migrate.js:29

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9307b55711db2ba9 — Filesystem access.

pkgs/npm/[email protected]/src/command-line/migrate/migrate.js:29

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6810c5f77fe9f05 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/migrate/migrate.js:555

        if (process.env.NX_MIGRATE_SKIP_REGISTRY_FETCH === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dbefd7d2038dbe83 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/migrate/migrate.js:850

        const bodyLines = process.env['NX_CONSOLE']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3b87f688d1f6c97 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/migrate/migrate.js:939

        process.env.npm_config_legacy_peer_deps ??= 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3aa183e8ece4149c — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/migrate/migrate.js:1062

    if (!process.env.NX_MIGRATE_SKIP_INSTALL) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29e4a9181ed5c7bf — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/migrate/migrate.js:1125

    const host = new tree_1.FsTree(root, process.env.NX_VERBOSE_LOGGING === 'true', `migration ${collection.name}:${name}`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f4ac392458b00c0 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/migrate/migrate.js:1141

    return (0, handle_errors_1.handleErrors)(process.env.NX_VERBOSE_LOGGING === 'true', async () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #27d1e4ff44595372 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/migrate/migrate.js:1157

    if (process.env.NX_MIGRATE_USE_LOCAL === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d6bcdd64cd42ab2a — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/migrate/migrate.js:1165

            if (process.env.npm_config_registry &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a76c05f115d08ee3 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/migrate/migrate.js:1166

                process.env.npm_config_registry.match(/^https:\/\/registry\.(npmjs\.org|yarnpkg\.com)/)) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #30c7b4fb30e5f510 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/migrate/migrate.js:1167

                delete process.env.npm_config_registry;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #834379089e147742 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/migrate/migrate.js:1208

    const version = process.env.NX_MIGRATE_CLI_VERSION || 'latest';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67ca4f00970efd8e — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/migrate/migrate.js:1209

    const isVerbose = process.env.NX_VERBOSE_LOGGING === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2cc322f5127a5f57 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/migrate/migrate.js:1268

    const paths = process.env.NODE_PATH

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d806252e098f5865 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/migrate/migrate.js:1269

        ? process.env.NODE_PATH.split(delimiter)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f090804763c5aff — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/migrate/migrate.js:1274

    process.env.NODE_PATH = paths.join(delimiter);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d061a0f097e7ceb0 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/new/new.js:16

    return (0, handle_errors_1.handleErrors)(process.env.NX_VERBOSE_LOGGING === 'true' || args.verbose, async () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #145439b84c005af3 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/nx-cloud/connect/command-object.js:13

        const checkRemote = process.env.NX_SKIP_CHECK_REMOTE !== 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b26540ce3c7e307 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/nx-cloud/connect/connect-to-nx-cloud.js:30

            process.env.NX_CLOUD_AUTH_TOKEN ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3dca0ea02b34c1bf — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/nx-cloud/connect/connect-to-nx-cloud.js:31

            process.env.NX_CLOUD_ACCESS_TOKEN) && !nxJson.nxCloudId);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d187e25c3393344b — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/nx-cloud/connect/connect-to-nx-cloud.js:61

    const installationSource = process.env.NX_CONSOLE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5baa1c341133b42 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/nx-cloud/connect/connect-to-nx-cloud.js:76

        const token = process.env.NX_CLOUD_AUTH_TOKEN ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #573a4777567e4dd9 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/nx-cloud/connect/connect-to-nx-cloud.js:77

            process.env.NX_CLOUD_ACCESS_TOKEN ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe401a3e659da8d2 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/nx-cloud/login/login.js:7

        process.env.NX_CLOUD_API = args.nxCloudUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e4615421ed5334e — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/release/changelog.js:85

            process.env.NX_RELEASE_INTERNAL_SUPPRESS_FILTER_LOG !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d6c1c92e7a30227 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/release/config/use-legacy-versioning.js:6

    return process.env.NX_INTERNAL_USE_LEGACY_VERSIONING === 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f2d98a49ac0c444 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/release/publish.js:68

            process.env.NX_RELEASE_INTERNAL_SUPPRESS_FILTER_LOG !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #06f27c0e556b54e6 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/release/publish.js:86

                    loadDotEnvFiles: process.env.NX_LOAD_DOT_ENV_FILES !== 'false',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9ebe272eb1cc0a3 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/release/publish.js:101

                loadDotEnvFiles: process.env.NX_LOAD_DOT_ENV_FILES !== 'false',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0549465fd953b5f2 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/release/publish.js:132

        process.env.NX_DRY_RUN = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e12f747be4014af — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/release/publish.js:184

    process.env.NX_TUI = 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9cf885512c6ded59 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/release/release.js:72

        process.env.NX_RELEASE_INTERNAL_SUPPRESS_FILTER_LOG = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0095a268c1137489 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/release/utils/launch-editor.js:7

    const editorCommand = process.env.GIT_EDITOR ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91ff4f6f8ba34f2a — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/release/utils/launch-editor.js:9

        process.env.VISUAL ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09d5cf34e3dac234 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/release/utils/launch-editor.js:10

        process.env.EDITOR ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bba33f9bad20e145 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/release/utils/remote-release-clients/github.js:68

        const tokenFromEnv = process.env.GITHUB_TOKEN || process.env.GH_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bba33f9bad20e145 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/release/utils/remote-release-clients/github.js:68

        const tokenFromEnv = process.env.GITHUB_TOKEN || process.env.GH_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9d8d7dd9bf03c5b — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/release/utils/remote-release-clients/github.js:73

        const ghCLIPath = (0, path_1.joinPathFragments)(process.env.XDG_CONFIG_HOME || (0, path_1.joinPathFragments)((0, node_os_1.homedir)(), '.config'), 'gh', 'hosts.yml');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae9db46f3bc01f51 — Filesystem access.

pkgs/npm/[email protected]/src/command-line/release/utils/remote-release-clients/github.js:75

            const yamlContents = await node_fs_1.promises.readFile(ghCLIPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b6d33c0db3303d8 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/release/utils/remote-release-clients/gitlab.js:58

            if (process.env.NX_VERBOSE_LOGGING === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58e030099e5e7125 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/release/utils/remote-release-clients/gitlab.js:69

        const tokenFromEnv = process.env.GITLAB_TOKEN || process.env.GL_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58e030099e5e7125 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/release/utils/remote-release-clients/gitlab.js:69

        const tokenFromEnv = process.env.GITLAB_TOKEN || process.env.GL_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c32535cf5e2fe42a — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/release/utils/remote-release-clients/gitlab.js:74

        if (process.env.CI_JOB_TOKEN) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9aa00a8f392ee71b — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/release/utils/remote-release-clients/gitlab.js:75

            return { token: process.env.CI_JOB_TOKEN, headerName: 'JOB-TOKEN' };

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df9ae4804f087e06 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/release/version-legacy.js:55

        process.env.NX_RELEASE_INTERNAL_SUPPRESS_FILTER_LOG !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ead5abcd5c8901e — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/release/version.js:87

            process.env.NX_RELEASE_INTERNAL_SUPPRESS_FILTER_LOG !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e250d93996a9082 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/release/version/resolve-current-version.js:217

    if (process.env.CI === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54727b5af483d1b3 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/run-many/command-object.js:12

        const exitCode = await (0, handle_errors_1.handleErrors)(args.verbose ?? process.env.NX_VERBOSE_LOGGING === 'true', async () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9688ebc9acf172b0 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/run-many/run-many.js:17

    loadDotEnvFiles: process.env.NX_LOAD_DOT_ENV_FILES !== 'false',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b672673e94d23a72 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/run-many/run-many.js:24

        process.env.NX_VERBOSE_LOGGING = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a9ca8f038e62b39 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/run/command-object.js:18

        const exitCode = await (0, handle_errors_1.handleErrors)(args.verbose ?? process.env.NX_VERBOSE_LOGGING === 'true', async () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73fb23d2aa95d74c — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/run/command-object.js:32

        const exitCode = await (0, handle_errors_1.handleErrors)(args.verbose ?? process.env.NX_VERBOSE_LOGGING === 'true', async () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3bf71588a22f3730 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/run/run-one.js:18

    loadDotEnvFiles: process.env.NX_LOAD_DOT_ENV_FILES !== 'false',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a6247a5fc8f3881 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/watch/watch.js:12

        return process.env.NX_VERBOSE_LOGGING === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f8ebdab969f9f93c — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/yargs-utils/shared-options.js:49

            process.env.NX_TUI_AUTO_EXIT = args.tuiAutoExit.toString();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f4887e246eff545 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/yargs-utils/shared-options.js:51

        else if (process.env.NX_TUI_AUTO_EXIT) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49d55d261d97a510 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/yargs-utils/shared-options.js:52

            args.tuiAutoExit = coerceTuiAutoExit(process.env.NX_TUI_AUTO_EXIT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6c11ce9a05793ed — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/yargs-utils/shared-options.js:163

        args.verbose ??= process.env.NX_VERBOSE_LOGGING === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f0e0ce37c8564958 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/yargs-utils/shared-options.js:165

        process.env.NX_VERBOSE_LOGGING = args.verbose.toString();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #965d6e5580ea3b6a — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/yargs-utils/shared-options.js:173

            return v || process.env.NX_BATCH_MODE === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22ffa1971f685e65 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/yargs-utils/shared-options.js:270

            process.env.NX_TUI = useTui.toString();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #489bb27e850f46d6 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/yargs-utils/shared-options.js:314

        (process.env.NX_PARALLEL && args['parallel'] === undefined)) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fca4e96e70d414b8 — Environment-variable access.

pkgs/npm/[email protected]/src/command-line/yargs-utils/shared-options.js:317

            process.env.NX_PARALLEL ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a303cbb992b5382b — Environment-variable access.

pkgs/npm/[email protected]/src/commands-runner/create-command-graph.js:51

        if (process.env.NX_IGNORE_CYCLES === 'true' || nxArgs.nxIgnoreCycles) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea2c794fb59fdcbc — Environment-variable access.

pkgs/npm/[email protected]/src/config/calculate-default-project-name.js:19

            else if (process.env.NX_DEFAULT_PROJECT) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13d0312221c18fe3 — Environment-variable access.

pkgs/npm/[email protected]/src/config/calculate-default-project-name.js:20

                return process.env.NX_DEFAULT_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d396f8b2155fc2a5 — Environment-variable access.

pkgs/npm/[email protected]/src/config/calculate-default-project-name.js:29

    return (process.env.NX_DEFAULT_PROJECT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92fa43e73481d6db — Filesystem access.

pkgs/npm/[email protected]/src/config/nx-json.js:5

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92fa43e73481d6db — Filesystem access.

pkgs/npm/[email protected]/src/config/nx-json.js:5

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eab084af7901ac5b — Filesystem access.

pkgs/npm/[email protected]/src/config/schema-utils.js:6

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eab084af7901ac5b — Filesystem access.

pkgs/npm/[email protected]/src/config/schema-utils.js:6

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6017758023ab8892 — Environment-variable access.

pkgs/npm/[email protected]/src/daemon/client/client.js:66

            const env = process.env.NX_DAEMON;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa2798f5f312c0e0 — Filesystem access.

pkgs/npm/[email protected]/src/daemon/server/server.js:6

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa2798f5f312c0e0 — Filesystem access.

pkgs/npm/[email protected]/src/daemon/server/server.js:6

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf00f339a864135a — Filesystem access.

pkgs/npm/[email protected]/src/daemon/socket-utils.js:6

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf00f339a864135a — Filesystem access.

pkgs/npm/[email protected]/src/daemon/socket-utils.js:6

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a70c76351487f93 — Environment-variable access.

pkgs/npm/[email protected]/src/daemon/tmp-dir.js:55

        const dir = process.env.NX_SOCKET_DIR ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bbac22e24b5baf1b — Environment-variable access.

pkgs/npm/[email protected]/src/daemon/tmp-dir.js:56

            process.env.NX_DAEMON_SOCKET_DIR ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0b81eb8f55b6154 — Environment-variable access.

pkgs/npm/[email protected]/src/executors/run-commands/run-commands.impl.js:57

        process.env.NX_NATIVE_COMMAND_RUNNER !== 'false' &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf904d8455f0b7ff — Environment-variable access.

pkgs/npm/[email protected]/src/executors/run-commands/run-commands.impl.js:70

        if (process.env.NX_VERBOSE_LOGGING === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e9ceaeedaf732f0 — Environment-variable access.

pkgs/npm/[email protected]/src/executors/run-commands/running-tasks.js:210

        if (process.env.NX_NATIVE_COMMAND_RUNNER !== 'false' &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9912f695ed6a240 — Environment-variable access.

pkgs/npm/[email protected]/src/executors/run-commands/running-tasks.js:399

    if (process.env.NX_LOAD_DOT_ENV_FILES !== 'false' && envFile) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b081bbe6cef506d — Environment-variable access.

pkgs/npm/[email protected]/src/generators/testing-utils/create-tree-with-empty-workspace.js:17

    process.env.INIT_CWD = workspace_root_1.workspaceRoot;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c374797bb225949f — Environment-variable access.

pkgs/npm/[email protected]/src/hasher/hash-task.js:15

    if (process.env.NX_DISABLE_DB === 'true' || native_1.IS_WASM) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #392bc910d1705197 — Environment-variable access.

pkgs/npm/[email protected]/src/native/assert-supported-platform.js:21

            if (process.env.NX_VERBOSE_LOGGING === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c3f7181a90416ed — Filesystem access.

pkgs/npm/[email protected]/src/native/index.js:2

const { copyFileSync, existsSync, mkdirSync, renameSync } = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c3f7181a90416ed — Filesystem access.

pkgs/npm/[email protected]/src/native/index.js:2

const { copyFileSync, existsSync, mkdirSync, renameSync } = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #555817e962eabade — Environment-variable access.

pkgs/npm/[email protected]/src/native/index.js:66

  const useNativeFileCache = process.env.NX_SKIP_NATIVE_FILE_CACHE !== 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33968f9c807b180e — Filesystem access.

pkgs/npm/[email protected]/src/native/native-bindings.js:5

const { readFileSync } = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33968f9c807b180e — Filesystem access.

pkgs/npm/[email protected]/src/native/native-bindings.js:5

const { readFileSync } = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea2c004b4caf7c57 — Filesystem access.

pkgs/npm/[email protected]/src/native/native-bindings.js:28

    return readFileSync('/usr/bin/ldd', 'utf-8').includes('musl')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4996788484faf528 — Environment-variable access.

pkgs/npm/[email protected]/src/native/native-bindings.js:334

if (!nativeBinding || process.env.NAPI_RS_FORCE_WASI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e3dd44d7e35b40e — Environment-variable access.

pkgs/npm/[email protected]/src/native/native-bindings.js:338

    if (process.env.NAPI_RS_FORCE_WASI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16622db98c412aa5 — Environment-variable access.

pkgs/npm/[email protected]/src/native/native-bindings.js:346

      if (process.env.NAPI_RS_FORCE_WASI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f97928304afe563 — Environment-variable access.

pkgs/npm/[email protected]/src/native/native-file-cache-location.js:10

    if (process.env.NX_NATIVE_FILE_CACHE_DIRECTORY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd04d8f5b1e37313 — Environment-variable access.

pkgs/npm/[email protected]/src/native/native-file-cache-location.js:11

        return process.env.NX_NATIVE_FILE_CACHE_DIRECTORY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b4a9f8857ca09642 — Filesystem access.

pkgs/npm/[email protected]/src/native/nx.wasi.cjs:48

const { instance: __napiInstance, module: __wasiModule, napiModule: __napiModule } = __emnapiInstantiateNapiModuleSync(__nodeFs.readFileSync(__wasmFilePath), {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f2f51c10b61ad47 — Environment-variable access.

pkgs/npm/[email protected]/src/native/nx.wasi.cjs:51

    const threadsSizeFromEnv = Number(process.env.NAPI_RS_ASYNC_WORK_POOL_SIZE ?? process.env.UV_THREADPOOL_SIZE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f2f51c10b61ad47 — Environment-variable access.

pkgs/npm/[email protected]/src/native/nx.wasi.cjs:51

    const threadsSizeFromEnv = Number(process.env.NAPI_RS_ASYNC_WORK_POOL_SIZE ?? process.env.UV_THREADPOOL_SIZE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb01f24fa2f09a69 — Filesystem access.

pkgs/npm/[email protected]/src/native/wasi-worker.mjs:22

    ;(0, eval)(fs.readFileSync(f, "utf8") + "//# sourceURL=" + f);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bbc9c9249354943f — Environment-variable access.

pkgs/npm/[email protected]/src/nx-cloud/debug-logger.js:5

    if (process.env['NX_VERBOSE_LOGGING'] === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4807f3b8d1fe366 — Environment-variable access.

pkgs/npm/[email protected]/src/nx-cloud/generators/connect-to-nx-cloud/connect-to-nx-cloud.js:86

            const overrideUrl = process.env.NX_CLOUD_API || process.env.NRWL_API;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4807f3b8d1fe366 — Environment-variable access.

pkgs/npm/[email protected]/src/nx-cloud/generators/connect-to-nx-cloud/connect-to-nx-cloud.js:86

            const overrideUrl = process.env.NX_CLOUD_API || process.env.NRWL_API;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50391b1a16ba21e3 — Environment-variable access.

pkgs/npm/[email protected]/src/nx-cloud/generators/connect-to-nx-cloud/connect-to-nx-cloud.js:99

            const overrideUrl = process.env.NX_CLOUD_API || process.env.NRWL_API;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50391b1a16ba21e3 — Environment-variable access.

pkgs/npm/[email protected]/src/nx-cloud/generators/connect-to-nx-cloud/connect-to-nx-cloud.js:99

            const overrideUrl = process.env.NX_CLOUD_API || process.env.NRWL_API;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9266ea59657d4cd4 — Filesystem access.

pkgs/npm/[email protected]/src/nx-cloud/resolution-helpers.js:4

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9266ea59657d4cd4 — Filesystem access.

pkgs/npm/[email protected]/src/nx-cloud/resolution-helpers.js:4

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #647dc484d93a2f01 — Filesystem access.

pkgs/npm/[email protected]/src/nx-cloud/update-manager.js:6

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #647dc484d93a2f01 — Filesystem access.

pkgs/npm/[email protected]/src/nx-cloud/update-manager.js:6

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #613b029b5048055e — Environment-variable access.

pkgs/npm/[email protected]/src/nx-cloud/update-manager.js:125

    if (process.env.NX_CLOUD_FORCE_REVALIDATE === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dabf18ad847efb46 — Environment-variable access.

pkgs/npm/[email protected]/src/nx-cloud/utilities/axios.js:8

    const baseUrl = process.env.NX_CLOUD_API || options.url || 'https://cloud.nx.app';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0adb6a64a53c4711 — Filesystem access.

