Close Open Privacy Scan

bolt Snapshot: commit 8bd4056
science engine v3
schedule 2026-07-10T02:15:48.656529+00:00

verified_user Application data leak confirmed

High-confidence data exfiltration identified in application code.

Incomplete scan — only 6/200 dependencies were analyzed. Treat the score as provisional.

App Privacy Score

0 /100
High privacy risk — application leak confirmed

High risk · 5928 finding(s)

Dependency score: 97 (Low risk)

bar_chart Score Breakdown

pii_flow −60
telemetry −25
egress −15
env_fs −3

list Scan Summary

193 high 1079 medium 4656 low
First-party packages: 46
Dependency packages: 5
Ecosystem: npm

swap_horiz Confirmed data exfiltration in application code

External domains: ${host}:${hostPort}allowed.exampleapi.${region}.cisco.comapi.airtop.aiapi.example.comapi.github.comapi.openai.comapi.telegram.orgattacker.example.comenterprise.n8n.ioenv-proxy:3128env.example.comexample.comfrom-envfrom-env.example.comgithub.comhttp-proxy-lowercase.example.com:8080http-proxy.example.com:8080http-proxy:9090https-proxy-lowercase.example.com:8080https-proxy.example.com:8080https-proxy:8080issuer.example.commy-mcp-endpoint.ain8n.example.comn8n.iooauth2.googleapis.comold.example.comprovider.comproxy:8080proxy:9090slack.comsts.${region}.${getAwsDomain(regionvisibility.${region}.cisco.com

high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/.claude/plugins/n8n/scripts/track-skill-usage.mjs:29 repo/.claude/plugins/n8n/scripts/track-skill-usage.mjs:45
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/.github/scripts/cla/check-signatures.mjs:90 repo/.github/scripts/cla/check-signatures.mjs:92
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/.github/scripts/claude-task/resume-callback.mjs:18 repo/.github/scripts/claude-task/resume-callback.mjs:45
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/.github/scripts/post-qa-metrics-comment.mjs:42 repo/.github/scripts/post-qa-metrics-comment.mjs:65
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/.github/scripts/post-qa-metrics-comment.mjs:48 repo/.github/scripts/post-qa-metrics-comment.mjs:117
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/.github/scripts/post-qa-metrics-comment.mjs:42 repo/.github/scripts/post-qa-metrics-comment.mjs:127
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/.github/scripts/post-qa-metrics-comment.mjs:42 repo/.github/scripts/post-qa-metrics-comment.mjs:133
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/.github/scripts/send-metrics.mjs:65 repo/.github/scripts/send-metrics.mjs:87
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/@n8n/cli/src/client.ts:48 repo/packages/@n8n/cli/src/client.ts:89
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/@n8n/computer-use/src/gateway-client.ts:308 repo/packages/@n8n/computer-use/src/gateway-client.ts:302
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/@n8n/instance-ai/evaluations/checklist/verifier.ts:222 repo/packages/@n8n/instance-ai/evaluations/checklist/verifier.ts:219
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/@n8n/instance-ai/evaluations/langtracer/client.ts:73 repo/packages/@n8n/instance-ai/evaluations/langtracer/client.ts:72
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/@n8n/instance-ai/evaluations/langtracer/client.ts:92 repo/packages/@n8n/instance-ai/evaluations/langtracer/client.ts:89
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/cli/src/license/license.service.ts:78 repo/packages/cli/src/license/license.service.ts:71
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/cli/src/modules/agents/integrations/integration-action-executor.ts:172 repo/packages/cli/src/modules/agents/integrations/integration-action-executor.ts:174
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/cli/src/modules/external-secrets.ee/providers/infisical.ts:283 repo/packages/cli/src/modules/external-secrets.ee/providers/infisical.ts:277
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/cli/src/modules/instance-ai/eval/api-docs.ts:28 repo/packages/cli/src/modules/instance-ai/eval/api-docs.ts:33
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/cli/src/modules/instance-ai/eval/api-docs.ts:76 repo/packages/cli/src/modules/instance-ai/eval/api-docs.ts:81
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/cli/src/modules/log-streaming.ee/destinations/message-event-bus-destination-webhook.ee.ts:380 repo/packages/cli/src/modules/log-streaming.ee/destinations/message-event-bus-destination-webhook.ee.ts:401
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/cli/src/oauth/oauth.service.ts:1067 repo/packages/cli/src/oauth/oauth.service.ts:1096
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/core/src/binary-data/azure-blob.manager.ts:64 repo/packages/core/src/binary-data/azure-blob.manager.ts:66
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/core/src/binary-data/object-store.manager.ts:78 repo/packages/core/src/binary-data/object-store.manager.ts:80
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/frontend/editor-ui/scripts/fetch-node-popularity.mjs:8 repo/packages/frontend/editor-ui/scripts/fetch-node-popularity.mjs:25
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/credentials/CiscoSecureEndpointApi.credentials.ts:92 repo/packages/nodes-base/credentials/CiscoSecureEndpointApi.credentials.ts:77
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/credentials/CiscoSecureEndpointApi.credentials.ts:92 repo/packages/nodes-base/credentials/CiscoSecureEndpointApi.credentials.ts:95
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/credentials/GoogleApi.credentials.ts:334 repo/packages/nodes-base/credentials/GoogleApi.credentials.ts:366
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/credentials/MicrosoftEntraServicePrincipalApi.credentials.ts:148 repo/packages/nodes-base/credentials/MicrosoftEntraServicePrincipalApi.credentials.ts:140
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/credentials/SalesforceJwtApi.credentials.ts:105 repo/packages/nodes-base/credentials/SalesforceJwtApi.credentials.ts:121
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/credentials/common/aws/system-credentials-utils.ts:264 repo/packages/nodes-base/credentials/common/aws/system-credentials-utils.ts:283
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/credentials/common/aws/system-credentials-utils.ts:328 repo/packages/nodes-base/credentials/common/aws/system-credentials-utils.ts:349
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/AcuityScheduling/GenericFunctions.ts:41 repo/packages/nodes-base/nodes/AcuityScheduling/GenericFunctions.ts:45
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Affinity/GenericFunctions.ts:24 repo/packages/nodes-base/nodes/Affinity/GenericFunctions.ts:47
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/AgileCrm/GenericFunctions.ts:31 repo/packages/nodes-base/nodes/AgileCrm/GenericFunctions.ts:50
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/AgileCrm/GenericFunctions.ts:112 repo/packages/nodes-base/nodes/AgileCrm/GenericFunctions.ts:128
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/AgileCrm/GenericFunctions.ts:112 repo/packages/nodes-base/nodes/AgileCrm/GenericFunctions.ts:140
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/AgileCrm/GenericFunctions.ts:112 repo/packages/nodes-base/nodes/AgileCrm/GenericFunctions.ts:149
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/AgileCrm/GenericFunctions.ts:112 repo/packages/nodes-base/nodes/AgileCrm/GenericFunctions.ts:160
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Autopilot/GenericFunctions.ts:29 repo/packages/nodes-base/nodes/Autopilot/GenericFunctions.ts:45
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/BambooHr/v1/transport/index.ts:25 repo/packages/nodes-base/nodes/BambooHr/v1/transport/index.ts:56
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Bannerbear/GenericFunctions.ts:29 repo/packages/nodes-base/nodes/Bannerbear/GenericFunctions.ts:45
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Bitbucket/BitbucketTrigger.node.ts:208 repo/packages/nodes-base/nodes/Bitbucket/BitbucketTrigger.node.ts:217
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Bitbucket/GenericFunctions.ts:48 repo/packages/nodes-base/nodes/Bitbucket/GenericFunctions.ts:61
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Chargebee/Chargebee.node.ts:591 repo/packages/nodes-base/nodes/Chargebee/Chargebee.node.ts:600
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/CircleCi/GenericFunctions.ts:25 repo/packages/nodes-base/nodes/CircleCi/GenericFunctions.ts:39
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Clearbit/GenericFunctions.ts:25 repo/packages/nodes-base/nodes/Clearbit/GenericFunctions.ts:37
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Demio/GenericFunctions.ts:26 repo/packages/nodes-base/nodes/Demio/GenericFunctions.ts:38
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Dhl/GenericFunctions.ts:28 repo/packages/nodes-base/nodes/Dhl/GenericFunctions.ts:42
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Discord/v1/DiscordV1.node.ts:172 repo/packages/nodes-base/nodes/Discord/v1/DiscordV1.node.ts:253
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Egoi/GenericFunctions.ts:36 repo/packages/nodes-base/nodes/Egoi/GenericFunctions.ts:50
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Emelia/GenericFunctions.ts:126 repo/packages/nodes-base/nodes/Emelia/GenericFunctions.ts:135