pkgs/npm/[email protected]/src/nx-cloud/utilities/environment.js:5

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0adb6a64a53c4711 — Filesystem access.

pkgs/npm/[email protected]/src/nx-cloud/utilities/environment.js:5

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4abb8534d64dcaf — Environment-variable access.

pkgs/npm/[email protected]/src/nx-cloud/utilities/environment.js:11

process.env.NX_CLOUD_AGENT_TIMEOUT_MS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc46d1f04f65edf2 — Environment-variable access.

pkgs/npm/[email protected]/src/nx-cloud/utilities/environment.js:12

    ? Number(process.env.NX_CLOUD_AGENT_TIMEOUT_MS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80ce8bdf498fe68b — Environment-variable access.

pkgs/npm/[email protected]/src/nx-cloud/utilities/environment.js:15

process.env.NX_CLOUD_ORCHESTRATOR_TIMEOUT_MS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4baee4001e109b55 — Environment-variable access.

pkgs/npm/[email protected]/src/nx-cloud/utilities/environment.js:16

    ? Number(process.env.NX_CLOUD_ORCHESTRATOR_TIMEOUT_MS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bdfdb55dc3360bef — Environment-variable access.

pkgs/npm/[email protected]/src/nx-cloud/utilities/environment.js:19

process.env.NX_CLOUD_DISTRIBUTED_EXECUTION_AGENT_COUNT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e1c8c192a191485 — Environment-variable access.

pkgs/npm/[email protected]/src/nx-cloud/utilities/environment.js:20

    ? Number(process.env.NX_CLOUD_DISTRIBUTED_EXECUTION_AGENT_COUNT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #210ceb69bb522848 — Environment-variable access.

pkgs/npm/[email protected]/src/nx-cloud/utilities/environment.js:22

process.env.NX_CLOUD_NUMBER_OF_RETRIES

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4dbf14994f10b34 — Environment-variable access.

pkgs/npm/[email protected]/src/nx-cloud/utilities/environment.js:23

    ? Number(process.env.NX_CLOUD_NUMBER_OF_RETRIES)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b706d0146158a5a — Environment-variable access.

pkgs/npm/[email protected]/src/nx-cloud/utilities/environment.js:40

        process.env.NX_CLOUD_AUTH_TOKEN ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5188d39a54a83a10 — Environment-variable access.

pkgs/npm/[email protected]/src/nx-cloud/utilities/environment.js:41

            process.env.NX_CLOUD_ACCESS_TOKEN ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c79353210618c152 — Environment-variable access.

pkgs/npm/[email protected]/src/nx-cloud/utilities/environment.js:45

        process.env.NX_CLOUD_NO_TIMEOUTS === 'true' ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13e72bbb58327e84 — Environment-variable access.

pkgs/npm/[email protected]/src/nx-cloud/utilities/get-cloud-options.js:16

    return removeTrailingSlash(process.env.NX_CLOUD_API || process.env.NRWL_API || `https://cloud.nx.app`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13e72bbb58327e84 — Environment-variable access.

pkgs/npm/[email protected]/src/nx-cloud/utilities/get-cloud-options.js:16

    return removeTrailingSlash(process.env.NX_CLOUD_API || process.env.NRWL_API || `https://cloud.nx.app`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b113a1e381f770dd — Environment-variable access.

pkgs/npm/[email protected]/src/nx-cloud/utilities/url-shorten.js:78

        if (process.env.NX_VERBOSE_LOGGING === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f2505426ce9cb5b — Filesystem access.

pkgs/npm/[email protected]/src/plugins/js/index.js:4

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f2505426ce9cb5b — Filesystem access.

pkgs/npm/[email protected]/src/plugins/js/index.js:4

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1dc44552598369c6 — Environment-variable access.

pkgs/npm/[email protected]/src/plugins/js/lock-file/lock-file.js:249

    return (process.env.npm_command === 'install' &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c7d5501335dc6493 — Environment-variable access.

pkgs/npm/[email protected]/src/plugins/js/lock-file/lock-file.js:250

        process.env.npm_lifecycle_event === 'postinstall');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ba21fffb64586c3 — Filesystem access.

pkgs/npm/[email protected]/src/plugins/js/lock-file/npm-parser.js:6

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ba21fffb64586c3 — Filesystem access.

pkgs/npm/[email protected]/src/plugins/js/lock-file/npm-parser.js:6

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13eddfcc6e02be66 — Environment-variable access.

pkgs/npm/[email protected]/src/plugins/js/lock-file/npm-parser.js:512

        if (process.env.NX_VERBOSE_LOGGING === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d6afa38129cf36f — Filesystem access.

pkgs/npm/[email protected]/src/plugins/js/package-json/create-package-json.js:8

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d6afa38129cf36f — Filesystem access.

pkgs/npm/[email protected]/src/plugins/js/package-json/create-package-json.js:8

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8cdec0f906043f21 — Environment-variable access.

pkgs/npm/[email protected]/src/plugins/js/project-graph/build-dependencies/explicit-package-json-dependencies.js:57

        if (process.env.NX_VERBOSE_LOGGING === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0b89199cb953e4e — Environment-variable access.

pkgs/npm/[email protected]/src/plugins/js/project-graph/build-dependencies/target-project-locator.js:169

            if (process.env.NX_VERBOSE_LOGGING === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e90405ada36f7d1 — Filesystem access.

pkgs/npm/[email protected]/src/plugins/js/project-graph/build-nodes/build-npm-package-nodes.js:4

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e90405ada36f7d1 — Filesystem access.

pkgs/npm/[email protected]/src/plugins/js/project-graph/build-nodes/build-npm-package-nodes.js:4

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e235a43584e9ba8 — Filesystem access.

pkgs/npm/[email protected]/src/plugins/js/utils/config.js:7

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e235a43584e9ba8 — Filesystem access.

pkgs/npm/[email protected]/src/plugins/js/utils/config.js:7

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1808c615768cd8fb — Environment-variable access.

pkgs/npm/[email protected]/src/plugins/js/utils/register.js:34

    if (process.env._?.endsWith(`${path_1.sep}tsx`)) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55bfd6d6ade6ca94 — Environment-variable access.

pkgs/npm/[email protected]/src/plugins/js/utils/register.js:70

        process.env.TS_NODE_COMPILER_OPTIONS ??= JSON.stringify({

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0a261610be9eb06 — Environment-variable access.

pkgs/npm/[email protected]/src/plugins/js/utils/register.js:160

    const preferTsNode = process.env.NX_PREFER_TS_NODE === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db606b65dbf1d50c — Environment-variable access.

pkgs/npm/[email protected]/src/plugins/js/utils/register.js:268

    const preferTsNode = process.env.NX_PREFER_TS_NODE === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f57d28ebee18ca4 — Filesystem access.

pkgs/npm/[email protected]/src/plugins/js/utils/typescript.js:11

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f57d28ebee18ca4 — Filesystem access.

pkgs/npm/[email protected]/src/plugins/js/utils/typescript.js:11

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ed42309c09df656 — Environment-variable access.

pkgs/npm/[email protected]/src/plugins/package-json/create-nodes.js:29

        const isInPackageJsonWorkspaces = process.env.NX_INFER_ALL_PACKAGE_JSONS === 'true' &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e5c974c8d2ad4a1 — Filesystem access.

pkgs/npm/[email protected]/src/project-graph/affected/locators/project-glob-changes.js:7

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e5c974c8d2ad4a1 — Filesystem access.

pkgs/npm/[email protected]/src/project-graph/affected/locators/project-glob-changes.js:7

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aed0e81fd929d59e — Environment-variable access.

pkgs/npm/[email protected]/src/project-graph/affected/locators/project-glob-changes.js:15

        if (process.env.NX_FORCE_REUSE_CACHED_GRAPH === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10b55c863d321495 — Filesystem access.

pkgs/npm/[email protected]/src/project-graph/build-project-graph.js:18

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10b55c863d321495 — Filesystem access.

pkgs/npm/[email protected]/src/project-graph/build-project-graph.js:18

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e260890ea946d008 — Environment-variable access.

pkgs/npm/[email protected]/src/project-graph/build-project-graph.js:201

        else if (process.env.NX_VERBOSE_LOGGING === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32bb3966e6954f27 — Environment-variable access.

pkgs/npm/[email protected]/src/project-graph/build-project-graph.js:274

        else if (process.env.NX_VERBOSE_LOGGING === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9b89b262415b679 — Environment-variable access.

pkgs/npm/[email protected]/src/project-graph/error-types.js:262

        if (e.stack && process.env.NX_VERBOSE_LOGGING === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b7082ba2ad9f901 — Filesystem access.

pkgs/npm/[email protected]/src/project-graph/file-utils.js:10

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b7082ba2ad9f901 — Filesystem access.

pkgs/npm/[email protected]/src/project-graph/file-utils.js:10

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #971bd96859d6be32 — Environment-variable access.

pkgs/npm/[email protected]/src/project-graph/plugins/isolation/enabled.js:7

    if (process.env.NX_ISOLATE_PLUGINS === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #88329561e6fcb977 — Environment-variable access.

pkgs/npm/[email protected]/src/project-graph/plugins/isolation/enabled.js:12

    process.env.NX_ISOLATE_PLUGINS === 'false' ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b9841dcc88d6dd2 — Environment-variable access.

pkgs/npm/[email protected]/src/project-graph/plugins/isolation/plugin-pool.js:16

const MAX_MESSAGE_WAIT = process.env.NX_PLUGIN_NO_TIMEOUTS === 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98fe5caf2e6d1dd2 — Filesystem access.

pkgs/npm/[email protected]/src/project-graph/plugins/isolation/plugin-worker.js:9

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98fe5caf2e6d1dd2 — Filesystem access.

pkgs/npm/[email protected]/src/project-graph/plugins/isolation/plugin-worker.js:9

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72c60f577e1b60ef — Environment-variable access.

pkgs/npm/[email protected]/src/project-graph/plugins/isolation/plugin-worker.js:10

if (process.env.NX_PERF_LOGGING === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f953f50d30496989 — Environment-variable access.

pkgs/npm/[email protected]/src/project-graph/plugins/isolation/plugin-worker.js:189

if (process.env.NX_PLUGIN_NO_TIMEOUTS !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2da5a64f39d770ba — Environment-variable access.

pkgs/npm/[email protected]/src/project-graph/plugins/tasks-execution-hooks.js:39

            process.env[key] = env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7eb662212f59812a — Environment-variable access.

pkgs/npm/[email protected]/src/project-graph/project-graph.js:103

    const cacheEnabled = process.env.NX_CACHE_PROJECT_GRAPH !== 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2d5bf8e7487e7bb — Environment-variable access.

pkgs/npm/[email protected]/src/project-graph/project-graph.js:141

        const isVerbose = process.env.NX_VERBOSE_LOGGING === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b967cac72527b89f — Environment-variable access.

pkgs/npm/[email protected]/src/project-graph/project-graph.js:206

    if (process.env.NX_FORCE_REUSE_CACHED_GRAPH === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6bbdd3199ee3cf1 — Environment-variable access.

pkgs/npm/[email protected]/src/project-graph/utils/project-configuration-utils.js:253

        else if (process.env.NX_VERBOSE_LOGGING === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1bd55dab5439a1ce — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/cache.js:38

    process.env.NX_REJECT_UNKNOWN_LOCAL_CACHE === '0' ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e09d39d99280512 — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/cache.js:39

        process.env.NX_REJECT_UNKNOWN_LOCAL_CACHE === 'false') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f8987843d70b946 — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/cache.js:59

        this.cache = new native_1.NxCache(workspace_root_1.workspaceRoot, cache_directory_1.cacheDir, (0, db_connection_1.getDbConnection)(), process.env.NX_DISABLE_DB !== 'true', resolveMaxCacheSize(this.nxJson));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf04b420926263df — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/cache.js:60

        this.isVerbose = process.env.NX_VERBOSE_LOGGING === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6293775102b75f29 — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/cache.js:197

        if (process.env.NX_SELF_HOSTED_REMOTE_CACHE_SERVER) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5426b2756523f8f — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/cache.js:291

                if (process.env.NX_VERBOSE_LOGGING === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98084872c78322d1 — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/cache.js:440

            if (process.env.NX_REJECT_UNKNOWN_LOCAL_CACHE != '0' &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81781fb9dfd29b1c — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/cache.js:441

                process.env.NX_REJECT_UNKNOWN_LOCAL_CACHE != 'false') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd5e0d89906b62e4 — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/cache.js:495

    const rawMaxCacheSize = process.env.NX_MAX_CACHE_SIZE ?? nxJson.maxCacheSize;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bee8a4bd239c8c1b — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/fork.js:11

if (process.env['NX_PSEUDO_TERMINAL_EXEC_ARGV']) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d575ce757dee2b4 — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/fork.js:12

    execArgv = process.env['NX_PSEUDO_TERMINAL_EXEC_ARGV'].split('|');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1dee839d96251667 — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/fork.js:13

    delete process.env['NX_PSEUDO_TERMINAL_EXEC_ARGV'];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7792f5ebd707495f — Filesystem access.

pkgs/npm/[email protected]/src/tasks-runner/forked-process-task-runner.js:4

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7792f5ebd707495f — Filesystem access.

pkgs/npm/[email protected]/src/tasks-runner/forked-process-task-runner.js:4

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #41fc526ae2f3aac1 — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/forked-process-task-runner.js:23

        this.verbose = process.env.NX_VERBOSE_LOGGING === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db28e53cf66a7dae — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/forked-process-task-runner.js:85

            process.env.NX_PREFIX_OUTPUT === 'true' &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62c29b2b3ac72f8e — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/init-tasks-runner.js:27

        process.env.NX_VERBOSE_LOGGING = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf46818c07787d07 — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/is-tui-enabled.js:12

    return process.env.NX_TUI === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e9bf026e7dd8d3b — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/is-tui-enabled.js:24

function shouldUseTui(nxJson, nxArgs, skipCapabilityCheck = process.env.NX_TUI_SKIP_CAPABILITY_CHECK === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3dc754397dc7a884 — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/is-tui-enabled.js:48

    if (typeof process.env.NX_TUI === 'string') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe8af73bb3616e50 — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/is-tui-enabled.js:49

        return process.env.NX_TUI === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e96b986597c13a9d — Filesystem access.

pkgs/npm/[email protected]/src/tasks-runner/life-cycles/store-run-information-life-cycle.js:5

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e96b986597c13a9d — Filesystem access.

pkgs/npm/[email protected]/src/tasks-runner/life-cycles/store-run-information-life-cycle.js:5

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b58073929b895a64 — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/life-cycles/store-run-information-life-cycle.js:73

            if (process.env.NX_VERBOSE_LOGGING === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d43ecaaf27c1c85 — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/life-cycles/task-history-life-cycle.js:17

            process.env.NX_DISABLE_DB !== 'true' && !native_1.IS_WASM

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be3e8bb0463b0644 — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/pseudo-terminal.js:169

    if (process.env.NX_WINDOWS_PTY_SUPPORT !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #929841d0dc7386c5 — Filesystem access.

pkgs/npm/[email protected]/src/tasks-runner/remove-old-cache-records.js:3

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #929841d0dc7386c5 — Filesystem access.

pkgs/npm/[email protected]/src/tasks-runner/remove-old-cache-records.js:3

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a5d6dfddaad4167 — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/run-command.js:54

        process.env.NX_TUI = 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ff0598532751c4e — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/run-command.js:271

        if (process.env.NX_IGNORE_CYCLES === 'true' || nxArgs.nxIgnoreCycles) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa22a17a89642c91 — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/run-command.js:288

        !process.env['NX_SKIP_ATOMIZER_VALIDATION']) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0336650ef5c5ef2 — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/run-command.js:294

    const status = await (0, handle_errors_1.handleErrors)(process.env.NX_VERBOSE_LOGGING === 'true', async () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d31b3e143b9dd1cd — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/run-command.js:306

                process.env.NX_SKIP_NX_CACHE === 'true' ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9cc40af59e34b52 — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/run-command.js:307

                process.env.NX_DISABLE_NX_CACHE === 'true',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3069662cf1fd9ea1 — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/run-command.js:610

        process.env.NX_BATCH_MODE === 'true' ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #243becfcefdbd99d — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/run-command.js:612

        process.env.NX_STREAM_OUTPUT = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f442ae5e9b19fc2 — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/run-command.js:613

        process.env.NX_PREFIX_OUTPUT = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66233239670beb23 — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/run-command.js:616

        process.env.NX_STREAM_OUTPUT = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #511ef8a4bd524064 — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/run-command.js:619

        process.env.NX_LOAD_DOT_ENV_FILES = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7afdd9b1c065c589 — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/run-command.js:707

    if (process.env.NX_PERF_LOGGING === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1fdf321417765ebb — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/run-command.js:710

    if (process.env.NX_PROFILE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1433bcaa90ee372 — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/run-command.js:711

        lifeCycles.push(new task_profiling_life_cycle_1.TaskProfilingLifeCycle(process.env.NX_PROFILE));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf3f729bd3566734 — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/run-command.js:738

    if (process.env.NX_BATCH_MODE === 'true' ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ffeca217381df97b — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/run-command.js:739

        process.env.NX_VERBOSE_LOGGING === 'true' ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #83d83ee95cd10c65 — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/run-command.js:740

        process.env.NX_TASKS_RUNNER_DYNAMIC_OUTPUT === 'false') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba2db521f1bfa264 — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/run-command.js:790

    if (process.env.CODEX_ENV_NODE_VERSION) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4ca564461bfb188 — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/run-command.js:806

        process.env.NX_CLOUD_AUTH_TOKEN ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1966c0bf21026f8 — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/run-command.js:807

        process.env.NX_CLOUD_ACCESS_TOKEN ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #770a180a576a99de — Filesystem access.

pkgs/npm/[email protected]/src/tasks-runner/running-tasks/node-child-process.js:5

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #770a180a576a99de — Filesystem access.

pkgs/npm/[email protected]/src/tasks-runner/running-tasks/node-child-process.js:5

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2d080df15565243 — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/running-tasks/node-child-process.js:16

            if (process.env.NX_PREFIX_OUTPUT === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba6109caa7f61970 — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/task-env.js:17

        ...getNxEnvVariablesForForkedProcess(process.env.FORCE_COLOR === undefined ? 'true' : process.env.FORCE_COLOR, skipNxCache, captureStderr),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba6109caa7f61970 — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/task-env.js:17

        ...getNxEnvVariablesForForkedProcess(process.env.FORCE_COLOR === undefined ? 'true' : process.env.FORCE_COLOR, skipNxCache, captureStderr),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5abcbb98a67245e — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/task-env.js:23

    return process.env.NX_LOAD_DOT_ENV_FILES === 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #15d4039beb787558 — Filesystem access.

pkgs/npm/[email protected]/src/tasks-runner/task-orchestrator.js:6

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #15d4039beb787558 — Filesystem access.

pkgs/npm/[email protected]/src/tasks-runner/task-orchestrator.js:6

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9bcc3c94cb7c8622 — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/task-orchestrator.js:284

            ? (0, task_env_1.getEnvVariablesForTask)(task, taskSpecificEnv, process.env.FORCE_COLOR === undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c7e980c1f9c8961 — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/task-orchestrator.js:286

                : process.env.FORCE_COLOR, this.options.skipNxCache, this.options.captureStderr, null, null)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f6ef038ffb771323 — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/task-orchestrator.js:304

        const shouldPrefix = streamOutput && process.env.NX_PREFIX_OUTPUT === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7335bf61c7080b4f — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/task-orchestrator.js:306

        if (process.env.NX_RUN_COMMANDS_DIRECTLY !== 'false' &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b87c033b0faa5d49 — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/task-orchestrator.js:311

                const combinedOptions = (0, params_1.combineOptionsForExecutor)(task.overrides, task.target.configuration ?? targetConfiguration.defaultConfiguration, targetConfiguration, schema, task.target.project, (0, path_1.relative)(task.projectRoot ?? workspace_root_1.workspaceRoot, process.cwd()), process.env.NX_VERBOSE_LOGGING === 'true');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09f786f323960a26 — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/task-orchestrator.js:374

                if (process.env.NX_VERBOSE_LOGGING === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef7025bd111f155d — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/task-orchestrator.js:424

            const usePtyFork = process.env.NX_NATIVE_COMMAND_RUNNER !== 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44b605c3c9431c5b — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/task-orchestrator.js:447

            if (process.env.NX_VERBOSE_LOGGING === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c7c7033b686144f — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/task-orchestrator.js:497

            ? (0, task_env_1.getEnvVariablesForTask)(task, taskSpecificEnv, process.env.FORCE_COLOR === undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4837a77f095f5d7c — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/task-orchestrator.js:499

                : process.env.FORCE_COLOR, this.options.skipNxCache, this.options.captureStderr, null, null)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f9b6e921c8e1689 — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/task-orchestrator.js:625

            if (process.env.NX_NATIVE_COMMAND_RUNNER !== 'false') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2502206f4bbab00 — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/task-orchestrator.js:630

                process.env.NX_STREAM_OUTPUT === 'true');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #733ecea48178427d — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/task-orchestrator.js:638

            (process.env.NX_CACHE_FAILURES == 'true' ? true : code === 0));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d49f78988e71714 — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/tasks-schedule.js:81

        if (this.options.batch || process.env.NX_BATCH_MODE === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c01ffbf03ea12b49 — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/utils.js:377

    if (process.env.NX_STREAM_OUTPUT === 'true')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e501e67d0bdc8882 — Environment-variable access.

pkgs/npm/[email protected]/src/tasks-runner/utils.js:379

    if (process.env.NX_STREAM_OUTPUT === 'false')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f8f879871b241bb — Environment-variable access.

pkgs/npm/[email protected]/src/utils/ab-testing.js:47

            if (process.env.NX_GENERATE_DOCS_PROCESS === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b311011f883dd59f — Environment-variable access.

pkgs/npm/[email protected]/src/utils/ab-testing.js:87

        if (process.env.NX_VERBOSE_LOGGING === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bcc6355e33f1a665 — Filesystem access.

pkgs/npm/[email protected]/src/utils/cache-directory.js:6

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bcc6355e33f1a665 — Filesystem access.

pkgs/npm/[email protected]/src/utils/cache-directory.js:6

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7d2724617a1fd7b — Environment-variable access.

pkgs/npm/[email protected]/src/utils/cache-directory.js:29

    const cacheDirFromEnv = process.env.NX_CACHE_DIRECTORY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a46cec30741c911 — Environment-variable access.

pkgs/npm/[email protected]/src/utils/cache-directory.js:68

    return absolutePath(workspaceRoot, process.env.NX_WORKSPACE_DATA_DIRECTORY ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d7cb2d4449f9ed5 — Environment-variable access.

pkgs/npm/[email protected]/src/utils/cache-directory.js:69

        process.env.NX_PROJECT_GRAPH_CACHE_DIRECTORY ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d0b9946c2ff3c2e4 — Filesystem access.

pkgs/npm/[email protected]/src/utils/child-process.js:8

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d0b9946c2ff3c2e4 — Filesystem access.

pkgs/npm/[email protected]/src/utils/child-process.js:8

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf19dff43b0801f5 — Environment-variable access.

pkgs/npm/[email protected]/src/utils/command-line-utils.js:78

        if (!nxArgs.base && process.env.NX_BASE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cad39fe36e3b26e1 — Environment-variable access.

pkgs/npm/[email protected]/src/utils/command-line-utils.js:79

            nxArgs.base = process.env.NX_BASE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af3c99a25b0c6c39 — Environment-variable access.

pkgs/npm/[email protected]/src/utils/command-line-utils.js:86

        if (!nxArgs.head && process.env.NX_HEAD) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #513b3f7622692826 — Environment-variable access.

pkgs/npm/[email protected]/src/utils/command-line-utils.js:87

            nxArgs.head = process.env.NX_HEAD;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5046bf8cedfe4a8 — Environment-variable access.

pkgs/npm/[email protected]/src/utils/command-line-utils.js:117

            process.env.NX_SKIP_NX_CACHE === 'true' ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #379e91bdad2bd2cf — Environment-variable access.

pkgs/npm/[email protected]/src/utils/command-line-utils.js:118

                process.env.NX_DISABLE_NX_CACHE === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca5813609927e657 — Environment-variable access.

pkgs/npm/[email protected]/src/utils/command-line-utils.js:122

            process.env.NX_DISABLE_REMOTE_CACHE === 'true' ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #450c9d4dcb68106e — Environment-variable access.

pkgs/npm/[email protected]/src/utils/command-line-utils.js:123

                process.env.NX_SKIP_REMOTE_CACHE === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bfc8fff4e4cbdeb6 — Environment-variable access.

pkgs/npm/[email protected]/src/utils/command-line-utils.js:132

        const runner = process.env[envKey];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #401670726cb168c5 — Environment-variable access.

pkgs/npm/[email protected]/src/utils/command-line-utils.js:142

                    process.env.NX_VERBOSE_LOGGING === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc80d4e043b6c9a4 — Environment-variable access.

pkgs/npm/[email protected]/src/utils/git-utils.index-filter.js:11

    const src = process.env.NX_IMPORT_SOURCE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7fb787c1cfc8237e — Environment-variable access.

pkgs/npm/[email protected]/src/utils/git-utils.index-filter.js:13

    execSync(`git reset ${process.env.GIT_COMMIT} -- "${src}"`, {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dafe348742f14e37 — Filesystem access.

pkgs/npm/[email protected]/src/utils/git-utils.tree-filter.js:10

const { existsSync, mkdirSync, renameSync, rmSync } = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dafe348742f14e37 — Filesystem access.

pkgs/npm/[email protected]/src/utils/git-utils.tree-filter.js:10

const { existsSync, mkdirSync, renameSync, rmSync } = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82fa299289584537 — Environment-variable access.

pkgs/npm/[email protected]/src/utils/git-utils.tree-filter.js:15

    const src = process.env.NX_IMPORT_SOURCE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #993fa96910cc107b — Environment-variable access.

pkgs/npm/[email protected]/src/utils/git-utils.tree-filter.js:16

    const dest = process.env.NX_IMPORT_DESTINATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9492556ee4ccf7f1 — Environment-variable access.

pkgs/npm/[email protected]/src/utils/is-ci.js:5

    if (process.env.CI === 'false') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3022866ef5e2f0d — Environment-variable access.

pkgs/npm/[email protected]/src/utils/is-ci.js:8

    return (process.env.CI ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85817ed4cda5f08a — Environment-variable access.

pkgs/npm/[email protected]/src/utils/is-ci.js:9

        process.env.TF_BUILD === 'true' ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5346875501957414 — Environment-variable access.

pkgs/npm/[email protected]/src/utils/is-ci.js:10

        process.env.GITHUB_ACTIONS === 'true' ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d0277918f7228071 — Environment-variable access.

pkgs/npm/[email protected]/src/utils/is-ci.js:11

        process.env.BUILDKITE === 'true' ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61235a9f167b2fde — Environment-variable access.

pkgs/npm/[email protected]/src/utils/is-ci.js:12

        process.env.CIRCLECI === 'true' ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #485401a4f3a455bf — Environment-variable access.

pkgs/npm/[email protected]/src/utils/is-ci.js:13

        process.env.CIRRUS_CI === 'true' ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c04e0b4d9b85e75b — Environment-variable access.

pkgs/npm/[email protected]/src/utils/is-ci.js:14

        process.env.TRAVIS === 'true' ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #52f50eacf4dfc5d1 — Environment-variable access.

pkgs/npm/[email protected]/src/utils/is-ci.js:15

        !!process.env['bamboo.buildKey'] ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0779d8df5c5fff45 — Environment-variable access.

pkgs/npm/[email protected]/src/utils/is-ci.js:16

        !!process.env['bamboo_buildKey'] ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b8da34ccd6de458 — Environment-variable access.

pkgs/npm/[email protected]/src/utils/is-ci.js:17

        !!process.env.CODEBUILD_BUILD_ID ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #079a39f4e4c38e83 — Environment-variable access.

pkgs/npm/[email protected]/src/utils/is-ci.js:18

        !!process.env.GITLAB_CI ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d18de204ab82b940 — Environment-variable access.

pkgs/npm/[email protected]/src/utils/is-ci.js:19

        !!process.env.HEROKU_TEST_RUN_ID ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8198575b21801aeb — Environment-variable access.

pkgs/npm/[email protected]/src/utils/is-ci.js:20

        !!process.env.BUILD_ID ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61f0593157f6c970 — Environment-variable access.

pkgs/npm/[email protected]/src/utils/is-ci.js:21

        !!process.env.BUILD_NUMBER ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a584214cf6d2b6fc — Environment-variable access.

pkgs/npm/[email protected]/src/utils/is-ci.js:22

        !!process.env.BUILD_BUILDID ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71c0581ebf089391 — Environment-variable access.

pkgs/npm/[email protected]/src/utils/is-ci.js:23

        !!process.env.TEAMCITY_VERSION ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1fb885794e10e759 — Environment-variable access.

pkgs/npm/[email protected]/src/utils/is-ci.js:24

        !!process.env.JENKINS_URL ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1ddd1323cb5100e — Environment-variable access.

pkgs/npm/[email protected]/src/utils/is-ci.js:25

        !!process.env.HUDSON_URL);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8c8f35af85813f7 — Filesystem access.

pkgs/npm/[email protected]/src/utils/legacy-task-history.js:6

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8c8f35af85813f7 — Filesystem access.

pkgs/npm/[email protected]/src/utils/legacy-task-history.js:6

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf5da42fa467ccf2 — Environment-variable access.

pkgs/npm/[email protected]/src/utils/logger.js:39

        if (process.env.NX_VERBOSE_LOGGING === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c241277b49eab6c — Environment-variable access.

pkgs/npm/[email protected]/src/utils/nx-cloud-utils.js:6

    if (process.env.NX_NO_CLOUD === 'true' || nxJson.neverConnectToCloud) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b04512a440d0c385 — Environment-variable access.

pkgs/npm/[email protected]/src/utils/nx-cloud-utils.js:9

    return (!!process.env.NX_CLOUD_AUTH_TOKEN ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #354aab0f0b94edf4 — Environment-variable access.

pkgs/npm/[email protected]/src/utils/nx-cloud-utils.js:10

        !!process.env.NX_CLOUD_ACCESS_TOKEN ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7adef9e33896c922 — Environment-variable access.

pkgs/npm/[email protected]/src/utils/nx-cloud-utils.js:19

            process.env.NX_CLOUD_AUTH_TOKEN ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c86c8326cae523ea — Environment-variable access.

pkgs/npm/[email protected]/src/utils/nx-cloud-utils.js:20

            process.env.NX_CLOUD_ACCESS_TOKEN) &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e860a25afb2e30f9 — Environment-variable access.

pkgs/npm/[email protected]/src/utils/output.js:13

const forceColor = process.env.FORCE_COLOR === '' || process.env.FORCE_COLOR === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e860a25afb2e30f9 — Environment-variable access.

pkgs/npm/[email protected]/src/utils/output.js:13

const forceColor = process.env.FORCE_COLOR === '' || process.env.FORCE_COLOR === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #136fa8853b1a76c7 — Environment-variable access.

pkgs/npm/[email protected]/src/utils/output.js:162

        if (process.env.NX_SKIP_LOG_GROUPING !== 'true' &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ca1a81172f01ed1 — Environment-variable access.

pkgs/npm/[email protected]/src/utils/output.js:163

            process.env.GITHUB_ACTIONS) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5467d5cf0e403d85 — Environment-variable access.

pkgs/npm/[email protected]/src/utils/output.js:172

        if (process.env.NX_SKIP_LOG_GROUPING !== 'true' &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10c25c49ff025893 — Environment-variable access.

pkgs/npm/[email protected]/src/utils/output.js:173

            process.env.GITHUB_ACTIONS) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #784931b4ebdcd345 — Filesystem access.

pkgs/npm/[email protected]/src/utils/package-json.js:12

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #784931b4ebdcd345 — Filesystem access.

pkgs/npm/[email protected]/src/utils/package-json.js:12

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5af0c755e15a525f — Environment-variable access.

pkgs/npm/[email protected]/src/utils/package-json.js:205

    const isVerbose = process.env.NX_VERBOSE_LOGGING === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8cbc50bc2cb86a12 — Filesystem access.

pkgs/npm/[email protected]/src/utils/package-manager.js:20

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8cbc50bc2cb86a12 — Filesystem access.

pkgs/npm/[email protected]/src/utils/package-manager.js:20

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #033fb72ef8cd61c5 — Environment-variable access.

pkgs/npm/[email protected]/src/utils/package-manager.js:160

            process.env.npm_config_legacy_peer_deps ??= 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8b7317e0332af39 — Environment-variable access.

pkgs/npm/[email protected]/src/utils/params.js:645

    return !!process.stdout.isTTY && process.env['CI'] !== 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #abdd85670336ad11 — Environment-variable access.

pkgs/npm/[email protected]/src/utils/path.js:34

    return process.env.INIT_CWD?.startsWith(workspace_root_1.workspaceRoot)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d134064eb637832a — Environment-variable access.

pkgs/npm/[email protected]/src/utils/path.js:35

        ? process.env.INIT_CWD

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5bdbe64f6664b57e — Environment-variable access.

pkgs/npm/[email protected]/src/utils/perf-logging.js:5

if (process.env.NX_PERF_LOGGING === 'true' && !initialized) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cba872a511f81aee — Filesystem access.

pkgs/npm/[email protected]/src/utils/plugins/local-plugins.js:4

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cba872a511f81aee — Filesystem access.

pkgs/npm/[email protected]/src/utils/plugins/local-plugins.js:4

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31b1f88936c0bd9e — Environment-variable access.

pkgs/npm/[email protected]/src/utils/provenance.js:20

    if (process.env.NX_SKIP_PROVENANCE_CHECK) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #30b6f9d7718876e0 — Environment-variable access.

pkgs/npm/[email protected]/src/utils/task-history.js:44

    if (process.env.NX_DISABLE_DB === 'true' || native_1.IS_WASM) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c7b929dc877c072f — Environment-variable access.

pkgs/npm/[email protected]/src/utils/workspace-root.js:17

    if (process.env.NX_WORKSPACE_ROOT_PATH)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0760b1542b787d9a — Environment-variable access.

pkgs/npm/[email protected]/src/utils/workspace-root.js:18

        return process.env.NX_WORKSPACE_ROOT_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@oclif/core

npm dependency

expand_more 30 low-confidence finding(s)

low env_fs dependency Excluded from app score #edf57d575dcbe7a3 — Environment-variable access.

pkgs/npm/@[email protected]/lib/command.js:347

        keys.map((key) => delete process.env[key]);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #626af8721a2c47c0 — Environment-variable access.

pkgs/npm/@[email protected]/lib/config/config.js:199

        const base = process.env[`XDG_${category.toUpperCase()}_HOME`] ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7f77e3f980a78a2 — Environment-variable access.

pkgs/npm/@[email protected]/lib/config/config.js:200

            (this.windows && process.env.LOCALAPPDATA) ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #802f54b43828cb56 — Environment-variable access.

pkgs/npm/@[email protected]/lib/config/config.js:308

        this.home = process.env.HOME || (this.windows && this.windowsHome()) || (0, os_1.getHomeDir)() || (0, node_os_1.tmpdir)();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e6edbaa1d5ebe32 — Environment-variable access.

pkgs/npm/@[email protected]/lib/config/config.js:546

        return process.env[this.scopedEnvVarKeys(k).find((k) => process.env[k])];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e6edbaa1d5ebe32 — Environment-variable access.

pkgs/npm/@[email protected]/lib/config/config.js:546

        return process.env[this.scopedEnvVarKeys(k).find((k) => process.env[k])];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7bfad0fbafd05d00 — Environment-variable access.

pkgs/npm/@[email protected]/lib/config/config.js:577

        return process.env.HOMEDRIVE && process.env.HOMEPATH && (0, node_path_1.join)(process.env.HOMEDRIVE, process.env.HOMEPATH);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7bfad0fbafd05d00 — Environment-variable access.

pkgs/npm/@[email protected]/lib/config/config.js:577

        return process.env.HOMEDRIVE && process.env.HOMEPATH && (0, node_path_1.join)(process.env.HOMEDRIVE, process.env.HOMEPATH);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7bfad0fbafd05d00 — Environment-variable access.

pkgs/npm/@[email protected]/lib/config/config.js:577

        return process.env.HOMEDRIVE && process.env.HOMEPATH && (0, node_path_1.join)(process.env.HOMEDRIVE, process.env.HOMEPATH);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7bfad0fbafd05d00 — Environment-variable access.

pkgs/npm/@[email protected]/lib/config/config.js:577

        return process.env.HOMEDRIVE && process.env.HOMEPATH && (0, node_path_1.join)(process.env.HOMEDRIVE, process.env.HOMEPATH);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f957faf7c0255d14 — Environment-variable access.

pkgs/npm/@[email protected]/lib/config/config.js:580

        return process.env.USERPROFILE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5ff65167cc0cbb1 — Environment-variable access.

pkgs/npm/@[email protected]/lib/config/plugin.js:223

                if (!process.env.OCLIF_NEXT_VERSION && manifest.version.split('-')[0] !== this.version.split('-')[0]) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4cf76607cd5d42e5 — Environment-variable access.

pkgs/npm/@[email protected]/lib/config/ts-path.js:274

        debug(`Skipping typescript path lookup for ${root} because it's an ESM module (NODE_ENV: ${process.env.NODE_ENV}, root plugin module type: ${rootPlugin?.moduleType})`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e73f22ae0e4b63ab — Environment-variable access.