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/FileMaker/GenericFunctions.ts:37 repo/packages/nodes-base/nodes/FileMaker/GenericFunctions.ts:64
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Freshdesk/GenericFunctions.ts:23 repo/packages/nodes-base/nodes/Freshdesk/GenericFunctions.ts:46
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Google/Chat/GoogleChat.node.ts:187 repo/packages/nodes-base/nodes/Google/Chat/GoogleChat.node.ts:223
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Google/GenericFunctions.ts:90 repo/packages/nodes-base/nodes/Google/GenericFunctions.ts:126
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/GraphQL/GraphQL.node.ts:432 repo/packages/nodes-base/nodes/GraphQL/GraphQL.node.ts:535
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/HttpRequest/V1/HttpRequestV1.node.ts:958 repo/packages/nodes-base/nodes/HttpRequest/V1/HttpRequestV1.node.ts:1014
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/HttpRequest/V2/HttpRequestV2.node.ts:1019 repo/packages/nodes-base/nodes/HttpRequest/V2/HttpRequestV2.node.ts:1078
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/HttpRequest/V3/HttpRequestV3.node.ts:556 repo/packages/nodes-base/nodes/HttpRequest/V3/HttpRequestV3.node.ts:766
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Hubspot/V1/GenericFunctions.ts:45 repo/packages/nodes-base/nodes/Hubspot/V1/GenericFunctions.ts:46
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Hubspot/V1/GenericFunctions.ts:55 repo/packages/nodes-base/nodes/Hubspot/V1/GenericFunctions.ts:56
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Hubspot/V2/GenericFunctions.ts:47 repo/packages/nodes-base/nodes/Hubspot/V2/GenericFunctions.ts:48
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/HumanticAI/GenericFunctions.ts:35 repo/packages/nodes-base/nodes/HumanticAI/GenericFunctions.ts:41
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Hunter/GenericFunctions.ts:23 repo/packages/nodes-base/nodes/Hunter/GenericFunctions.ts:36
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Jenkins/GenericFunctions.ts:32 repo/packages/nodes-base/nodes/Jenkins/GenericFunctions.ts:42
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/JotForm/GenericFunctions.ts:26 repo/packages/nodes-base/nodes/JotForm/GenericFunctions.ts:41
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Linear/GenericFunctions.ts:109 repo/packages/nodes-base/nodes/Linear/GenericFunctions.ts:122
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/LingvaNex/GenericFunctions.ts:26 repo/packages/nodes-base/nodes/LingvaNex/GenericFunctions.ts:37
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Mandrill/GenericFunctions.ts:24 repo/packages/nodes-base/nodes/Mandrill/GenericFunctions.ts:37
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Marketstack/GenericFunctions.ts:24 repo/packages/nodes-base/nodes/Marketstack/GenericFunctions.ts:35
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Odoo/v1/OdooV1.node.ts:248 repo/packages/nodes-base/nodes/Odoo/v1/OdooV1.node.ts:266
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Onfleet/GenericFunctions.ts:33 repo/packages/nodes-base/nodes/Onfleet/GenericFunctions.ts:43
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Onfleet/Onfleet.node.ts:137 repo/packages/nodes-base/nodes/Onfleet/Onfleet.node.ts:146
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/PayPal/GenericFunctions.ts:25 repo/packages/nodes-base/nodes/PayPal/GenericFunctions.ts:42
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/PayPal/PayPal.node.ts:86 repo/packages/nodes-base/nodes/PayPal/PayPal.node.ts:117
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/PostHog/GenericFunctions.ts:24 repo/packages/nodes-base/nodes/PostHog/GenericFunctions.ts:41
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/QuickBase/GenericFunctions.ts:36 repo/packages/nodes-base/nodes/QuickBase/GenericFunctions.ts:58
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/SeaTable/v1/GenericFunctions.ts:56 repo/packages/nodes-base/nodes/SeaTable/v1/GenericFunctions.ts:62
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/SecurityScorecard/GenericFunctions.ts:51 repo/packages/nodes-base/nodes/SecurityScorecard/GenericFunctions.ts:74
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/SentryIo/GenericFunctions.ts:65 repo/packages/nodes-base/nodes/SentryIo/GenericFunctions.ts:68
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Stackby/GenericFunction.ts:30 repo/packages/nodes-base/nodes/Stackby/GenericFunction.ts:49
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Strapi/GenericFunctions.ts:79 repo/packages/nodes-base/nodes/Strapi/GenericFunctions.ts:85
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Strapi/Strapi.node.ts:111 repo/packages/nodes-base/nodes/Strapi/Strapi.node.ts:119
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Tapfiliate/GenericFunctions.ts:26 repo/packages/nodes-base/nodes/Tapfiliate/GenericFunctions.ts:43
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/UnleashedSoftware/GenericFunctions.ts:43 repo/packages/nodes-base/nodes/UnleashedSoftware/GenericFunctions.ts:53
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Uplead/GenericFunctions.ts:24 repo/packages/nodes-base/nodes/Uplead/GenericFunctions.ts:36
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/UptimeRobot/GenericFunctions.ts:25 repo/packages/nodes-base/nodes/UptimeRobot/GenericFunctions.ts:33
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Zammad/GenericFunctions.ts:44 repo/packages/nodes-base/nodes/Zammad/GenericFunctions.ts:73
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Zammad/Zammad.node.ts:293 repo/packages/nodes-base/nodes/Zammad/Zammad.node.ts:299
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Zulip/GenericFunctions.ts:33 repo/packages/nodes-base/nodes/Zulip/GenericFunctions.ts:53
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/testing/containers/services/keycloak.ts:509 repo/packages/testing/containers/services/keycloak.ts:520
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/testing/containers/services/ngrok.ts:48 repo/packages/testing/containers/services/ngrok.ts:85
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/testing/playwright/reporters/metrics-reporter.ts:40 repo/packages/testing/playwright/reporters/metrics-reporter.ts:75
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/testing/playwright/scripts/coverage-analysis.mjs:87 repo/packages/testing/playwright/scripts/coverage-analysis.mjs:146
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/testing/playwright/scripts/import-victoria-data.mjs:49 repo/packages/testing/playwright/scripts/import-victoria-data.mjs:46
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/testing/playwright/scripts/import-victoria-data.mjs:59 repo/packages/testing/playwright/scripts/import-victoria-data.mjs:56
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/testing/playwright/services/api-helper.ts:662 repo/packages/testing/playwright/services/api-helper.ts:660
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/testing/playwright/services/mcp-oauth-api-helper.ts:225 repo/packages/testing/playwright/services/mcp-oauth-api-helper.ts:223
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/testing/playwright/services/public-api-helper.ts:164 repo/packages/testing/playwright/services/public-api-helper.ts:182
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/testing/playwright/services/user-api-helper.ts:31 repo/packages/testing/playwright/services/user-api-helper.ts:39
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/testing/playwright/services/user-api-helper.ts:31 repo/packages/testing/playwright/services/user-api-helper.ts:55
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/scripts/instance-seeding/seedInstance.mjs:10 repo/scripts/instance-seeding/seedInstance.mjs:228
high first-party (npm): packages/cli User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/cli/src/license/license.service.ts:78 repo/packages/cli/src/license/license.service.ts:71