pkgs/npm/@[email protected]/lib/config/ts-path.js:275

        const warningIsDisabled = process.env.OCLIF_DISABLE_LINKED_ESM_WARNING && (0, util_1.isTruthy)(process.env.OCLIF_DISABLE_LINKED_ESM_WARNING);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e73f22ae0e4b63ab — Environment-variable access.

pkgs/npm/@[email protected]/lib/config/ts-path.js:275

        const warningIsDisabled = process.env.OCLIF_DISABLE_LINKED_ESM_WARNING && (0, util_1.isTruthy)(process.env.OCLIF_DISABLE_LINKED_ESM_WARNING);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c5f0124d3e71ed91 — Environment-variable access.

pkgs/npm/@[email protected]/lib/execute.js:52

        process.env.NODE_ENV = 'development';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3cb26de3c395cffe — Environment-variable access.

pkgs/npm/@[email protected]/lib/index.js:49

    if (process.env.OCLIF_DISABLE_ENGINE_WARNING && (0, util_1.isTruthy)(process.env.OCLIF_DISABLE_ENGINE_WARNING))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3cb26de3c395cffe — Environment-variable access.

pkgs/npm/@[email protected]/lib/index.js:49

    if (process.env.OCLIF_DISABLE_ENGINE_WARNING && (0, util_1.isTruthy)(process.env.OCLIF_DISABLE_ENGINE_WARNING))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55a084e1c8d63af6 — Environment-variable access.

pkgs/npm/@[email protected]/lib/parser/parse.js:17

        process.env.CLI_FLAGS_DEBUG === '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61fa046d3e7f6c1f — Environment-variable access.

pkgs/npm/@[email protected]/lib/parser/parse.js:403

            if (fws.inputFlag.flag.env && process.env[fws.inputFlag.flag.env]) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2de373eb0714effb — Environment-variable access.

pkgs/npm/@[email protected]/lib/parser/parse.js:404

                const valueFromEnv = process.env[fws.inputFlag.flag.env];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6419324c9f4aa0eb — Environment-variable access.

pkgs/npm/@[email protected]/lib/parser/parse.js:414

                        valueFunction: async (i) => (0, util_1.isTruthy)(process.env[i.inputFlag.flag.env] ?? 'false'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #36f4c7726e21f6f8 — Environment-variable access.

pkgs/npm/@[email protected]/lib/screen.js:18

const columns = Number.parseInt(process.env.OCLIF_COLUMNS, 10) || settings_1.settings.columns;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #038c6e74c2351966 — Environment-variable access.

pkgs/npm/@[email protected]/lib/util/os.js:37

    const SHELL = process.env.SHELL ?? (0, node_os_1.userInfo)().shell?.split(node_path_1.default.sep)?.pop();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68d735e37f0b0800 — Environment-variable access.

pkgs/npm/@[email protected]/lib/util/os.js:54

            : (process.env.COMSPEC ?? 'cmd.exe');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9612d01457179750 — Environment-variable access.

pkgs/npm/@[email protected]/lib/util/os.js:57

        return process.env.COMSPEC ?? 'cmd.exe';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a1d31690236c0c1 — Environment-variable access.

pkgs/npm/@[email protected]/lib/util/read-pjson.js:16

    if (process.env.OCLIF_DISABLE_RC) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a41feae7e2975f38 — Environment-variable access.

pkgs/npm/@[email protected]/lib/util/util.js:66

    return !['development', 'test'].includes(process.env.NODE_ENV ?? '');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7217cee2e7f4f8f — Environment-variable access.

pkgs/npm/@[email protected]/lib/ux/index.js:29

    !process.env.CI &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #915183d08cd84f0f — Environment-variable access.

pkgs/npm/@[email protected]/lib/ux/index.js:30

    !['dumb', 'emacs-color'].includes(process.env.TERM) &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@oclif/test

npm dependency

expand_more 4 low-confidence finding(s)

low env_fs dependency Excluded from app score #5337b20950365585 — Environment-variable access.

pkgs/npm/@[email protected]/lib/index.js:22

    return (process.env.OCLIF_TEST_ROOT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1204ff77ace38076 — Environment-variable access.

pkgs/npm/@[email protected]/lib/index.js:64

        NODE_ENV: process.env.NODE_ENV,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6c1a05b9b04a9c9 — Environment-variable access.

pkgs/npm/@[email protected]/lib/index.js:90

    process.env.NODE_ENV = testNodeEnv;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7aa36e739e775e63 — Environment-variable access.

pkgs/npm/@[email protected]/lib/index.js:110

        process.env.NODE_ENV = originals.NODE_ENV;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@rushstack/eslint-patch

npm dependency

expand_more 32 low-confidence finding(s)

low env_fs dependency Excluded from app score #580e62eb3cd25ad5 — Environment-variable access.

pkgs/npm/@[email protected]/lib-commonjs/eslint-bulk-suppressions/bulk-suppressions-file.js:15

const IS_RUNNING_IN_VSCODE = process.env[constants_1.VSCODE_PID_ENV_VAR_NAME] !== undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4af748c48ff7ba6a — Filesystem access.

pkgs/npm/@[email protected]/lib-commonjs/eslint-bulk-suppressions/bulk-suppressions-file.js:40

            rawJsonFile = node_fs_1.default.readFileSync(suppressionsPath).toString();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6cc6d49a92be46a1 — Filesystem access.

pkgs/npm/@[email protected]/lib-commonjs/eslint-bulk-suppressions/bulk-suppressions-file.js:86

        node_fs_1.default.writeFileSync(suppressionsPath, JSON.stringify(suppressionsConfig.jsonObject, undefined, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4748a8071a0c490e — Environment-variable access.

pkgs/npm/@[email protected]/lib-commonjs/eslint-bulk-suppressions/bulk-suppressions-patch.js:62

const ESLINT_BULK_SUPPRESS_ENV_VAR_VALUE = process.env[constants_1.ESLINT_BULK_SUPPRESS_ENV_VAR_NAME];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0575d7be5f85d7c — Environment-variable access.

pkgs/npm/@[email protected]/lib-commonjs/eslint-bulk-suppressions/bulk-suppressions-patch.js:158

    if (process.env[constants_1.ESLINT_BULK_ENABLE_ENV_VAR_NAME] === 'false') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #53e8a064d0989c57 — Environment-variable access.

pkgs/npm/@[email protected]/lib-commonjs/eslint-bulk-suppressions/bulk-suppressions-patch.js:177

    return process.env[constants_1.ESLINT_BULK_PRUNE_ENV_VAR_NAME] !== '1' && currentNodeIsSuppressed;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #983381c5e1e80fea — Environment-variable access.

pkgs/npm/@[email protected]/lib-commonjs/eslint-bulk-suppressions/cli/prune.js:26

        process.env[constants_1.ESLINT_BULK_PRUNE_ENV_VAR_NAME] = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f56db2cba3aca33d — Environment-variable access.

pkgs/npm/@[email protected]/lib-commonjs/eslint-bulk-suppressions/cli/suppress.js:50

        process.env[constants_1.ESLINT_BULK_SUPPRESS_ENV_VAR_NAME] = '*';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a31fa320bce8665 — Environment-variable access.

pkgs/npm/@[email protected]/lib-commonjs/eslint-bulk-suppressions/cli/suppress.js:53

        process.env[constants_1.ESLINT_BULK_SUPPRESS_ENV_VAR_NAME] = parsedArgs.rules.join(',');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b13da26c194e02a4 — Environment-variable access.

pkgs/npm/@[email protected]/lib-commonjs/eslint-bulk-suppressions/constants.js:17

exports.BULK_SUPPRESSIONS_CLI_ESLINT_PACKAGE_NAME = (_a = process.env[exports.ESLINT_PACKAGE_NAME_ENV_VAR_NAME]) !== null && _a !== void 0 ? _a : 'eslint';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #221c812bca33aaeb — Environment-variable access.

pkgs/npm/@[email protected]/lib-commonjs/eslint-bulk-suppressions/generate-patched-file.js:17

    const generateEnvVarValue = process.env[constants_1.ESLINT_BULK_FORCE_REGENERATE_PATCH_ENV_VAR_NAME];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9efdee7e74cf8b7 — Filesystem access.

pkgs/npm/@[email protected]/lib-commonjs/eslint-bulk-suppressions/generate-patched-file.js:24

    const inputFile = node_fs_1.default.readFileSync(inputFilePath).toString();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82369f32c44e33cd — Filesystem access.

pkgs/npm/@[email protected]/lib-commonjs/eslint-bulk-suppressions/generate-patched-file.js:354

    node_fs_1.default.writeFileSync(outputFilePath, outputFile);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c34c3d9006f4607f — Environment-variable access.

pkgs/npm/@[email protected]/lib-commonjs/eslint-bulk-suppressions/index.js:14

const eslintBulkDetectEnvVarValue = process.env[constants_1.ESLINT_BULK_DETECT_ENV_VAR_NAME];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c036db8f4aef4b02 — Environment-variable access.

pkgs/npm/@[email protected]/lib-commonjs/eslint-bulk-suppressions/index.js:20

process.env[constants_1.ESLINT_BULK_PATCH_PATH_ENV_VAR_NAME] = require.resolve('./bulk-suppressions-patch');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc9089b2f2e88a74 — Environment-variable access.

pkgs/npm/@[email protected]/lib-commonjs/eslint-bulk-suppressions/path-utils.js:18

    const eslintBulkDetectEnvVarValue = process.env[constants_1.ESLINT_BULK_DETECT_ENV_VAR_NAME];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a186a61360d3de0 — Environment-variable access.

pkgs/npm/@[email protected]/lib-esm/eslint-bulk-suppressions/bulk-suppressions-file.js:5

const IS_RUNNING_IN_VSCODE = process.env[VSCODE_PID_ENV_VAR_NAME] !== undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a597051d34fe6cf — Filesystem access.

pkgs/npm/@[email protected]/lib-esm/eslint-bulk-suppressions/bulk-suppressions-file.js:30

            rawJsonFile = fs.readFileSync(suppressionsPath).toString();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e1c1100f91307c9 — Filesystem access.

pkgs/npm/@[email protected]/lib-esm/eslint-bulk-suppressions/bulk-suppressions-file.js:76

        fs.writeFileSync(suppressionsPath, JSON.stringify(suppressionsConfig.jsonObject, undefined, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80c4b82722a93967 — Environment-variable access.

pkgs/npm/@[email protected]/lib-esm/eslint-bulk-suppressions/bulk-suppressions-patch.js:18

const ESLINT_BULK_SUPPRESS_ENV_VAR_VALUE = process.env[ESLINT_BULK_SUPPRESS_ENV_VAR_NAME];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf9290027039bd92 — Environment-variable access.

pkgs/npm/@[email protected]/lib-esm/eslint-bulk-suppressions/bulk-suppressions-patch.js:114

    if (process.env[ESLINT_BULK_ENABLE_ENV_VAR_NAME] === 'false') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9d08d2f9ec9ff5c — Environment-variable access.

pkgs/npm/@[email protected]/lib-esm/eslint-bulk-suppressions/bulk-suppressions-patch.js:133

    return process.env[ESLINT_BULK_PRUNE_ENV_VAR_NAME] !== '1' && currentNodeIsSuppressed;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e16a3a3033c7ee0e — Environment-variable access.

pkgs/npm/@[email protected]/lib-esm/eslint-bulk-suppressions/cli/prune.js:20

        process.env[ESLINT_BULK_PRUNE_ENV_VAR_NAME] = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e37e2d386c9cbd6 — Environment-variable access.

pkgs/npm/@[email protected]/lib-esm/eslint-bulk-suppressions/cli/suppress.js:47

        process.env[ESLINT_BULK_SUPPRESS_ENV_VAR_NAME] = '*';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #151c208837a9d8e1 — Environment-variable access.

pkgs/npm/@[email protected]/lib-esm/eslint-bulk-suppressions/cli/suppress.js:50

        process.env[ESLINT_BULK_SUPPRESS_ENV_VAR_NAME] = parsedArgs.rules.join(',');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f5041715cda6ec7 — Environment-variable access.

pkgs/npm/@[email protected]/lib-esm/eslint-bulk-suppressions/constants.js:14

export const BULK_SUPPRESSIONS_CLI_ESLINT_PACKAGE_NAME = (_a = process.env[ESLINT_PACKAGE_NAME_ENV_VAR_NAME]) !== null && _a !== void 0 ? _a : 'eslint';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91842f0e700cedd9 — Environment-variable access.

pkgs/npm/@[email protected]/lib-esm/eslint-bulk-suppressions/generate-patched-file.js:11

    const generateEnvVarValue = process.env[ESLINT_BULK_FORCE_REGENERATE_PATCH_ENV_VAR_NAME];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0573b09f762094b5 — Filesystem access.

pkgs/npm/@[email protected]/lib-esm/eslint-bulk-suppressions/generate-patched-file.js:18

    const inputFile = fs.readFileSync(inputFilePath).toString();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29355e85cbcc692e — Filesystem access.

pkgs/npm/@[email protected]/lib-esm/eslint-bulk-suppressions/generate-patched-file.js:348

    fs.writeFileSync(outputFilePath, outputFile);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28f4e037fdf67f01 — Environment-variable access.

pkgs/npm/@[email protected]/lib-esm/eslint-bulk-suppressions/index.js:12

const eslintBulkDetectEnvVarValue = process.env[ESLINT_BULK_DETECT_ENV_VAR_NAME];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #514c642fb451e826 — Environment-variable access.

pkgs/npm/@[email protected]/lib-esm/eslint-bulk-suppressions/index.js:18

process.env[ESLINT_BULK_PATCH_PATH_ENV_VAR_NAME] = require.resolve('./bulk-suppressions-patch');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31e7198bfc1a56b9 — Environment-variable access.

pkgs/npm/@[email protected]/lib-esm/eslint-bulk-suppressions/path-utils.js:10

    const eslintBulkDetectEnvVarValue = process.env[ESLINT_BULK_DETECT_ENV_VAR_NAME];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@sequelize/core

npm dependency

expand_more 1 low-confidence finding(s)

low env_fs dependency Excluded from app score #4037ecaaf0b7852e — Environment-variable access.

pkgs/npm/@[email protected]/lib/abstract-dialect/query-generator-typescript.js:735

    if (process.env.npm_lifecycle_event !== "mocha") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@sequelize/utils

npm dependency

expand_more 1 low-confidence finding(s)

low env_fs dependency Excluded from app score #20c87ae060f24ca6 — Filesystem access.

pkgs/npm/@[email protected]/lib/node/read-file-if-exists.js:38

    return await import_promises.default.readFile(filePath, options);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

bnf-parser

npm dependency

expand_more 16 low-confidence finding(s)

low env_fs dependency Excluded from app score #886989656b0e7387 — Filesystem access.

pkgs/npm/[email protected]/bin/cli.js:5

import { readdirSync, existsSync, readFileSync, writeFileSync, appendFileSync, statSync, mkdirSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f82188d33ed95387 — Filesystem access.

pkgs/npm/[email protected]/bin/cli.js:84

    const data = readFileSync(file, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d38a1c9353340b80 — Filesystem access.

pkgs/npm/[email protected]/bin/cli.js:123

    writeFileSync(`${out_dir}/${name}.d.ts`, types);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fad130b6a3d73611 — Filesystem access.

pkgs/npm/[email protected]/bin/cli.js:128

            writeFileSync(`${out_dir}/${name}.wat`, mod.emitText());

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #432e224aea4540db — Filesystem access.

pkgs/npm/[email protected]/bin/cli.js:138

        writeFileSync(`${out_dir}/${name}.js`, GenerateRunner(lang, mod.emitBinary()));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a49d50a537b3501a — Filesystem access.

pkgs/npm/[email protected]/bin/cli.js:149

writeFileSync(`${out_dir}/shared.js`, wasm.Runner.toString());

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da3c89e910c9896f — Filesystem access.

pkgs/npm/[email protected]/bin/cli.js:150

writeFileSync(`${out_dir}/shared.d.ts`, readFileSync(`${script}/artifacts/shared.d.ts`, "utf8")
    .replace(/    /gm, "\t")
    .replace(/\r\n/g, "\n"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6758b8dec918f05d — Filesystem access.

pkgs/npm/[email protected]/bin/cli.js:150

writeFileSync(`${out_dir}/shared.d.ts`, readFileSync(`${script}/artifacts/shared.d.ts`, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #01c117df0ac4b7a3 — Filesystem access.

pkgs/npm/[email protected]/bin/cli.js:153

appendFileSync(`${out_dir}/shared.js`, readFileSync(`${script}/artifacts/shared.js`, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #289ea33ff1d1c637 — Filesystem access.

pkgs/npm/[email protected]/bin/wasm/test-run.js:1

import { writeFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55c6ffc2a4354749 — Filesystem access.

pkgs/npm/[email protected]/bin/wasm/test-run.js:12

writeFileSync("out.wasm", myModule.emitBinary());

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20a9c98b5800edcd — Filesystem access.

pkgs/npm/[email protected]/bin/wasm/test-run.js:20

    writeFileSync("out.wat", myModule.emitText());

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6af37c2ab641d8a5 — Filesystem access.

pkgs/npm/[email protected]/bin/wasm/test-run.js:21

    writeFileSync("out.wasm", bin);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf7397ededd9ad38 — Filesystem access.

pkgs/npm/[email protected]/bin/wasm/test-run.js:46

writeFileSync("dump.json", JSON.stringify(output.root, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d71fb617afa0fc3b — Filesystem access.

pkgs/npm/[email protected]/bin/wasm/test-types.js:1

import { writeFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22e5a8ee31976eb9 — Filesystem access.

pkgs/npm/[email protected]/bin/wasm/test-types.js:34

writeFileSync("./dump.d.ts", types.CompileTypes(lang));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

chai

npm dependency

expand_more 8 low-confidence finding(s)

low env_fs dependency Excluded from app score #510a1e10ccb373a2 — Environment-variable access.

pkgs/npm/[email protected]/karma.conf.js:26

  switch (process.env.CHAI_TEST_ENV) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f2ee90aeea63aa66 — Environment-variable access.

pkgs/npm/[email protected]/karma.sauce.js:11

    auth.SAUCE_USERNAME = process.env.SAUCE_USERNAME || null;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2f9dd93184484b0 — Environment-variable access.

pkgs/npm/[email protected]/karma.sauce.js:12

    auth.SAUCE_ACCESS_KEY = process.env.SAUCE_ACCESS_KEY || null;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b14a5e281fd6bc76 — Environment-variable access.

pkgs/npm/[email protected]/karma.sauce.js:16

  if (process.env.SKIP_SAUCE) return;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ac3f1e12638e6d6 — Environment-variable access.

pkgs/npm/[email protected]/karma.sauce.js:18

  var branch = process.env.TRAVIS_BRANCH || 'local'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b061d378ec0cf87 — Environment-variable access.

pkgs/npm/[email protected]/karma.sauce.js:22

  var tunnel = process.env.TRAVIS_JOB_NUMBER || ts;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc710bbb71f5aebc — Environment-variable access.

pkgs/npm/[email protected]/karma.sauce.js:24

  if (process.env.TRAVIS_JOB_NUMBER) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d6ab1f2ff5b2b62 — Environment-variable access.

pkgs/npm/[email protected]/karma.sauce.js:25

    tags.push('travis@' + process.env.TRAVIS_JOB_NUMBER);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

dayjs

npm dependency

expand_more 2 low-confidence finding(s)

low env_fs dependency Excluded from app score #eedb098a0db67597 — Environment-variable access.

pkgs/npm/[email protected]/esm/plugin/devHelper/index.js:4

  if (!process || process.env.NODE_ENV !== 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f2db47061c9268df — Environment-variable access.

pkgs/npm/[email protected]/plugin/devHelper.js:1

!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e="undefined"!=typeof globalThis?globalThis:e||self).dayjs_plugin_devHelper=t()}(this,(function(){"use strict";return function(e,t,s){if(!process||"production"!==process.env.NODE_ENV){var o=t.prototype,n=o.parse;o.parse=function(e){var t=e.date;return"string"==typeof t&&13===t.length&&console.warn("To parse a Unix timestamp like "+t+", you should pass it as a Number. https://day.js.org/docs/en/parse/unix-timestamp-milliseconds"),"number"==typeof t&&4===String(t).length&&console.warn("Guessing you may want to parse the Year "+t+", you should pass it as a String "+t+", not a Number. Otherwise, "+t+" will be treated as a Unix timestamp"),e.args.length>=2&&!s.p.customParseFormat&&console.warn("To parse a date-time string like "+t+" using the given format, you should enable customParseFormat plugin first. https://day.js.org/docs/en/parse/string-format"),n.bind(this)(e)};var a=s.locale;s.locale=function(e,t,o){return void 0===t&&"string"==typeof e&&(s.Ls[e]||console.warn("Guessing you may want to use locale "+e+", you have to load it before using it. https://day.js.org/docs/en/i18n/loading-into-nodejs")),a(e,t,o)};var i=o.diff;o.diff=function(e,t,o){return(!e||!s(e).isValid())&&console.warn("Invalid usage: diff() requires a valid comparison date as the first argument. https://day.js.org/docs/en/display/difference"),i.call(this,e,t,o)}}}}));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

debug

npm dependency

expand_more 5 low-confidence finding(s)

low env_fs dependency Excluded from app score #5362488d4a7d935f — Environment-variable access.

pkgs/npm/[email protected]/src/browser.js:230

		r = process.env.DEBUG;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77dfeefb97c65fd8 — Environment-variable access.

pkgs/npm/[email protected]/src/node.js:136

	let val = process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #311b7354b9a5d08b — Environment-variable access.

pkgs/npm/[email protected]/src/node.js:205

		process.env.DEBUG = namespaces;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d9fdf7b84d3c7c12 — Environment-variable access.

pkgs/npm/[email protected]/src/node.js:209

		delete process.env.DEBUG;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #21d39d5b726b40f0 — Environment-variable access.

pkgs/npm/[email protected]/src/node.js:221

	return process.env.DEBUG;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

eslint

npm dependency

expand_more 27 low-confidence finding(s)

low env_fs dependency Excluded from app score #6d8f002f8ffb922c — Filesystem access.

pkgs/npm/[email protected]/lib/cli-engine/cli-engine.js:18

const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d8f002f8ffb922c — Filesystem access.

pkgs/npm/[email protected]/lib/cli-engine/cli-engine.js:18

const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d8aaaaa00d22b53 — Filesystem access.

pkgs/npm/[email protected]/lib/cli-engine/cli-engine.js:725

            fs.writeFileSync(result.filePath, result.output);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a12407758971da1a — Filesystem access.

pkgs/npm/[email protected]/lib/cli-engine/cli-engine.js:835

                text: fs.readFileSync(filePath, "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2bb75a063b5d8a80 — Filesystem access.

pkgs/npm/[email protected]/lib/cli-engine/file-enumerator.js:37

const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2bb75a063b5d8a80 — Filesystem access.

pkgs/npm/[email protected]/lib/cli-engine/file-enumerator.js:37

const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91ae2b3aff23a23f — Filesystem access.

pkgs/npm/[email protected]/lib/cli-engine/lint-result-cache.js:12

const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91ae2b3aff23a23f — Filesystem access.

pkgs/npm/[email protected]/lib/cli-engine/lint-result-cache.js:12

const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ed7e55ce6d2d110 — Filesystem access.

pkgs/npm/[email protected]/lib/cli-engine/lint-result-cache.js:149

            results.source = fs.readFileSync(filePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76a64e4339c92ef9 — Filesystem access.

pkgs/npm/[email protected]/lib/cli-engine/load-rules.js:12

const fs = require("fs"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76a64e4339c92ef9 — Filesystem access.

pkgs/npm/[email protected]/lib/cli-engine/load-rules.js:12

const fs = require("fs"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4fb934292b5de05a — Filesystem access.

pkgs/npm/[email protected]/lib/cli.js:18

const fs = require("fs"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4fb934292b5de05a — Filesystem access.

pkgs/npm/[email protected]/lib/cli.js:18

const fs = require("fs"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aae8e50ae7741578 — Filesystem access.

pkgs/npm/[email protected]/lib/eslint/eslint-helpers.js:13

const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aae8e50ae7741578 — Filesystem access.

pkgs/npm/[email protected]/lib/eslint/eslint-helpers.js:13

const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a44cdb71073ed977 — Filesystem access.

pkgs/npm/[email protected]/lib/eslint/eslint.js:14

const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a44cdb71073ed977 — Filesystem access.

pkgs/npm/[email protected]/lib/eslint/eslint.js:14

const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45cfde89d9d3f802 — Filesystem access.

pkgs/npm/[email protected]/lib/eslint/flat-eslint.js:13

const fs = require("fs").promises;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9644e01200de8a96 — Filesystem access.

pkgs/npm/[email protected]/lib/eslint/flat-eslint.js:14

const { existsSync } = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9644e01200de8a96 — Filesystem access.

pkgs/npm/[email protected]/lib/eslint/flat-eslint.js:14

const { existsSync } = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e0ac90b7b7d1a8c — Filesystem access.

pkgs/npm/[email protected]/lib/eslint/flat-eslint.js:649

                .map(r => fs.writeFile(r.filePath, r.output))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14bb1f189b743e3d — Filesystem access.

pkgs/npm/[email protected]/lib/eslint/flat-eslint.js:849

                return fs.readFile(filePath, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a4a098b3056951e — Environment-variable access.

pkgs/npm/[email protected]/lib/eslint/flat-eslint.js:1137

    switch (process.env.ESLINT_USE_FLAT_CONFIG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af7e7d6101a0983c — Environment-variable access.

pkgs/npm/[email protected]/lib/linter/timing.js:42

const enabled = !!process.env.TIMING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #384cc8eaf43e2f76 — Environment-variable access.

pkgs/npm/[email protected]/lib/linter/timing.js:54

    if (typeof process.env.TIMING !== "string") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a185c9c468c1c77 — Environment-variable access.

pkgs/npm/[email protected]/lib/linter/timing.js:58

    if (process.env.TIMING.toLowerCase() === "all") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #131a493eab352e19 — Environment-variable access.

pkgs/npm/[email protected]/lib/linter/timing.js:62

    const TIMING_ENV_VAR_AS_INTEGER = Number.parseInt(process.env.TIMING, 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

eslint-plugin-jsdoc

npm dependency

expand_more 3 low-confidence finding(s)

low env_fs dependency Excluded from app score #8366b96127fd981a — Filesystem access.

pkgs/npm/[email protected]/src/getJsdocProcessorPlugin.js:35

  readFileSync(join(import.meta.dirname, '../package.json'), 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #564bca280bb8d9bc — Filesystem access.

pkgs/npm/[email protected]/src/rules/importsAsDependencies.js:26

      readFileSync(join(process.cwd(), './package.json'), 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b6f9ab4a969a618 — Filesystem access.

pkgs/npm/[email protected]/src/rules/importsAsDependencies.js:101

              readFileSync(join(process.cwd(), 'node_modules', mod, './package.json'), 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

fast-glob

npm dependency

expand_more 4 low-confidence finding(s)

low env_fs dependency Excluded from app score #47cc14f88e13c48c — Filesystem access.

pkgs/npm/[email protected]/out/readers/reader.d.ts:2

import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea11c9d78aad68d5 — Filesystem access.

pkgs/npm/[email protected]/out/settings.js:4

const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea11c9d78aad68d5 — Filesystem access.

pkgs/npm/[email protected]/out/settings.js:4

const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a28bc5ebd7303bd4 — Filesystem access.

pkgs/npm/[email protected]/out/utils/fs.d.ts:2

import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

fs-jetpack

npm dependency

expand_more 17 low-confidence finding(s)

low env_fs dependency Excluded from app score #25c1881a5a000598 — Filesystem access.

pkgs/npm/[email protected]/lib/copy.js:100

  const data = fs.readFileSync(srcPath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f6abf98e01fec70 — Filesystem access.

pkgs/npm/[email protected]/lib/copy.js:102

    fs.writeFileSync(destPath, data, { mode, flag: "wx" });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90cb2c4fe41d2a67 — Filesystem access.

pkgs/npm/[email protected]/lib/copy.js:108

        fs.writeFileSync(destPath, data, { mode });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #490d7dc041d42380 — Filesystem access.

pkgs/npm/[email protected]/lib/inspect.js:88

  const data = fs.readFileSync(path);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b0de7e1d520774f — Filesystem access.

pkgs/npm/[email protected]/lib/read.js:60

    data = fs.readFileSync(path, { encoding });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7132695f53357c3f — Filesystem access.

pkgs/npm/[email protected]/lib/read.js:95

    fs.readFile(path, { encoding })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e169ea99523b58f5 — Filesystem access.

pkgs/npm/[email protected]/lib/streams.js:3

const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e169ea99523b58f5 — Filesystem access.

pkgs/npm/[email protected]/lib/streams.js:3

const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6868a97c06ada9a4 — Filesystem access.

pkgs/npm/[email protected]/lib/utils/fs.js:5

const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6868a97c06ada9a4 — Filesystem access.

pkgs/npm/[email protected]/lib/utils/fs.js:5

const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a0003c434488c379 — Filesystem access.

pkgs/npm/[email protected]/lib/utils/tree_walker.js:3

const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a0003c434488c379 — Filesystem access.

pkgs/npm/[email protected]/lib/utils/tree_walker.js:3

const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4cf064a546407954 — Filesystem access.

pkgs/npm/[email protected]/lib/write.js:46

    fs.writeFileSync(path, data, options);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b71ad7bd9c0c698 — Filesystem access.

pkgs/npm/[email protected]/lib/write.js:51

      fs.writeFileSync(path, data, options);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16ae58f0a88242ed — Filesystem access.

pkgs/npm/[email protected]/lib/write.js:84

    fs.writeFile(path, data, options)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e78801ee429b34a — Filesystem access.

pkgs/npm/[email protected]/lib/write.js:94

              return fs.writeFile(path, data, options);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #06f4cb83a57e1a89 — Filesystem access.

pkgs/npm/[email protected]/types.d.ts:5

import * as fs from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

husky

npm dependency

expand_more 9 low-confidence finding(s)

low env_fs dependency Excluded from app score #7c43c46e7307b9e1 — Filesystem access.

pkgs/npm/[email protected]/bin.js:2

import f, { writeFileSync as w } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1f0bcf2a875df8d — Filesystem access.

pkgs/npm/[email protected]/bin.js:12

	s = f.readFileSync(n)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0d3c70dcf330f8f — Filesystem access.

pkgs/npm/[email protected]/bin.js:15

	w(n, JSON.stringify(o, 0, /\t/.test(s) ? '\t' : 2) + '\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f3490793c523da11 — Filesystem access.

pkgs/npm/[email protected]/bin.js:18

	w('.husky/pre-commit', (p.env.npm_config_user_agent?.split('/')[0] ?? 'npm') + ' test\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98790ac39f0a6af7 — Filesystem access.

pkgs/npm/[email protected]/index.js:2

import f, { readdir, writeFileSync as w } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7dc583b82d83f50 — Environment-variable access.

pkgs/npm/[email protected]/index.js:9

	if (process.env.HUSKY === '0') return 'HUSKY=0 skip install'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa6625c8f9c0aeea — Filesystem access.

pkgs/npm/[email protected]/index.js:20

	w(_('.gitignore'), '*')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #017a6ed28bf5f6b6 — Filesystem access.

pkgs/npm/[email protected]/index.js:22

	l.forEach(h => w(_(h), `#!/usr/bin/env sh\n. "\$(dirname "\$0")/h"`, { mode: 0o755 }))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ddd228f8c13f85c7 — Filesystem access.

pkgs/npm/[email protected]/index.js:23

	w(_('husky.sh'), msg)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

lcov-result-merger

npm dependency

expand_more 3 low-confidence finding(s)

low env_fs dependency Excluded from app score #4e589277a1b8cd03 — Filesystem access.

pkgs/npm/[email protected]/bin/lcov-result-merger.js:68

    process.stdout.write(await readFile(tempFilePath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a135c0efe75476d — Filesystem access.

pkgs/npm/[email protected]/index.js:92

    const fileContent = await readFile(filePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5dfcc85182443ef — Filesystem access.

pkgs/npm/[email protected]/index.js:98

  await writeFile(tmpFile, Buffer.from(report.toString()), {
    encoding: 'utf-8',
    flag: 'w+',
  });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

lint-staged

npm dependency

expand_more 16 low-confidence finding(s)

low env_fs dependency Excluded from app score #83ef379e297b859e — Filesystem access.

pkgs/npm/[email protected]/lib/file.js:16

    return await fs.readFile(filename)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #efe84c15f4384209 — Filesystem access.

pkgs/npm/[email protected]/lib/file.js:52

  await fs.writeFile(filename, buffer)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54788faaf723f43a — Filesystem access.

pkgs/npm/[email protected]/lib/gitWorkflow.js:160

      readFile(this.mergeHeadFilename).then((buffer) => (this.mergeHeadBuffer = buffer)),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8285dca5301bc952 — Filesystem access.

pkgs/npm/[email protected]/lib/gitWorkflow.js:161

      readFile(this.mergeModeFilename).then((buffer) => (this.mergeModeBuffer = buffer)),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da7553851c2287b1 — Filesystem access.

pkgs/npm/[email protected]/lib/gitWorkflow.js:162

      readFile(this.mergeMsgFilename).then((buffer) => (this.mergeMsgBuffer = buffer)),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a595eccda8504ca — Filesystem access.

pkgs/npm/[email protected]/lib/gitWorkflow.js:174

        this.mergeHeadBuffer && writeFile(this.mergeHeadFilename, this.mergeHeadBuffer),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d88566a1efc650d7 — Filesystem access.

pkgs/npm/[email protected]/lib/gitWorkflow.js:175

        this.mergeModeBuffer && writeFile(this.mergeModeFilename, this.mergeModeBuffer),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad7e944194fafe86 — Filesystem access.

pkgs/npm/[email protected]/lib/gitWorkflow.js:176

        this.mergeMsgBuffer && writeFile(this.mergeMsgFilename, this.mergeMsgBuffer),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ffe37a18d5f6545e — Environment-variable access.

pkgs/npm/[email protected]/lib/index.js:142

  debugLog('Unset GIT_LITERAL_PATHSPECS (was `%s`)', process.env.GIT_LITERAL_PATHSPECS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80f5788d7b0f329b — Environment-variable access.

pkgs/npm/[email protected]/lib/index.js:143

  delete process.env.GIT_LITERAL_PATHSPECS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf42990f350c370a — Filesystem access.

pkgs/npm/[email protected]/lib/loadConfig.js:14

const readFile = async (filename) => fs.readFile(path.resolve(filename), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ab5746cee58f8b7 — Environment-variable access.

pkgs/npm/[email protected]/lib/resolveGitRepo.js:42

    debugLog('Unset GIT_DIR (was `%s`)', process.env.GIT_DIR)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #094de47c09122f26 — Environment-variable access.

pkgs/npm/[email protected]/lib/resolveGitRepo.js:43

    delete process.env.GIT_DIR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #872deb5435332a7f — Environment-variable access.

pkgs/npm/[email protected]/lib/resolveGitRepo.js:44

    debugLog('Unset GIT_WORK_TREE (was `%s`)', process.env.GIT_WORK_TREE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #740aeb6277e35481 — Environment-variable access.

pkgs/npm/[email protected]/lib/resolveGitRepo.js:45

    delete process.env.GIT_WORK_TREE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f2ddad5a2a9e7ed5 — Filesystem access.

pkgs/npm/[email protected]/lib/version.js:4

  const packageJson = JSON.parse(await fs.readFile(new URL('../package.json', import.meta.url)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

mariadb

npm dependency

expand_more 3 low-confidence finding(s)

low env_fs dependency Excluded from app score #cec2fbaf31de4d45 — Filesystem access.

pkgs/npm/[email protected]/lib/cmd/handshake/auth/caching-sha2-password-auth.js:86

                  key = fs.readFileSync(key, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa8398df81d0a7b1 — Filesystem access.

pkgs/npm/[email protected]/lib/cmd/handshake/auth/sha256-password-auth.js:54

              key = fs.readFileSync(key, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b106fcb9d5f46a9e — Environment-variable access.

pkgs/npm/[email protected]/lib/config/connection-options.js:30

    this.user = opts.user || process.env.USERNAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

markdownlint-cli

npm dependency

expand_more 4 low-confidence finding(s)

low env_fs dependency Excluded from app score #1a936467414afdf3 — Filesystem access.

pkgs/npm/[email protected]/markdownlint.js:194

      fs.writeFileSync(options.output, lintResultString);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e975282ef8cbd4c — Filesystem access.

pkgs/npm/[email protected]/markdownlint.js:278

  const ignoreText = fs.readFileSync(ignorePath, fsOptions);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2259e5f5056983a6 — Filesystem access.

pkgs/npm/[email protected]/markdownlint.js:323

        const originalText = fs.readFileSync(file, fsOptions);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #383939e9d77d9d20 — Filesystem access.

pkgs/npm/[email protected]/markdownlint.js:326

          fs.writeFileSync(file, fixedText, fsOptions);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

mocha

npm dependency

expand_more 13 low-confidence finding(s)

low env_fs dependency Excluded from app score #26a6b483f369cf77 — Filesystem access.

pkgs/npm/[email protected]/lib/cli/config.js:38

  yaml: filepath => require('js-yaml').load(fs.readFileSync(filepath, 'utf8')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48e685b75927e737 — Filesystem access.

pkgs/npm/[email protected]/lib/cli/config.js:54

      require('strip-json-comments')(fs.readFileSync(filepath, 'utf8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #173b1c54bf185128 — Filesystem access.