high first-party (npm): packages/cli User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/cli/src/modules/agents/integrations/integration-action-executor.ts:172 repo/packages/cli/src/modules/agents/integrations/integration-action-executor.ts:174
high first-party (npm): packages/cli User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/cli/src/modules/external-secrets.ee/providers/infisical.ts:283 repo/packages/cli/src/modules/external-secrets.ee/providers/infisical.ts:277
high first-party (npm): packages/cli User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/cli/src/modules/instance-ai/eval/api-docs.ts:28 repo/packages/cli/src/modules/instance-ai/eval/api-docs.ts:33
high first-party (npm): packages/cli User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/cli/src/modules/instance-ai/eval/api-docs.ts:76 repo/packages/cli/src/modules/instance-ai/eval/api-docs.ts:81
high first-party (npm): packages/cli User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/cli/src/modules/log-streaming.ee/destinations/message-event-bus-destination-webhook.ee.ts:380 repo/packages/cli/src/modules/log-streaming.ee/destinations/message-event-bus-destination-webhook.ee.ts:401
high first-party (npm): packages/cli User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/cli/src/oauth/oauth.service.ts:1067 repo/packages/cli/src/oauth/oauth.service.ts:1096
high first-party (npm): packages/core User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/core/src/binary-data/azure-blob.manager.ts:64 repo/packages/core/src/binary-data/azure-blob.manager.ts:66
high first-party (npm): packages/core User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/core/src/binary-data/object-store.manager.ts:78 repo/packages/core/src/binary-data/object-store.manager.ts:80
high first-party (npm): packages/@n8n/cli User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/@n8n/cli/src/client.ts:48 repo/packages/@n8n/cli/src/client.ts:89
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/credentials/CiscoSecureEndpointApi.credentials.ts:92 repo/packages/nodes-base/credentials/CiscoSecureEndpointApi.credentials.ts:77
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/credentials/CiscoSecureEndpointApi.credentials.ts:92 repo/packages/nodes-base/credentials/CiscoSecureEndpointApi.credentials.ts:95
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/credentials/GoogleApi.credentials.ts:334 repo/packages/nodes-base/credentials/GoogleApi.credentials.ts:366
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/credentials/MicrosoftEntraServicePrincipalApi.credentials.ts:148 repo/packages/nodes-base/credentials/MicrosoftEntraServicePrincipalApi.credentials.ts:140
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/credentials/SalesforceJwtApi.credentials.ts:105 repo/packages/nodes-base/credentials/SalesforceJwtApi.credentials.ts:121
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/credentials/common/aws/system-credentials-utils.ts:264 repo/packages/nodes-base/credentials/common/aws/system-credentials-utils.ts:283
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/credentials/common/aws/system-credentials-utils.ts:328 repo/packages/nodes-base/credentials/common/aws/system-credentials-utils.ts:349
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/AcuityScheduling/GenericFunctions.ts:41 repo/packages/nodes-base/nodes/AcuityScheduling/GenericFunctions.ts:45
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Affinity/GenericFunctions.ts:24 repo/packages/nodes-base/nodes/Affinity/GenericFunctions.ts:47
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/AgileCrm/GenericFunctions.ts:31 repo/packages/nodes-base/nodes/AgileCrm/GenericFunctions.ts:50
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/AgileCrm/GenericFunctions.ts:112 repo/packages/nodes-base/nodes/AgileCrm/GenericFunctions.ts:128
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/AgileCrm/GenericFunctions.ts:112 repo/packages/nodes-base/nodes/AgileCrm/GenericFunctions.ts:140
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/AgileCrm/GenericFunctions.ts:112 repo/packages/nodes-base/nodes/AgileCrm/GenericFunctions.ts:149
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/AgileCrm/GenericFunctions.ts:112 repo/packages/nodes-base/nodes/AgileCrm/GenericFunctions.ts:160
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Autopilot/GenericFunctions.ts:29 repo/packages/nodes-base/nodes/Autopilot/GenericFunctions.ts:45
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/BambooHr/v1/transport/index.ts:25 repo/packages/nodes-base/nodes/BambooHr/v1/transport/index.ts:56
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Bannerbear/GenericFunctions.ts:29 repo/packages/nodes-base/nodes/Bannerbear/GenericFunctions.ts:45
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Bitbucket/BitbucketTrigger.node.ts:208 repo/packages/nodes-base/nodes/Bitbucket/BitbucketTrigger.node.ts:217
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Bitbucket/GenericFunctions.ts:48 repo/packages/nodes-base/nodes/Bitbucket/GenericFunctions.ts:61
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Chargebee/Chargebee.node.ts:591 repo/packages/nodes-base/nodes/Chargebee/Chargebee.node.ts:600
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/CircleCi/GenericFunctions.ts:25 repo/packages/nodes-base/nodes/CircleCi/GenericFunctions.ts:39
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Clearbit/GenericFunctions.ts:25 repo/packages/nodes-base/nodes/Clearbit/GenericFunctions.ts:37
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Demio/GenericFunctions.ts:26 repo/packages/nodes-base/nodes/Demio/GenericFunctions.ts:38
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Dhl/GenericFunctions.ts:28 repo/packages/nodes-base/nodes/Dhl/GenericFunctions.ts:42
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Discord/v1/DiscordV1.node.ts:172 repo/packages/nodes-base/nodes/Discord/v1/DiscordV1.node.ts:253
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Egoi/GenericFunctions.ts:36 repo/packages/nodes-base/nodes/Egoi/GenericFunctions.ts:50
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Emelia/GenericFunctions.ts:126 repo/packages/nodes-base/nodes/Emelia/GenericFunctions.ts:135
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/FileMaker/GenericFunctions.ts:37 repo/packages/nodes-base/nodes/FileMaker/GenericFunctions.ts:64
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Freshdesk/GenericFunctions.ts:23 repo/packages/nodes-base/nodes/Freshdesk/GenericFunctions.ts:46
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Google/Chat/GoogleChat.node.ts:187 repo/packages/nodes-base/nodes/Google/Chat/GoogleChat.node.ts:223
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Google/GenericFunctions.ts:90 repo/packages/nodes-base/nodes/Google/GenericFunctions.ts:126
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/GraphQL/GraphQL.node.ts:432 repo/packages/nodes-base/nodes/GraphQL/GraphQL.node.ts:535
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/HttpRequest/V1/HttpRequestV1.node.ts:958 repo/packages/nodes-base/nodes/HttpRequest/V1/HttpRequestV1.node.ts:1014
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/HttpRequest/V2/HttpRequestV2.node.ts:1019 repo/packages/nodes-base/nodes/HttpRequest/V2/HttpRequestV2.node.ts:1078
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/HttpRequest/V3/HttpRequestV3.node.ts:556 repo/packages/nodes-base/nodes/HttpRequest/V3/HttpRequestV3.node.ts:766
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Hubspot/V1/GenericFunctions.ts:45 repo/packages/nodes-base/nodes/Hubspot/V1/GenericFunctions.ts:46
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Hubspot/V1/GenericFunctions.ts:55 repo/packages/nodes-base/nodes/Hubspot/V1/GenericFunctions.ts:56
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Hubspot/V2/GenericFunctions.ts:47 repo/packages/nodes-base/nodes/Hubspot/V2/GenericFunctions.ts:48
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/HumanticAI/GenericFunctions.ts:35 repo/packages/nodes-base/nodes/HumanticAI/GenericFunctions.ts:41
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Hunter/GenericFunctions.ts:23 repo/packages/nodes-base/nodes/Hunter/GenericFunctions.ts:36
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Jenkins/GenericFunctions.ts:32 repo/packages/nodes-base/nodes/Jenkins/GenericFunctions.ts:42
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/JotForm/GenericFunctions.ts:26 repo/packages/nodes-base/nodes/JotForm/GenericFunctions.ts:41
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Linear/GenericFunctions.ts:109 repo/packages/nodes-base/nodes/Linear/GenericFunctions.ts:122
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/LingvaNex/GenericFunctions.ts:26 repo/packages/nodes-base/nodes/LingvaNex/GenericFunctions.ts:37
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Mandrill/GenericFunctions.ts:24 repo/packages/nodes-base/nodes/Mandrill/GenericFunctions.ts:37
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Marketstack/GenericFunctions.ts:24 repo/packages/nodes-base/nodes/Marketstack/GenericFunctions.ts:35
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Odoo/v1/OdooV1.node.ts:248 repo/packages/nodes-base/nodes/Odoo/v1/OdooV1.node.ts:266
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Onfleet/GenericFunctions.ts:33 repo/packages/nodes-base/nodes/Onfleet/GenericFunctions.ts:43
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Onfleet/Onfleet.node.ts:137 repo/packages/nodes-base/nodes/Onfleet/Onfleet.node.ts:146
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/PayPal/GenericFunctions.ts:25 repo/packages/nodes-base/nodes/PayPal/GenericFunctions.ts:42
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/PayPal/PayPal.node.ts:86 repo/packages/nodes-base/nodes/PayPal/PayPal.node.ts:117
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/PostHog/GenericFunctions.ts:24 repo/packages/nodes-base/nodes/PostHog/GenericFunctions.ts:41
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/QuickBase/GenericFunctions.ts:36 repo/packages/nodes-base/nodes/QuickBase/GenericFunctions.ts:58
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/SeaTable/v1/GenericFunctions.ts:56 repo/packages/nodes-base/nodes/SeaTable/v1/GenericFunctions.ts:62
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/SecurityScorecard/GenericFunctions.ts:51 repo/packages/nodes-base/nodes/SecurityScorecard/GenericFunctions.ts:74
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/SentryIo/GenericFunctions.ts:65 repo/packages/nodes-base/nodes/SentryIo/GenericFunctions.ts:68
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Stackby/GenericFunction.ts:30 repo/packages/nodes-base/nodes/Stackby/GenericFunction.ts:49
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Strapi/GenericFunctions.ts:79 repo/packages/nodes-base/nodes/Strapi/GenericFunctions.ts:85
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Strapi/Strapi.node.ts:111 repo/packages/nodes-base/nodes/Strapi/Strapi.node.ts:119
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Tapfiliate/GenericFunctions.ts:26 repo/packages/nodes-base/nodes/Tapfiliate/GenericFunctions.ts:43
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/UnleashedSoftware/GenericFunctions.ts:43 repo/packages/nodes-base/nodes/UnleashedSoftware/GenericFunctions.ts:53
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Uplead/GenericFunctions.ts:24 repo/packages/nodes-base/nodes/Uplead/GenericFunctions.ts:36
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/UptimeRobot/GenericFunctions.ts:25 repo/packages/nodes-base/nodes/UptimeRobot/GenericFunctions.ts:33
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Zammad/GenericFunctions.ts:44 repo/packages/nodes-base/nodes/Zammad/GenericFunctions.ts:73
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Zammad/Zammad.node.ts:293 repo/packages/nodes-base/nodes/Zammad/Zammad.node.ts:299
high first-party (npm): packages/nodes-base User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Zulip/GenericFunctions.ts:33 repo/packages/nodes-base/nodes/Zulip/GenericFunctions.ts:53
high first-party (npm): packages/@n8n/instance-ai User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/@n8n/instance-ai/evaluations/checklist/verifier.ts:222 repo/packages/@n8n/instance-ai/evaluations/checklist/verifier.ts:219
high first-party (npm): packages/@n8n/instance-ai User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/@n8n/instance-ai/evaluations/langtracer/client.ts:73 repo/packages/@n8n/instance-ai/evaluations/langtracer/client.ts:72
high first-party (npm): packages/@n8n/instance-ai User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/@n8n/instance-ai/evaluations/langtracer/client.ts:92 repo/packages/@n8n/instance-ai/evaluations/langtracer/client.ts:89
high first-party (npm): packages/@n8n/computer-use User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/@n8n/computer-use/src/gateway-client.ts:308 repo/packages/@n8n/computer-use/src/gateway-client.ts:302
high first-party (npm): packages/frontend/editor-ui User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/frontend/editor-ui/scripts/fetch-node-popularity.mjs:8 repo/packages/frontend/editor-ui/scripts/fetch-node-popularity.mjs:25
high first-party (npm): packages/testing/containers User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/testing/containers/services/keycloak.ts:509 repo/packages/testing/containers/services/keycloak.ts:520
high first-party (npm): packages/testing/containers User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/testing/containers/services/ngrok.ts:48 repo/packages/testing/containers/services/ngrok.ts:85
high first-party (npm): packages/testing/playwright User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/testing/playwright/reporters/metrics-reporter.ts:40 repo/packages/testing/playwright/reporters/metrics-reporter.ts:75
high first-party (npm): packages/testing/playwright User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/testing/playwright/scripts/coverage-analysis.mjs:87 repo/packages/testing/playwright/scripts/coverage-analysis.mjs:146
high first-party (npm): packages/testing/playwright User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/testing/playwright/scripts/import-victoria-data.mjs:49 repo/packages/testing/playwright/scripts/import-victoria-data.mjs:46
high first-party (npm): packages/testing/playwright User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/testing/playwright/scripts/import-victoria-data.mjs:59 repo/packages/testing/playwright/scripts/import-victoria-data.mjs:56
high first-party (npm): packages/testing/playwright User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/testing/playwright/services/api-helper.ts:662 repo/packages/testing/playwright/services/api-helper.ts:660
high first-party (npm): packages/testing/playwright User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/testing/playwright/services/mcp-oauth-api-helper.ts:225 repo/packages/testing/playwright/services/mcp-oauth-api-helper.ts:223
high first-party (npm): packages/testing/playwright User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/testing/playwright/services/public-api-helper.ts:164 repo/packages/testing/playwright/services/public-api-helper.ts:182
high first-party (npm): packages/testing/playwright User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/testing/playwright/services/user-api-helper.ts:31 repo/packages/testing/playwright/services/user-api-helper.ts:39
high first-party (npm): packages/testing/playwright User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/testing/playwright/services/user-api-helper.ts:31 repo/packages/testing/playwright/services/user-api-helper.ts:55
medium first-party (npm) Credentials parsed from the request URL are applied as authorization on the same outbound HTTP request. This is intentional URL authentication, not unexpected data exfiltration.
repo/.claude/plugins/n8n/scripts/track-skill-usage.mjs:29 repo/.claude/plugins/n8n/scripts/track-skill-usage.mjs:45