pkgs/npm/[email protected]/lib/cli/init.js:27

  const css = fs.readFileSync(path.join(srcdir, 'mocha.css'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8f3488e86ae2b0c — Filesystem access.

pkgs/npm/[email protected]/lib/cli/init.js:28

  const js = fs.readFileSync(path.join(srcdir, 'mocha.js'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c4ca42c16a49ad3 — Filesystem access.

pkgs/npm/[email protected]/lib/cli/init.js:29

  const tmpl = fs.readFileSync(
    path.join(srcdir, 'lib', 'browser', 'template.html')
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b494a46d601bb876 — Filesystem access.

pkgs/npm/[email protected]/lib/cli/init.js:32

  fs.writeFileSync(path.join(destdir, 'mocha.css'), css);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b4cf4c1e05e4280 — Filesystem access.

pkgs/npm/[email protected]/lib/cli/init.js:33

  fs.writeFileSync(path.join(destdir, 'mocha.js'), js);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cdd57ef408c5f21a — Filesystem access.

pkgs/npm/[email protected]/lib/cli/init.js:34

  fs.writeFileSync(path.join(destdir, 'tests.spec.js'), '');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b549058439054058 — Filesystem access.

pkgs/npm/[email protected]/lib/cli/init.js:35

  fs.writeFileSync(path.join(destdir, 'index.html'), tmpl);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c45b8cdd82d158b2 — Filesystem access.

pkgs/npm/[email protected]/lib/cli/options.js:239

      configData = fs.readFileSync(filepath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b81d7e6658243666 — Environment-variable access.

pkgs/npm/[email protected]/lib/cli/options.js:302

  const envConfig = parse(process.env.MOCHA_OPTIONS || '');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2d793e1679509c4 — Environment-variable access.

pkgs/npm/[email protected]/lib/reporters/base.js:58

  (supportsColor.stdout || process.env.MOCHA_COLORS !== undefined);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55340d2f474be97d — Filesystem access.

pkgs/npm/[email protected]/lib/reporters/json.js:90

        fs.writeFileSync(output, json);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

mysql2

npm dependency

expand_more 1 low-confidence finding(s)

low env_fs dependency Excluded from app score #f93b75ab7f2356e4 — Environment-variable access.

pkgs/npm/[email protected]/lib/packets/index.js:60

  if (process.env.NODE_DEBUG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

node-gyp

npm dependency

expand_more 42 low-confidence finding(s)

low env_fs dependency Excluded from app score #0aa572f611b44ca6 — Filesystem access.

pkgs/npm/[email protected]/bin/node-gyp.js:53

  const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0aa572f611b44ca6 — Filesystem access.

pkgs/npm/[email protected]/bin/node-gyp.js:53

  const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #00c7b67837c623d8 — Environment-variable access.

pkgs/npm/[email protected]/lib/build.js:25

  const makeCommand = gyp.opts.make || process.env.MAKE || platformMake

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45353d392bea988c — Environment-variable access.

pkgs/npm/[email protected]/lib/build.js:27

  const jobs = gyp.opts.jobs || process.env.JOBS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7483add28334549f — Filesystem access.

pkgs/npm/[email protected]/lib/build.js:46

      data = await fs.readFile(configPath, 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d61086b007adfc5 — Environment-variable access.

pkgs/npm/[email protected]/lib/build.js:199

      process.env.PATH = `${buildBinsDir}:${process.env.PATH}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d61086b007adfc5 — Environment-variable access.

pkgs/npm/[email protected]/lib/build.js:199

      process.env.PATH = `${buildBinsDir}:${process.env.PATH}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #46de90b142defe6a — Environment-variable access.

pkgs/npm/[email protected]/lib/configure.js:32

    process.env.PYTHON = python

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b6c7126a602e5d0 — Filesystem access.

pkgs/npm/[email protected]/lib/configure.js:41

        const nodeVersionH = readFileSync(path.join(prefix,
          'include', 'node', 'node_version.h'), { encoding: 'utf8' })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9676ad7aa64ea6ed — Environment-variable access.

pkgs/npm/[email protected]/lib/configure.js:121

      process.env.GYP_MSVS_VERSION = Math.min(vsInfo.versionYear, 2015)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1f1b72b82cdbf67 — Environment-variable access.

pkgs/npm/[email protected]/lib/configure.js:122

      process.env.GYP_MSVS_OVERRIDE_PATH = vsInfo.path

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e6744b20ce62e9f — Environment-variable access.

pkgs/npm/[email protected]/lib/configure.js:216

      let zoslibIncPath = process.env.ZOSLIB_INCLUDES

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #322eb6dd44359eb7 — Environment-variable access.

pkgs/npm/[email protected]/lib/configure.js:222

                          'to the correct path, or unset it to search %s', process.env.ZOSLIB_INCLUDES, nodeRootDir)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f0961be2e493cb7 — Environment-variable access.

pkgs/npm/[email protected]/lib/configure.js:308

    if (process.env.PYTHONPATH) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4be6a9e82038c32a — Environment-variable access.

pkgs/npm/[email protected]/lib/configure.js:309

      pypath.push(process.env.PYTHONPATH)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d79d7f90784b997 — Environment-variable access.

pkgs/npm/[email protected]/lib/configure.js:311

    process.env.PYTHONPATH = pypath.join(win ? ';' : ':')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e739aa5cb7590acb — Filesystem access.

pkgs/npm/[email protected]/lib/create-config-gypi.js:27

      const baseConfigGypi = await fs.readFile(baseConfigGypiPath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e044b74a5f5904c8 — Filesystem access.

pkgs/npm/[email protected]/lib/create-config-gypi.js:144

  await fs.writeFile(configPath, [prefix, json, ''].join('\n'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d9ac2ed8faf0e654 — Filesystem access.

pkgs/npm/[email protected]/lib/download.js:31

  const ca = await fs.readFile(filename, 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b306b75aa105758 — Environment-variable access.

pkgs/npm/[email protected]/lib/find-python.js:14

const systemDrive = process.env.SystemDrive || 'C:'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #74fa8f9a01971e8e — Environment-variable access.

pkgs/npm/[email protected]/lib/find-python.js:15

const username = process.env.USERNAME || process.env.USER || getOsUserInfo()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #74fa8f9a01971e8e — Environment-variable access.

pkgs/npm/[email protected]/lib/find-python.js:15

const username = process.env.USERNAME || process.env.USER || getOsUserInfo()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12779fdc80a40f5f — Environment-variable access.

pkgs/npm/[email protected]/lib/find-python.js:16

const localAppData = process.env.LOCALAPPDATA || `${systemDrive}\\${username}\\AppData\\Local`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #46f5e11b3bf55a1b — Environment-variable access.

pkgs/npm/[email protected]/lib/find-python.js:17

const foundLocalAppData = process.env.LOCALAPPDATA || username

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b914d2c30c22cea — Environment-variable access.

pkgs/npm/[email protected]/lib/find-python.js:18

const programFiles = process.env.ProgramW6432 || process.env.ProgramFiles || `${systemDrive}\\Program Files`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b914d2c30c22cea — Environment-variable access.

pkgs/npm/[email protected]/lib/find-python.js:18

const programFiles = process.env.ProgramW6432 || process.env.ProgramFiles || `${systemDrive}\\Program Files`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68d725e61df9d890 — Environment-variable access.

pkgs/npm/[email protected]/lib/find-python.js:19

const programFilesX86 = process.env['ProgramFiles(x86)'] || `${programFiles} (x86)`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32458d7f60d43532 — Filesystem access.

pkgs/npm/[email protected]/lib/find-visualstudio.js:4

const { existsSync } = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32458d7f60d43532 — Filesystem access.

pkgs/npm/[email protected]/lib/find-visualstudio.js:4

const { existsSync } = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #936f056ad6404653 — Environment-variable access.

pkgs/npm/[email protected]/lib/find-visualstudio.js:47

    if (process.env.VCINSTALLDIR) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7dc4c9f143250197 — Environment-variable access.

pkgs/npm/[email protected]/lib/find-visualstudio.js:49

        path.resolve(process.env.VCINSTALLDIR, '..')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07d3accfaff93a30 — Environment-variable access.

pkgs/npm/[email protected]/lib/find-visualstudio.js:145

      version: process.env.VSCMD_VER,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b06cad5092269876 — Environment-variable access.

pkgs/npm/[email protected]/lib/find-visualstudio.js:155

    const envWindowsSDKVersion = process.env.WindowsSDKVersion

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a672f91878dd0b1b — Environment-variable access.

pkgs/npm/[email protected]/lib/find-visualstudio.js:178

    const ps = path.join(process.env.SystemRoot, 'System32',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af91a041ecaea079 — Environment-variable access.

pkgs/npm/[email protected]/lib/find-visualstudio.js:242

    const ps = path.join(process.env.SystemRoot, 'System32',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6feb3bae953b6bca — Filesystem access.

pkgs/npm/[email protected]/lib/install.js:76

      const ver = await fs.readFile(installVersionFile, 'ascii')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #994f84ad7caeae4b — Filesystem access.

pkgs/npm/[email protected]/lib/install.js:265

        fs.writeFile(installVersionPath, gyp.package.installVersion + '\n'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bbac4c8c53d4602c — Environment-variable access.

pkgs/npm/[email protected]/lib/log.js:161

const NULL_LOGGER = !!process.env.NODE_GYP_NULL_LOGGER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3dfc672ab4c5ef5b — Environment-variable access.

pkgs/npm/[email protected]/lib/node-gyp.js:154

        this.opts[name.replaceAll('_', '-').toLowerCase()] = process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ecec7ed6202918a — Environment-variable access.

pkgs/npm/[email protected]/lib/process-release.js:64

  if (!overrideDistUrl && process.env.NODEJS_ORG_MIRROR) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2ec08107921cdab — Environment-variable access.

pkgs/npm/[email protected]/lib/process-release.js:65

    overrideDistUrl = process.env.NODEJS_ORG_MIRROR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f3aef644f4ff221 — Environment-variable access.

pkgs/npm/[email protected]/lib/util.js:16

  const reg = path.join(process.env.SystemRoot, 'System32', 'reg.exe')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

node-hook

npm dependency

expand_more 3 low-confidence finding(s)

low env_fs dependency Excluded from app score #c9f2e81746733175 — Filesystem access.

pkgs/npm/[email protected]/index.js:11

const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9f2e81746733175 — Filesystem access.

pkgs/npm/[email protected]/index.js:11

const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d5f197d9e212b6aa — Filesystem access.

pkgs/npm/[email protected]/index.js:68

    var source = fs.readFileSync(filename, 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

nyc

npm dependency

expand_more 31 low-confidence finding(s)

low env_fs dependency Excluded from app score #f9f3149bac77bc8f — Filesystem access.

pkgs/npm/[email protected]/bin/nyc.js:10

const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9f3149bac77bc8f — Filesystem access.

pkgs/npm/[email protected]/bin/nyc.js:10

const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f282f2f67c1cf3b — Environment-variable access.

pkgs/npm/[email protected]/bin/nyc.js:53

    env.BABEL_DISABLE_CACHE = process.env.BABEL_DISABLE_CACHE = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #589950504ba00869 — Environment-variable access.

pkgs/npm/[email protected]/bin/nyc.js:81

    env.SPAWN_WRAP_SHIM_ROOT = process.env.SPAWN_WRAP_SHIM_ROOT || process.env.XDG_CACHE_HOME || require('os').homedir()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #589950504ba00869 — Environment-variable access.

pkgs/npm/[email protected]/bin/nyc.js:81

    env.SPAWN_WRAP_SHIM_ROOT = process.env.SPAWN_WRAP_SHIM_ROOT || process.env.XDG_CACHE_HOME || require('os').homedir()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf48caf6d99b0dd7 — Filesystem access.

pkgs/npm/[email protected]/index.js:190

        const source = await fs.readFile(filename, 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e99d7f47d70e8563 — Filesystem access.

pkgs/npm/[email protected]/index.js:218

      const inCode = await fs.readFile(inFile, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a74e85438be810a — Filesystem access.

pkgs/npm/[email protected]/index.js:226

        await fs.writeFile(outFile, outCode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e9f9dff7627e46f — Environment-variable access.

pkgs/npm/[email protected]/index.js:353

    if (!process.env.NYC_CWD) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73a38be5785f7703 — Environment-variable access.

pkgs/npm/[email protected]/index.js:375

    process.env.NYC_PROCESS_ID = this.processInfo.uuid

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d77d30b19482ba6e — Filesystem access.

pkgs/npm/[email protected]/index.js:409

    fs.writeFileSync(
      coverageFilename,
      JSON.stringify(coverage),
      'utf-8'
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6b5bb0cdbb07282 — Filesystem access.

pkgs/npm/[email protected]/index.js:514

      const report = JSON.parse(await fs.readFile(path.resolve(baseDirectory, filename)), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a287f5e45e07116 — Environment-variable access.

pkgs/npm/[email protected]/lib/commands/check-coverage.js:19

  process.env.NYC_CWD = process.cwd()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d80a112be90205b0 — Environment-variable access.

pkgs/npm/[email protected]/lib/commands/merge.js:33

  process.env.NYC_CWD = process.cwd()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d50cc1e8afa93bb — Filesystem access.

pkgs/npm/[email protected]/lib/commands/merge.js:44

  await fs.writeFile(argv.outputFile, JSON.stringify(map), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37ba1dddd80341ac — Environment-variable access.

pkgs/npm/[email protected]/lib/commands/report.js:19

  process.env.NYC_CWD = process.cwd()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #abd478abd3df4631 — Environment-variable access.

pkgs/npm/[email protected]/lib/config-util.js:12

  cwd = cwd || process.env.NYC_CWD || process.cwd()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #060c8b70a3ddaad9 — Filesystem access.

pkgs/npm/[email protected]/lib/fs-promises.js:3

const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #060c8b70a3ddaad9 — Filesystem access.

pkgs/npm/[email protected]/lib/fs-promises.js:3

const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bcc54c1c0242f976 — Environment-variable access.

pkgs/npm/[email protected]/lib/register-env.js:21

    envToCopy[env] = process.env[env]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c611421148a88ab1 — Environment-variable access.

pkgs/npm/[email protected]/lib/register-env.js:26

  envToCopy[envName] = process.env[envName]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f280f2c015e48362 — Filesystem access.

pkgs/npm/[email protected]/lib/source-maps.js:43

      fs.writeFileSync(mapPath, JSON.stringify(sourceMap))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12d1586b77639735 — Filesystem access.

pkgs/npm/[email protected]/lib/source-maps.js:68

            this.loadedMaps[hash] = JSON.parse(await fs.readFile(mapPath, 'utf8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4733a050643d67a — Environment-variable access.

pkgs/npm/[email protected]/lib/wrap.js:6

  process.env.NYC_CONFIG ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4854346880db773 — Environment-variable access.

pkgs/npm/[email protected]/lib/wrap.js:15

  parent: process.env.NYC_PROCESS_ID || null

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #431080f464bdb6f7 — Environment-variable access.

pkgs/npm/[email protected]/lib/wrap.js:18

if (process.env.NYC_PROCESSINFO_EXTERNAL_ID) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1cd2c889fa37ce1a — Environment-variable access.

pkgs/npm/[email protected]/lib/wrap.js:19

  config._processInfo.externalId = process.env.NYC_PROCESSINFO_EXTERNAL_ID

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf92048c742a6907 — Environment-variable access.

pkgs/npm/[email protected]/lib/wrap.js:20

  delete process.env.NYC_PROCESSINFO_EXTERNAL_ID

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #93d24d96ccbb3f53 — Environment-variable access.

pkgs/npm/[email protected]/lib/wrap.js:23

if (process.env.NYC_CONFIG_OVERRIDE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c92e9a5b02f61c8f — Environment-variable access.

pkgs/npm/[email protected]/lib/wrap.js:24

  Object.assign(config, JSON.parse(process.env.NYC_CONFIG_OVERRIDE))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab61ecac7479a730 — Environment-variable access.

pkgs/npm/[email protected]/lib/wrap.js:25

  process.env.NYC_CONFIG = JSON.stringify(config)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

oclif

npm dependency

expand_more 20 low-confidence finding(s)

low env_fs dependency Excluded from app score #72586708ef9106e6 — Environment-variable access.

pkgs/npm/[email protected]/lib/aws.js:20

            accessKeyId: process.env.AWS_ACCESS_KEY_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16ed5351707a7a1b — Environment-variable access.

pkgs/npm/[email protected]/lib/aws.js:21

            secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d17038891059416 — Environment-variable access.

pkgs/npm/[email protected]/lib/aws.js:22

            sessionToken: process.env.AWS_SESSION_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07a84e2180ee1424 — Environment-variable access.

pkgs/npm/[email protected]/lib/aws.js:32

            const endpoint = process.env.AWS_S3_ENDPOINT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #89c34c018bbcaf7a — Environment-variable access.

pkgs/npm/[email protected]/lib/aws.js:33

            const checksumConfig = (0, util_1.getS3ChecksumConfig)(endpoint, process.env.AWS_REQUEST_CHECKSUM_CALCULATION);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc9326f62490ecda — Environment-variable access.

pkgs/npm/[email protected]/lib/aws.js:39

                        forcePathStyle: Boolean(process.env.AWS_S3_FORCE_PATH_STYLE),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4cbffb566d77c0db — Environment-variable access.

pkgs/npm/[email protected]/lib/aws.js:40

                        region: process.env.AWS_REGION ?? 'us-east-1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e8ed75f72cb6033 — Environment-variable access.

pkgs/npm/[email protected]/lib/commands/generate.js:18

    const token = process.env.GITHUB_TOKEN ?? process.env.GH_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e8ed75f72cb6033 — Environment-variable access.

pkgs/npm/[email protected]/lib/commands/generate.js:18

    const token = process.env.GITHUB_TOKEN ?? process.env.GH_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d6d285349ba51527 — Filesystem access.

pkgs/npm/[email protected]/lib/commands/pack/deb.js:143

                fsPromises.writeFile(node_path_1.default.join(workspace, 'usr', 'lib', config.dirname, 'bin', config.bin), scripts.bin(config), { mode: 0o755 }),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ff1d31c80da6ab9 — Filesystem access.

pkgs/npm/[email protected]/lib/commands/pack/deb.js:144

                fsPromises.writeFile(node_path_1.default.join(workspace, 'DEBIAN', 'control'), scripts.control(buildConfig, (0, upload_util_1.debArch)(arch))),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f356b9661b865683 — Filesystem access.

pkgs/npm/[email protected]/lib/commands/pack/deb.js:192

    await fs.writeFile(ftparchive, scripts.ftparchive(config));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c93198f24b409237 — Filesystem access.

pkgs/npm/[email protected]/lib/commands/pack/macos.js:229

                await fs.writeFile(noBundleConfigurationPath, noBundleConfiguration, { mode: 0o755 });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a9840b7af9ca420 — Filesystem access.