</> First-Party Code

first-party (npm)

npm first-party
high pii_flow production #aa8e30463fd92972 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/.claude/plugins/n8n/scripts/track-skill-usage.mjs:45 · flow /tmp/closeopen-zwski0h_/repo/.claude/plugins/n8n/scripts/track-skill-usage.mjs:29 → /tmp/closeopen-zwski0h_/repo/.claude/plugins/n8n/scripts/track-skill-usage.mjs:45
	await fetch(`${TELEMETRY_HOST}/v1/track`, {
		method: 'POST',
		headers: {
			'Content-Type': 'application/json',
			Authorization: `Basic ${Buffer.from(`${TELEMETRY_WRITE_KEY}:`).toString('base64')}`,
		},
		body: payload,
	});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #f84b47e8a2159cb7 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/.github/scripts/cla/check-signatures.mjs:92 · flow /tmp/closeopen-zwski0h_/repo/.github/scripts/cla/check-signatures.mjs:90 → /tmp/closeopen-zwski0h_/repo/.github/scripts/cla/check-signatures.mjs:92
			const res = await fetch(url);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #80209124093c9162 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/.github/scripts/claude-task/resume-callback.mjs:45 · flow /tmp/closeopen-zwski0h_/repo/.github/scripts/claude-task/resume-callback.mjs:18 → /tmp/closeopen-zwski0h_/repo/.github/scripts/claude-task/resume-callback.mjs:45
	const response = await fetch(resumeUrl, {
		method: 'POST',
		headers: { 'Content-Type': 'application/json' },
		body: payload,
	});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #a6c99a795855389d User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/.github/scripts/post-qa-metrics-comment.mjs:65 · flow /tmp/closeopen-zwski0h_/repo/.github/scripts/post-qa-metrics-comment.mjs:42 → /tmp/closeopen-zwski0h_/repo/.github/scripts/post-qa-metrics-comment.mjs:65
	res = await fetch(webhookUrl, {
		method: 'POST',
		headers,
		body: JSON.stringify({
			pr_number: pr,
			github_repo: repo,
			git_sha: sha,
			baseline_days: baselineDays,
			metric_names: metrics,
		}),
		signal: AbortSignal.timeout(60_000),
	});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #fa56bb7382c7007e User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/.github/scripts/post-qa-metrics-comment.mjs:117 · flow /tmp/closeopen-zwski0h_/repo/.github/scripts/post-qa-metrics-comment.mjs:48 → /tmp/closeopen-zwski0h_/repo/.github/scripts/post-qa-metrics-comment.mjs:117
const comments = await fetch(
	`https://api.github.com/repos/${owner}/${repoName}/issues/${pr}/comments?per_page=100`,
	{ headers: ghHeaders },
).then((r) => r.json());

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #4beafc4ac9965792 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/.github/scripts/post-qa-metrics-comment.mjs:127 · flow /tmp/closeopen-zwski0h_/repo/.github/scripts/post-qa-metrics-comment.mjs:42 → /tmp/closeopen-zwski0h_/repo/.github/scripts/post-qa-metrics-comment.mjs:127
	await fetch(
		`https://api.github.com/repos/${owner}/${repoName}/issues/comments/${existing.id}`,
		{ method: 'PATCH', headers: ghHeaders, body: JSON.stringify({ body: markdown }) },
	);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #5dae822688a36387 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/.github/scripts/post-qa-metrics-comment.mjs:133 · flow /tmp/closeopen-zwski0h_/repo/.github/scripts/post-qa-metrics-comment.mjs:42 → /tmp/closeopen-zwski0h_/repo/.github/scripts/post-qa-metrics-comment.mjs:133
	const created = await fetch(
		`https://api.github.com/repos/${owner}/${repoName}/issues/${pr}/comments`,
		{ method: 'POST', headers: ghHeaders, body: JSON.stringify({ body: markdown }) },
	).then((r) => r.json());

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #2783e13d05eda815 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/.github/scripts/send-metrics.mjs:87 · flow /tmp/closeopen-zwski0h_/repo/.github/scripts/send-metrics.mjs:65 → /tmp/closeopen-zwski0h_/repo/.github/scripts/send-metrics.mjs:87
		const response = await fetch(webhookUrl, {
			method: 'POST',
			headers: {
				'Content-Type': 'application/json',
				Authorization: `Basic ${basicAuth}`,
			},
			body: JSON.stringify(payload),
			signal: AbortSignal.timeout(5_000),
		});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #bb9e0978c889272f User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/@n8n/cli/src/client.ts:89 · flow /tmp/closeopen-zwski0h_/repo/packages/@n8n/cli/src/client.ts:48 → /tmp/closeopen-zwski0h_/repo/packages/@n8n/cli/src/client.ts:89
			response = await fetch(url.toString(), { method, headers, body });

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #5620367e95cbfa07 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/@n8n/computer-use/src/gateway-client.ts:302 · flow /tmp/closeopen-zwski0h_/repo/packages/@n8n/computer-use/src/gateway-client.ts:308 → /tmp/closeopen-zwski0h_/repo/packages/@n8n/computer-use/src/gateway-client.ts:302
		const response = await fetch(url, {
			method: 'POST',
			headers,
			body: JSON.stringify({
				rootPath: this.dir,
				tools,
				hostIdentifier: `${os.userInfo().username}@${os.hostname()}`,
				toolCategories: this.activeToolCategories,
			}),
		});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #90a9ec4fe93b9f9f User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/@n8n/instance-ai/evaluations/checklist/verifier.ts:219 · flow /tmp/closeopen-zwski0h_/repo/packages/@n8n/instance-ai/evaluations/checklist/verifier.ts:222 → /tmp/closeopen-zwski0h_/repo/packages/@n8n/instance-ai/evaluations/checklist/verifier.ts:219
	const response = await fetch(getOpenAiResponsesUrl(model.url), {
		method: 'POST',
		headers: {
			Authorization: `Bearer ${model.apiKey}`,
			'Content-Type': 'application/json',
		},
		body: JSON.stringify(requestBody),
		signal: abortSignal,
	});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #abcbe64d81eafdac User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/@n8n/instance-ai/evaluations/langtracer/client.ts:72 · flow /tmp/closeopen-zwski0h_/repo/packages/@n8n/instance-ai/evaluations/langtracer/client.ts:73 → /tmp/closeopen-zwski0h_/repo/packages/@n8n/instance-ai/evaluations/langtracer/client.ts:72
		const response = await fetch(new URL(path, this.config.baseUrl), {
			headers: { Authorization: `Bearer ${this.config.apiKey}` },
		});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #73783e5988f5fbc7 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/@n8n/instance-ai/evaluations/langtracer/client.ts:89 · flow /tmp/closeopen-zwski0h_/repo/packages/@n8n/instance-ai/evaluations/langtracer/client.ts:92 → /tmp/closeopen-zwski0h_/repo/packages/@n8n/instance-ai/evaluations/langtracer/client.ts:89
		const response = await fetch(new URL(path, this.config.baseUrl), {
			method,
			headers: {
				Authorization: `Bearer ${this.config.apiKey}`,
				'Content-Type': 'application/json',
			},
			body: JSON.stringify(body),
		});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #23c1ac03a7032aae User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/cli/src/license/license.service.ts:71 · flow /tmp/closeopen-zwski0h_/repo/packages/cli/src/license/license.service.ts:78 → /tmp/closeopen-zwski0h_/repo/packages/cli/src/license/license.service.ts:71
		await this.http.request({
			url: 'https://enterprise.n8n.io/enterprise-trial',
			method: 'POST',
			body: {
				licenseType: 'enterprise',
				firstName: user.firstName,
				lastName: user.lastName,
				email: user.email,
				instanceUrl: this.urlService.getWebhookBaseUrl(),
			},
			json: true,
		});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #e7488c5ff9fca57b User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/cli/src/modules/agents/integrations/integration-action-executor.ts:174 · flow /tmp/closeopen-zwski0h_/repo/packages/cli/src/modules/agents/integrations/integration-action-executor.ts:172 → /tmp/closeopen-zwski0h_/repo/packages/cli/src/modules/agents/integrations/integration-action-executor.ts:174
		const sent = await thread.post(await this.toPostable(params.descriptor, input.message, params));