pkgs/npm/[email protected]/lib/commands/pack/macos.js:235

                await fs.writeFile(node_path_1.default.join(...scriptLocation), scripts[script](config, flags['additional-cli']), {
                    mode: 0o755,
                });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #15f6507ca342466b — Environment-variable access.

pkgs/npm/[email protected]/lib/commands/pack/macos.js:264

            if (process.env.OSX_KEYCHAIN)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de786d3f226e1f9f — Environment-variable access.

pkgs/npm/[email protected]/lib/commands/pack/macos.js:265

                args.push('--keychain', process.env.OSX_KEYCHAIN);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03a685f2d0993d95 — Filesystem access.

pkgs/npm/[email protected]/lib/commands/readme.js:105

            const tsConfigRaw = await fs.readFile(tsConfigPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9947d436aa58fc3 — Environment-variable access.

pkgs/npm/[email protected]/lib/readme-generator.js:48

const columns = Number.parseInt(process.env.COLUMNS, 10) || 120;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3dfabbf5513eb10b — Filesystem access.

pkgs/npm/[email protected]/lib/tarballs/bin.js:50

        await fs.promises.writeFile(node_path_1.default.join(baseWorkspace, 'bin', `${bin}.cmd`), `@echo off
setlocal enableextensions

if not "%${redirectedEnvVar}%"=="1" if exist "%LOCALAPPDATA%\\${bin}\\client\\bin\\${bin}.cmd" (
  set ${redirectedEnvVar}=1
  "%LOCALAPPDATA%\\${bin}\\client\\bin\\${bin}.cmd" %*
  goto:EOF
)

if not defined ${binPathEnvVar} set ${binPathEnvVar}="%~dp0${bin}.cmd"

if exist "%~dp0..\\bin\\node.exe" (
  "%~dp0..\\bin\\node.exe" ${`${nodeOptions.join(' ')} `}"%~dp0..\\bin\\run" %*
) else if exist "%LOCALAPPDATA%\\oclif\\node\\node-${nodeVersion}.exe" (
  "%LOCALAPPDATA%\\oclif\\node\\node-${nodeVersion}.exe" ${`${nodeOptions.join(' ')} `}"%~dp0..\\bin\\run" %*
) else (
  node ${`${nodeOptions.join(' ')} `}"%~dp0..\\bin\\run" %*
)
`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a83d05d34e76075 — Filesystem access.

pkgs/npm/[email protected]/lib/tarballs/bin.js:72

        await fs.promises.writeFile(bin, `#!/usr/bin/env bash
set -e
echoerr() { echo "$@" 1>&2; }

get_script_dir () {
  SOURCE="\${BASH_SOURCE[0]}"
  # While \$SOURCE is a symlink, resolve it
  while [ -h "\$SOURCE" ]; do
    DIR="\$( cd -P "\$( dirname "\$SOURCE" )" && pwd )"
    SOURCE="\$( readlink "\$SOURCE" )"
    # If \$SOURCE was a relative symlink (so no "/" as prefix, need to resolve it relative to the symlink base directory
    [[ \$SOURCE != /* ]] && SOURCE="\$DIR/\$SOURCE"
  done
  DIR="\$( cd -P "\$( dirname "\$SOURCE" )" && pwd )"
  echo "\$DIR"
}
DIR=\$(get_script_dir)
CLI_HOME=\$(cd && pwd)
XDG_DATA_HOME=\${XDG_DATA_HOME:="\$CLI_HOME/.local/share"}
CLIENT_HOME=\${${clientHomeEnvVar}:=$XDG_DATA_HOME/${config.dirname}/client}
BIN_PATH="\$CLIENT_HOME/bin/${config.bin}"
if [ -z "\$${redirectedEnvVar}" ] && [ -x "\$BIN_PATH" ] && [[ ! "\$DIR/${config.bin}" -ef "\$BIN_PATH" ]]; then
  if [ "\$DEBUG" == "*" ]; then
    echoerr "\$BIN_PATH" "\$@"
  fi
  ${binPathEnvVar}="\$BIN_PATH" ${redirectedEnvVar}=1 "\$BIN_PATH" "\$@"
else
  export ${binPathEnvVar}=\${${binPathEnvVar}:="\$DIR/${config.bin}"}
  if [ -x "$(command -v "\$XDG_DATA_HOME/oclif/node/node-custom")" ]; then
    NODE="\$XDG_DATA_HOME/oclif/node/node-custom"
  elif [ -x "$(command -v "\$DIR/node")" ]; then
    NODE="\$DIR/node"
  elif [ -x "$(command -v "\$XDG_DATA_HOME/oclif/node/node-${nodeVersion}")" ]; then
    NODE="\$XDG_DATA_HOME/oclif/node/node-${nodeVersion}"
  elif [ -x "$(command -v node)" ]; then
    NODE=node
  else
    echoerr 'Error: node is not installed.' >&2
    exit 1
  fi
  if [ "\$DEBUG" == "*" ]; then
    echoerr ${binPathEnvVar}="\$${binPathEnvVar}" "\$NODE" ${`${nodeOptions.join(' ')} `}"\$DIR/run" "\$@"
  fi
  "\$NODE" ${`${nodeOptions.join(' ')} `}"\$DIR/run" "\$@"
fi
`, { mode: 0o755 });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

oracledb

npm dependency

expand_more 51 low-confidence finding(s)

low env_fs tooling Excluded from app score unknown #775091a01a44d768 — Environment-variable access.

pkgs/npm/[email protected]/examples/dbconfig.js:76

  user: process.env.NODE_ORACLEDB_USER,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #1e24732fb3c4407e — Environment-variable access.

pkgs/npm/[email protected]/examples/dbconfig.js:82

  password: process.env.NODE_ORACLEDB_PASSWORD,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #5780f13088bc86ab — Environment-variable access.

pkgs/npm/[email protected]/examples/dbconfig.js:86

  connectString: process.env.NODE_ORACLEDB_CONNECTIONSTRING,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #f5a9d8ff9509d60e — Environment-variable access.

pkgs/npm/[email protected]/examples/dbconfig.js:90

  externalAuth: process.env.NODE_ORACLEDB_EXTERNALAUTH ? true : false,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #2b299b24b667b413 — Environment-variable access.

pkgs/npm/[email protected]/examples/dbconfig.js:97

if (process.env.NODE_ORACLEDB_WALLET_PASSWORD) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #c38b984bd88ecca3 — Environment-variable access.

pkgs/npm/[email protected]/examples/dbconfig.js:98

  config.walletPassword = process.env.NODE_ORACLEDB_WALLET_PASSWORD;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #62241f7f8ce8b820 — Environment-variable access.

pkgs/npm/[email protected]/examples/dbconfig.js:101

if (process.env.NODE_ORACLEDB_WALLET_LOCATION) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #3c743e62d048ac39 — Environment-variable access.

pkgs/npm/[email protected]/examples/dbconfig.js:102

  config.walletLocation = process.env.NODE_ORACLEDB_WALLET_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #bd8b9313282a0e49 — Environment-variable access.

pkgs/npm/[email protected]/examples/dbconfig.js:109

if (process.env.NODE_ORACLEDB_DBA_USER) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #a14daf056c8d2ed5 — Environment-variable access.

pkgs/npm/[email protected]/examples/dbconfig.js:110

  config.DBA_user = process.env.NODE_ORACLEDB_DBA_USER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #8cdbec04854cc1c4 — Environment-variable access.

pkgs/npm/[email protected]/examples/dbconfig.js:113

if (process.env.NODE_ORACLEDB_DBA_PASSWORD) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #1cfa96079c709822 — Environment-variable access.

pkgs/npm/[email protected]/examples/dbconfig.js:114

  config.DBA_password = process.env.NODE_ORACLEDB_DBA_PASSWORD;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #466d8a4270e04fad — Environment-variable access.

pkgs/npm/[email protected]/examples/example.js:47

if (process.env.NODE_ORACLEDB_DRIVER_MODE === 'thick') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #f9270bab3510a8bb — Environment-variable access.

pkgs/npm/[email protected]/examples/example.js:60

    clientOpts = { libDir: process.env.NODE_ORACLEDB_CLIENT_LIB_DIR };

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b29cfde9e979dc58 — Filesystem access.

pkgs/npm/[email protected]/lib/configProviders/file.js:26

const fs = require('fs').promises;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4cd392d2ee3f59b — Filesystem access.

pkgs/npm/[email protected]/lib/configProviders/file.js:47

    const data = Buffer.from(await fs.readFile(this.paramMap.get("filepath"), { encoding: 'utf8', flag: 'r' }));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7991ed09b0175ef5 — Environment-variable access.

pkgs/npm/[email protected]/lib/impl/parserHelpers.js:286

    const configDir = options.configDir || process.env.TNS_ADMIN || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a8235b42ec6f6ff — Environment-variable access.

pkgs/npm/[email protected]/lib/impl/parserHelpers.js:424

        errors.throwErr(errors.ERR_TNS_ENTRY_NOT_FOUND, connStr, configDir ? configDir + '/tnsnames.ora' : process.env.TNS_ADMIN + '/tnsnames.ora');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e510eafd81bedc94 — Environment-variable access.

pkgs/npm/[email protected]/lib/poolStatistics.js:83

    this.threadPoolSize = process.env.UV_THREADPOOL_SIZE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1aab8952f84264dd — Environment-variable access.

pkgs/npm/[email protected]/lib/thin/connection.js:1248

    } else if (process.env.ORA_DEBUG_JDWP) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3df40ca1b344c218 — Environment-variable access.

pkgs/npm/[email protected]/lib/thin/connection.js:1249

      this.jdwpData = Buffer.from(process.env.ORA_DEBUG_JDWP);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #23a25cf76c723bad — Environment-variable access.

pkgs/npm/[email protected]/lib/thin/protocol/messages/auth.js:115

    } else if (process.env.ORA_EDITION) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #abebc305082a6e24 — Environment-variable access.

pkgs/npm/[email protected]/lib/thin/protocol/messages/auth.js:116

      this.edition = process.env.ORA_EDITION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b61b04724c576f9f — Environment-variable access.

pkgs/npm/[email protected]/lib/thin/protocol/messages/auth.js:160

    if (process.env.ORA_SDTZ) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb30e95563896285 — Environment-variable access.

pkgs/npm/[email protected]/lib/thin/protocol/messages/auth.js:161

      tzRepr = process.env.ORA_SDTZ;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d37a96cab860aeb — Environment-variable access.

pkgs/npm/[email protected]/lib/thin/sqlnet/ntTcp.js:349

    if (process.env.NODE_ORACLEDB_DEBUG_PACKETS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a007669e652c1ddd — Environment-variable access.

pkgs/npm/[email protected]/lib/thin/sqlnet/ntTcp.js:458

        if (process.env.NODE_ORACLEDB_DEBUG_PACKETS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4b16cc827ad44fe — Filesystem access.

pkgs/npm/[email protected]/lib/thin/sqlnet/paramParser.js:30

const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4b16cc827ad44fe — Filesystem access.

pkgs/npm/[email protected]/lib/thin/sqlnet/paramParser.js:30

const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ff97be15e082a54 — Environment-variable access.

pkgs/npm/[email protected]/lib/thin/sqlnet/paramParser.js:41

  const tnsAdminVal = process.env.TNS_ADMIN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #546f35526b20565f — Filesystem access.

pkgs/npm/[email protected]/lib/thin/sqlnet/sessionAtts.js:32

const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #546f35526b20565f — Filesystem access.

pkgs/npm/[email protected]/lib/thin/sqlnet/sessionAtts.js:32

const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #456f4e2221f87b5d — Filesystem access.

pkgs/npm/[email protected]/lib/thin/sqlnet/sessionAtts.js:151

      fs.readFile(this.nt.walletFile, (err, data) => {
        if (err) {
          reject(err);
        } else {
          resolve(data);
        }
      });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dcf8f0bfbd019fae — Filesystem access.

pkgs/npm/[email protected]/package/install.js:41

const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dcf8f0bfbd019fae — Filesystem access.

pkgs/npm/[email protected]/package/install.js:41

const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b67c7780e97c3f15 — Filesystem access.

pkgs/npm/[email protected]/package/prunebinaries.js:45

const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b67c7780e97c3f15 — Filesystem access.

pkgs/npm/[email protected]/package/prunebinaries.js:45

const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #27d14b448f790351 — Environment-variable access.

pkgs/npm/[email protected]/plugins/configProviders/awsCommon.js:47

    process.env.HTTPS_PROXY ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dbd127a4b01ed9ec — Environment-variable access.

pkgs/npm/[email protected]/plugins/configProviders/awsCommon.js:48

    process.env.https_proxy;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #850ecbc43eac1938 — Environment-variable access.

pkgs/npm/[email protected]/plugins/configProviders/awsCommon.js:51

    process.env.HTTPS_PROXY_PORT ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #014f3994b4fc1971 — Environment-variable access.

pkgs/npm/[email protected]/plugins/configProviders/awsCommon.js:52

    process.env.https_proxy_port;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e85f88abcb56cb4 — Environment-variable access.

pkgs/npm/[email protected]/plugins/configProviders/awsCommon.js:90

  if (process.env.AWS_REGION) return process.env.AWS_REGION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e85f88abcb56cb4 — Environment-variable access.

pkgs/npm/[email protected]/plugins/configProviders/awsCommon.js:90

  if (process.env.AWS_REGION) return process.env.AWS_REGION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5fedb8fe360547bf — Environment-variable access.

pkgs/npm/[email protected]/plugins/configProviders/awsCommon.js:94

    const profile = paramMap.get("aws_profile") || process.env.AWS_PROFILE || "default";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c89ccf1e71a680de — Environment-variable access.

pkgs/npm/[email protected]/plugins/configProviders/awsCommon.js:111

    profile: paramMap.get("aws_profile") || process.env.AWS_PROFILE || "default",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16c712161444d801 — Filesystem access.

pkgs/npm/[email protected]/plugins/configProviders/ociobject/index.js:32

const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16c712161444d801 — Filesystem access.

pkgs/npm/[email protected]/plugins/configProviders/ociobject/index.js:32

const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6759259fe17d40c1 — Filesystem access.

pkgs/npm/[email protected]/plugins/configProviders/ociobject/index.js:109

        const publicKey = fs.readFileSync(this.paramMap.get('oci_key_file'), { encoding: "utf8" });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e6aaa9f6237a43b — Filesystem access.

pkgs/npm/[email protected]/plugins/token/extensionOci/index.js:31

const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e6aaa9f6237a43b — Filesystem access.

pkgs/npm/[email protected]/plugins/token/extensionOci/index.js:31

const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77a455058e2d078a — Filesystem access.

pkgs/npm/[email protected]/plugins/token/extensionOci/index.js:159

  const privateKey = fs.readFileSync(privateKeyLocation, 'utf-8'); // ~/.oci/oci_api_key.pem

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pg

npm dependency

expand_more 7 low-confidence finding(s)

low env_fs dependency Excluded from app score #01d40e01c59cc512 — Environment-variable access.

pkgs/npm/[email protected]/lib/connection-parameters.js:15

    envVar = process.env['PG' + key.toUpperCase()]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d8cf48503b94a33 — Environment-variable access.

pkgs/npm/[email protected]/lib/connection-parameters.js:19

    envVar = process.env[envVar]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #74af366a895150d6 — Environment-variable access.

pkgs/npm/[email protected]/lib/connection-parameters.js:26

  switch (process.env.PGSSLMODE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f2f8df5e0b04bc1d — Environment-variable access.

pkgs/npm/[email protected]/lib/connection-parameters.js:127

      this.connect_timeout = process.env.PGCONNECT_TIMEOUT || 0

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #948e48b5ae476a29 — Environment-variable access.

pkgs/npm/[email protected]/lib/defaults.js:5

  user = process.platform === 'win32' ? process.env.USERNAME : process.env.USER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #948e48b5ae476a29 — Environment-variable access.

pkgs/npm/[email protected]/lib/defaults.js:5

  user = process.platform === 'win32' ? process.env.USERNAME : process.env.USER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #702ab4de726e1f44 — Environment-variable access.

pkgs/npm/[email protected]/lib/index.js:41

  forceNative = !!process.env.NODE_PG_FORCE_NATIVE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

prettier

npm dependency

expand_more 38 low-confidence finding(s)

low env_fs dependency Excluded from app score #d934b7f2887aa149 — Environment-variable access.

pkgs/npm/[email protected]/index.mjs:5546

    var debug = typeof process === "object" && process.env && process.env.NODE_DEBUG && /\bsemver\b/i.test(process.env.NODE_DEBUG) ? (...args) => console.error("SEMVER", ...args) : () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d934b7f2887aa149 — Environment-variable access.

pkgs/npm/[email protected]/index.mjs:5546

    var debug = typeof process === "object" && process.env && process.env.NODE_DEBUG && /\bsemver\b/i.test(process.env.NODE_DEBUG) ? (...args) => console.error("SEMVER", ...args) : () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1cd5eeb4b459543 — Environment-variable access.

pkgs/npm/[email protected]/index.mjs:6086

    if (process.env.npm_package_name === "pseudomap" && process.env.npm_lifecycle_script === "test")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1cd5eeb4b459543 — Environment-variable access.

pkgs/npm/[email protected]/index.mjs:6086

    if (process.env.npm_package_name === "pseudomap" && process.env.npm_lifecycle_script === "test")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #358b55a894dc206a — Environment-variable access.

pkgs/npm/[email protected]/index.mjs:6087

      process.env.TEST_PSEUDOMAP = "true";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #88cfdfdc8ee0dff6 — Environment-variable access.

pkgs/npm/[email protected]/index.mjs:6088

    if (typeof Map === "function" && !process.env.TEST_PSEUDOMAP) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4254ac8d7ca21b7 — Environment-variable access.

pkgs/npm/[email protected]/index.mjs:6430

    var hasSymbol = typeof Symbol === "function" && process.env._nodeLRUCacheForceNoSymbol !== "1";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a60c4c87520d7d26 — Filesystem access.

pkgs/npm/[email protected]/index.mjs:7565

            fs7.readFile(file, "utf8", function(err, data) {
              if (err) {
                reject(err);
                return;
              }
              resolve3(parseString2(data));
            });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6268c04ea283260 — Filesystem access.

pkgs/npm/[email protected]/index.mjs:7578

      return parseString2(fs7.readFileSync(file, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6bef07336eaa5337 — Filesystem access.

pkgs/npm/[email protected]/index.mjs:7914

              fs7.readFile(name, "utf8", function(err, data) {
                resolve3({
                  name,
                  contents: err ? "" : data
                });
              });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09dfebd1c12eb745 — Filesystem access.

pkgs/npm/[email protected]/index.mjs:7930

          file = fs7.readFileSync(filepath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc504d780078ca48 — Environment-variable access.

pkgs/npm/[email protected]/index.mjs:8710

      return typeof process === "object" && (process.env.FORCE_COLOR === "0" || process.env.FORCE_COLOR === "false") ? false : picocolors.isColorSupported;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc504d780078ca48 — Environment-variable access.

pkgs/npm/[email protected]/index.mjs:8710

      return typeof process === "object" && (process.env.FORCE_COLOR === "0" || process.env.FORCE_COLOR === "false") ? false : picocolors.isColorSupported;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d25ca1bac145474 — Environment-variable access.

pkgs/npm/[email protected]/index.mjs:9356

      typeof process !== "undefined" && (process.env && process.env.IGNORE_TEST_WIN32 || process.platform === "win32")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b926393f9aceb374 — Filesystem access.

pkgs/npm/[email protected]/index.mjs:11538

import fs from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b807300e084f1a2 — Filesystem access.

pkgs/npm/[email protected]/index.mjs:11735

import fs2 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #caf424071a92e821 — Filesystem access.

pkgs/npm/[email protected]/index.mjs:11765

  return fs2.writeFile(file, data);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ac9f894fa4d16e2 — Filesystem access.

pkgs/npm/[email protected]/index.mjs:11776

import fs3 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #736f18ad9a11fdc1 — Filesystem access.

pkgs/npm/[email protected]/index.mjs:15447

import fs4 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f2e7a5b9eed3217 — Filesystem access.

pkgs/npm/[email protected]/index.mjs:15453

    return await fs4.readFile(file, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #618eac2965bdc85f — Filesystem access.

pkgs/npm/[email protected]/index.mjs:15600

import { statSync, realpathSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b6b1607dae0ac9d — Filesystem access.

pkgs/npm/[email protected]/index.mjs:15610

import fs5 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b26f056e3354cb14 — Filesystem access.

pkgs/npm/[email protected]/index.mjs:15962

    string = fs5.readFileSync(path5.toNamespacedPath(jsonPath), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #00dfc5eaea3a512b — Filesystem access.

pkgs/npm/[email protected]/index.mjs:17220

import fs6 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05288edaf4041c9c — Environment-variable access.

pkgs/npm/[email protected]/index.mjs:20039

      if (process.env.PRETTIER_DEBUG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9f123b78236140f — Filesystem access.

pkgs/npm/[email protected]/internal/cli.mjs:748

import fs from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c4d12138712f355 — Filesystem access.

pkgs/npm/[email protected]/internal/cli.mjs:1576

import fs8 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24ce91917fd33e82 — Filesystem access.

pkgs/npm/[email protected]/internal/cli.mjs:1726

import fs4 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4599bcbb3e619a14 — Filesystem access.

pkgs/npm/[email protected]/internal/cli.mjs:1734

import fs3 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a1d1667c3a24d77 — Filesystem access.

pkgs/npm/[email protected]/internal/cli.mjs:1746

import fs2, { promises as fsPromises } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a38574eb5b00d399 — Filesystem access.

pkgs/npm/[email protected]/internal/cli.mjs:1890

    const data = await fs4.readFile(cacheFile, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1251d35ea961a125 — Filesystem access.

pkgs/npm/[email protected]/internal/cli.mjs:1908

import fs7 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ededdeee0014796c — Filesystem access.

pkgs/npm/[email protected]/internal/cli.mjs:1912

import fs6 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1254c3c9db610d30 — Filesystem access.

pkgs/npm/[email protected]/internal/cli.mjs:1917

import fs5 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6b8a6ab9446784c — Filesystem access.

pkgs/npm/[email protected]/internal/cli.mjs:3170

      const data = fs5.readFileSync(pathToFile, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b04148f0ff4a7b99 — Filesystem access.

pkgs/npm/[email protected]/internal/cli.mjs:3310

        fs5.writeFileSync(filePath, data);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8016c9b5f50bf163 — Filesystem access.

pkgs/npm/[email protected]/internal/cli.mjs:3584

        const buffer = fs6.readFileSync(filePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0bf36edd48761a59 — Filesystem access.

pkgs/npm/[email protected]/internal/cli.mjs:4187

      input = await fs8.readFile(filename, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

prettier-plugin-organize-imports

npm dependency

expand_more 1 low-confidence finding(s)

low env_fs dependency Excluded from app score #7c5fbed09c04b5bb — Environment-variable access.

pkgs/npm/[email protected]/index.js:37

		if (process.env.DEBUG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

semver

npm dependency

expand_more 2 low-confidence finding(s)

low env_fs dependency Excluded from app score #469addab94a58c53 — Environment-variable access.

pkgs/npm/[email protected]/internal/debug.js:6

  process.env.NODE_DEBUG &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd08151112045645 — Environment-variable access.

pkgs/npm/[email protected]/internal/debug.js:7

  /\bsemver\b/i.test(process.env.NODE_DEBUG)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

source-map-support

npm dependency

expand_more 5 low-confidence finding(s)

low env_fs dependency Excluded from app score #70f9d9092466608a — Filesystem access.

pkgs/npm/[email protected]/browser-source-map-support.js:108

(x.name||"Error")+": "+(x.message||""),E={nextPosition:null,curPosition:null},H=[],M=B.length-1;0<=M;M--)H.push("\n    at "+r(B[M],E)),E.nextPosition=E.curPosition;E.curPosition=E.nextPosition=null;return F+H.reverse().join("")}function u(x){var B=/\n    at [^(]+ \((.*):(\d+):(\d+)\)/.exec(x.stack);if(B){x=B[1];var F=+B[2];B=+B[3];var E=b[x];if(!E&&v&&v.existsSync(x))try{E=v.readFileSync(x,"utf8")}catch(H){E=""}if(E&&(E=E.split(/(?:\r\n|\r|\n)/)[F-1]))return x+":"+F+"\n"+E+"\n"+Array(B).join(" ")+

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6176cde463327b11 — Filesystem access.

pkgs/npm/[email protected]/browser-source-map-support.js:110

n=C("path");try{var v=C("fs");v.existsSync&&v.readFileSync||(v=null)}catch(x){}var z=C("buffer-from"),G=!1,D=!1,L=!1,a="auto",b={},h={},w=/^data:application\/json[^,]+base64,/,y=[],I=[],K=t(y);y.push(function(x){x=x.trim();/^file:/.test(x)&&(x=x.replace(/file:\/\/\/(\w:)?/,function(E,H){return H?"":"/"}));if(x in b)return b[x];var B="";try{if(v)v.existsSync(x)&&(B=v.readFileSync(x,"utf8"));else{var F=new XMLHttpRequest;F.open("GET",x,!1);F.send(null);4===F.readyState&&200===F.status&&(B=F.responseText)}}catch(E){}return b[x]=

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6954f9fcce130a2f — Filesystem access.

pkgs/npm/[email protected]/source-map-support.js:6

  fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96bac5ba707ff0f4 — Filesystem access.

pkgs/npm/[email protected]/source-map-support.js:123

      contents = fs.readFileSync(path, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76755048df7f1823 — Filesystem access.

pkgs/npm/[email protected]/source-map-support.js:467

        contents = fs.readFileSync(source, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

sqlite3

npm dependency

expand_more 2 low-confidence finding(s)

low env_fs dependency Excluded from app score #31dd794ab7d7f09e — Filesystem access.

pkgs/npm/[email protected]/deps/extract.js:2

const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31dd794ab7d7f09e — Filesystem access.

pkgs/npm/[email protected]/deps/extract.js:2

const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

ts-node

npm dependency

expand_more 9 low-confidence finding(s)

low env_fs dependency Excluded from app score #ccaf48f4ea5509e8 — Filesystem access.

pkgs/npm/[email protected]/dist-raw/node-internal-modules-cjs-loader.js:27

const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ccaf48f4ea5509e8 — Filesystem access.

pkgs/npm/[email protected]/dist-raw/node-internal-modules-cjs-loader.js:27

const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98b6e046e044b505 — Filesystem access.

pkgs/npm/[email protected]/dist-raw/node-internal-modules-esm-resolve.js:39

const {
  realpathSync,
  statSync,
  Stats,
} = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #adec7346355015b6 — Filesystem access.

pkgs/npm/[email protected]/dist-raw/node-internal-modules-esm-resolve.js:43

} = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1431f71276965439 — Filesystem access.

pkgs/npm/[email protected]/dist-raw/node-internalBinding-fs.js:1

const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1431f71276965439 — Filesystem access.

pkgs/npm/[email protected]/dist-raw/node-internalBinding-fs.js:1

const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5fb922ba7f423f13 — Filesystem access.

pkgs/npm/[email protected]/dist-raw/node-internalBinding-fs.js:13

    string = fs.readFileSync(path, 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de781a3b12898739 — Environment-variable access.

pkgs/npm/[email protected]/dist-raw/node-options.js:48

  const envArgv = ParseNodeOptionsEnvVar(process.env.NODE_OPTIONS || '', errors);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09e7b9ba9305774c — Environment-variable access.

pkgs/npm/[email protected]/dist-raw/node-options.js:99

  if(process.env.NODE_PENDING_DEPRECATION === '1') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

typescript

npm dependency

expand_more 20 low-confidence finding(s)

low env_fs dependency Excluded from app score #392ad147f4c83211 — Filesystem access.

pkgs/npm/[email protected]/lib/_tsserver.js:51

var import_fs = __toESM(require("fs"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5a40addd7d1735e — Environment-variable access.

pkgs/npm/[email protected]/lib/_tsserver.js:309

    const envLogOptions = parseLoggingEnvironmentString(process.env.TSS_LOG);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4eccc61f439598a3 — Environment-variable access.

pkgs/npm/[email protected]/lib/_tsserver.js:535

  const traceDir = commandLineTraceDir ? (0, typescript_exports.stripQuotes)(commandLineTraceDir) : process.env.TSS_TRACE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5cfe407e663a980 — Environment-variable access.

pkgs/npm/[email protected]/lib/_tsserver.js:548

        const basePath = process.env.LOCALAPPDATA || process.env.APPDATA || import_os.default.homedir && import_os.default.homedir() || process.env.USERPROFILE || process.env.HOMEDRIVE && process.env.HOMEPATH && (0, typescript_exports.normalizeSlashes)(process.env.HOMEDRIVE + process.env.HOMEPATH) || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5cfe407e663a980 — Environment-variable access.

pkgs/npm/[email protected]/lib/_tsserver.js:548

        const basePath = process.env.LOCALAPPDATA || process.env.APPDATA || import_os.default.homedir && import_os.default.homedir() || process.env.USERPROFILE || process.env.HOMEDRIVE && process.env.HOMEPATH && (0, typescript_exports.normalizeSlashes)(process.env.HOMEDRIVE + process.env.HOMEPATH) || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5cfe407e663a980 — Environment-variable access.

pkgs/npm/[email protected]/lib/_tsserver.js:548

        const basePath = process.env.LOCALAPPDATA || process.env.APPDATA || import_os.default.homedir && import_os.default.homedir() || process.env.USERPROFILE || process.env.HOMEDRIVE && process.env.HOMEPATH && (0, typescript_exports.normalizeSlashes)(process.env.HOMEDRIVE + process.env.HOMEPATH) || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5cfe407e663a980 — Environment-variable access.

pkgs/npm/[email protected]/lib/_tsserver.js:548

        const basePath = process.env.LOCALAPPDATA || process.env.APPDATA || import_os.default.homedir && import_os.default.homedir() || process.env.USERPROFILE || process.env.HOMEDRIVE && process.env.HOMEPATH && (0, typescript_exports.normalizeSlashes)(process.env.HOMEDRIVE + process.env.HOMEPATH) || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5cfe407e663a980 — Environment-variable access.

pkgs/npm/[email protected]/lib/_tsserver.js:548

        const basePath = process.env.LOCALAPPDATA || process.env.APPDATA || import_os.default.homedir && import_os.default.homedir() || process.env.USERPROFILE || process.env.HOMEDRIVE && process.env.HOMEPATH && (0, typescript_exports.normalizeSlashes)(process.env.HOMEDRIVE + process.env.HOMEPATH) || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5cfe407e663a980 — Environment-variable access.

pkgs/npm/[email protected]/lib/_tsserver.js:548

        const basePath = process.env.LOCALAPPDATA || process.env.APPDATA || import_os.default.homedir && import_os.default.homedir() || process.env.USERPROFILE || process.env.HOMEDRIVE && process.env.HOMEPATH && (0, typescript_exports.normalizeSlashes)(process.env.HOMEDRIVE + process.env.HOMEPATH) || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5cfe407e663a980 — Environment-variable access.

pkgs/npm/[email protected]/lib/_tsserver.js:548

        const basePath = process.env.LOCALAPPDATA || process.env.APPDATA || import_os.default.homedir && import_os.default.homedir() || process.env.USERPROFILE || process.env.HOMEDRIVE && process.env.HOMEPATH && (0, typescript_exports.normalizeSlashes)(process.env.HOMEDRIVE + process.env.HOMEPATH) || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #231f6543599fe9e8 — Environment-variable access.

pkgs/npm/[email protected]/lib/_tsserver.js:565

    if (process.env.XDG_CACHE_HOME) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4bea87de3e174ee7 — Environment-variable access.

pkgs/npm/[email protected]/lib/_tsserver.js:566

      return process.env.XDG_CACHE_HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #923f9245893d988e — Environment-variable access.

pkgs/npm/[email protected]/lib/_tsserver.js:569

    const homePath = import_os.default.homedir && import_os.default.homedir() || process.env.HOME || (process.env.LOGNAME || process.env.USER) && `/${usersDir}/${process.env.LOGNAME || process.env.USER}` || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #923f9245893d988e — Environment-variable access.

pkgs/npm/[email protected]/lib/_tsserver.js:569

    const homePath = import_os.default.homedir && import_os.default.homedir() || process.env.HOME || (process.env.LOGNAME || process.env.USER) && `/${usersDir}/${process.env.LOGNAME || process.env.USER}` || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #923f9245893d988e — Environment-variable access.

pkgs/npm/[email protected]/lib/_tsserver.js:569

    const homePath = import_os.default.homedir && import_os.default.homedir() || process.env.HOME || (process.env.LOGNAME || process.env.USER) && `/${usersDir}/${process.env.LOGNAME || process.env.USER}` || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #923f9245893d988e — Environment-variable access.

pkgs/npm/[email protected]/lib/_tsserver.js:569

    const homePath = import_os.default.homedir && import_os.default.homedir() || process.env.HOME || (process.env.LOGNAME || process.env.USER) && `/${usersDir}/${process.env.LOGNAME || process.env.USER}` || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #923f9245893d988e — Environment-variable access.

pkgs/npm/[email protected]/lib/_tsserver.js:569

    const homePath = import_os.default.homedir && import_os.default.homedir() || process.env.HOME || (process.env.LOGNAME || process.env.USER) && `/${usersDir}/${process.env.LOGNAME || process.env.USER}` || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a651e5ce6a0fb9a3 — Filesystem access.

pkgs/npm/[email protected]/lib/_typingsInstaller.js:44

var fs = __toESM(require("fs"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3704f3225c327d45 — Filesystem access.

pkgs/npm/[email protected]/lib/_typingsInstaller.js:88

    const content = JSON.parse(host.readFile(typesRegistryFilePath));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8b16e0240a04962 — Filesystem access.

pkgs/npm/[email protected]/lib/watchGuard.js:42

var fs = __toESM(require("fs"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

umzug

npm dependency

expand_more 13 low-confidence finding(s)

low env_fs dependency Excluded from app score #4856bc9d5ed39ff3 — Filesystem access.

pkgs/npm/[email protected]/lib/file-locker.d.ts:2

import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c419d39cfafceef — Filesystem access.

pkgs/npm/[email protected]/lib/file-locker.js:27

const fs = __importStar(require("fs"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #338e9d46acaac96b — Filesystem access.

pkgs/npm/[email protected]/lib/file-locker.js:71

        return this.fs.promises.readFile(filepath).then(buf => buf.toString(), () => undefined);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4815ed138c127bcd — Filesystem access.

pkgs/npm/[email protected]/lib/file-locker.js:75

        await this.fs.promises.writeFile(filepath, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82a255a599657d60 — Filesystem access.

pkgs/npm/[email protected]/lib/file-locker.js:81

        const existing = await this.readFile(this.lockFile);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d72a2dd63e97e8a — Filesystem access.

pkgs/npm/[email protected]/lib/file-locker.js:85

        await this.writeFile(this.lockFile, 'lock');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9719860ebeb1c288 — Filesystem access.

pkgs/npm/[email protected]/lib/file-locker.js:88

        const existing = await this.readFile(this.lockFile);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8f6c5b05a9138fc — Filesystem access.

pkgs/npm/[email protected]/lib/storage/json.js:27

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8f6c5b05a9138fc — Filesystem access.

pkgs/npm/[email protected]/lib/storage/json.js:27

const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #909c610b84fbb6e3 — Filesystem access.

pkgs/npm/[email protected]/lib/storage/json.js:32

        return fs_1.promises.readFile(filepath).then(c => c.toString(), () => null);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba0db2b7b7bdf682 — Filesystem access.

pkgs/npm/[email protected]/lib/storage/json.js:37

        await fs_1.promises.writeFile(filepath, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #00646078138abaee — Filesystem access.

pkgs/npm/[email protected]/lib/umzug.js:32

const fs = __importStar(require("fs"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e6ae75fa042d5f3 — Filesystem access.

pkgs/npm/[email protected]/lib/umzug.js:277

                fs.writeFileSync(pair[0], pair[1]);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

Skipped dependencies

Production

snowflake-sdk prod — dist-only: no readable source
@inquirer/checkbox prod — dist-only: no readable source
@inquirer/confirm prod — dist-only: no readable source
@inquirer/input prod — dist-only: no readable source
@inquirer/select prod — dist-only: no readable source
cosmiconfig prod — dist-only: no readable source

Development

cross-env dev — dist-only: no readable source
lerna dev — dist-only: no readable source
typedoc-plugin-mdn-links dev — dist-only: no readable source
expect-type dev — dist-only: no readable source
rimraf dev — dist-only: no readable source

verified_user No application data leak found

App Privacy Score

bar_chart Score Breakdown

list Scan Summary

swap_horiz Application data flows

</> First-Party Code

first-party (npm)

first-party (npm): packages/cli

first-party (npm): packages/core

first-party (npm): packages/utils

</> Dependencies

ibm_db

esbuild

nx

@oclif/core

@oclif/test

@rushstack/eslint-patch

@sequelize/core

@sequelize/utils

bnf-parser

chai

dayjs

debug

eslint

eslint-plugin-jsdoc

fast-glob

fs-jetpack

husky

lcov-result-merger

lint-staged

mariadb

markdownlint-cli

mocha

mysql2

node-gyp

node-hook

nyc

oclif

oracledb

pg

prettier

prettier-plugin-organize-imports

semver

source-map-support

sqlite3

ts-node

typescript

umzug

Skipped dependencies