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #835407c361c0e206 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/cli/src/modules/external-secrets.ee/providers/infisical.ts:277 · flow /tmp/closeopen-zwski0h_/repo/packages/cli/src/modules/external-secrets.ee/providers/infisical.ts:283 → /tmp/closeopen-zwski0h_/repo/packages/cli/src/modules/external-secrets.ee/providers/infisical.ts:277
		return await this.http.request({
			url: '/api/v4/secrets',
			method: 'GET',
			qs: {
				projectId: this.settings.projectId,
				environment: this.settings.environment,
				secretPath: this.settings.secretPath,
			},
			json: true,
		});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #a1464473b2d4da77 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/cli/src/modules/instance-ai/eval/api-docs.ts:33 · flow /tmp/closeopen-zwski0h_/repo/packages/cli/src/modules/instance-ai/eval/api-docs.ts:28 → /tmp/closeopen-zwski0h_/repo/packages/cli/src/modules/instance-ai/eval/api-docs.ts:33
		const res = await fetch(url, { signal: AbortSignal.timeout(FETCH_TIMEOUT_MS), headers });

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #50cecc9971788461 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/cli/src/modules/instance-ai/eval/api-docs.ts:81 · flow /tmp/closeopen-zwski0h_/repo/packages/cli/src/modules/instance-ai/eval/api-docs.ts:76 → /tmp/closeopen-zwski0h_/repo/packages/cli/src/modules/instance-ai/eval/api-docs.ts:81
		const res = await fetch(url, { signal: AbortSignal.timeout(FETCH_TIMEOUT_MS), headers });

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #d1fcb6ff26662120 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/cli/src/modules/log-streaming.ee/destinations/message-event-bus-destination-webhook.ee.ts:401 · flow /tmp/closeopen-zwski0h_/repo/packages/cli/src/modules/log-streaming.ee/destinations/message-event-bus-destination-webhook.ee.ts:380 → /tmp/closeopen-zwski0h_/repo/packages/cli/src/modules/log-streaming.ee/destinations/message-event-bus-destination-webhook.ee.ts:401
			const requestResponse = await this.outboundHttp
				.requests({ ssrf: 'disabled' }) // The destination URL is admin-configured, so SSRF protection is disabled.
				.request(request);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #efc4adc93b46f22d User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/cli/src/oauth/oauth.service.ts:1096 · flow /tmp/closeopen-zwski0h_/repo/packages/cli/src/oauth/oauth.service.ts:1067 → /tmp/closeopen-zwski0h_/repo/packages/cli/src/oauth/oauth.service.ts:1096
		const registerResult = await this.http.request({
			url: registration_endpoint,
			method: 'POST',
			body: registerPayload,
			json: true,
		});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #cee94324534f3d2f User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/core/src/binary-data/azure-blob.manager.ts:66 · flow /tmp/closeopen-zwski0h_/repo/packages/core/src/binary-data/azure-blob.manager.ts:64 → /tmp/closeopen-zwski0h_/repo/packages/core/src/binary-data/azure-blob.manager.ts:66
		await this.azureBlobService.put(targetFileId, sourceFile, metadata);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #bd7856b5604862cc User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/core/src/binary-data/object-store.manager.ts:80 · flow /tmp/closeopen-zwski0h_/repo/packages/core/src/binary-data/object-store.manager.ts:78 → /tmp/closeopen-zwski0h_/repo/packages/core/src/binary-data/object-store.manager.ts:80
		await this.objectStoreService.put(targetFileId, sourceFile, metadata);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #fd1ead654f4332e0 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/frontend/editor-ui/scripts/fetch-node-popularity.mjs:25 · flow /tmp/closeopen-zwski0h_/repo/packages/frontend/editor-ui/scripts/fetch-node-popularity.mjs:8 → /tmp/closeopen-zwski0h_/repo/packages/frontend/editor-ui/scripts/fetch-node-popularity.mjs:25
		const response = await fetch(POPULARITY_ENDPOINT, {
			signal: AbortSignal.timeout(5000),
		});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #733d4e2d49d8111f User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/credentials/CiscoSecureEndpointApi.credentials.ts:77 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/credentials/CiscoSecureEndpointApi.credentials.ts:92 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/credentials/CiscoSecureEndpointApi.credentials.ts:77
		const secureXToken = (await http.request({
			url: `https://visibility.${region}.cisco.com/iroh/oauth2/token`,
			method: 'POST',
			auth: {
				username: clientId,
				password: clientSecret,
			},
			body: new URLSearchParams({
				grant_type: 'client_credentials',
			}).toString(),
			headers: {
				'Content-Type': 'application/x-www-form-urlencoded',
				Accept: 'application/json',
			},
			json: true,
			timeout: TOKEN_REQUEST_TIMEOUT,
		})) as { access_token: string };

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #33a322c858721685 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/credentials/CiscoSecureEndpointApi.credentials.ts:95 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/credentials/CiscoSecureEndpointApi.credentials.ts:92 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/credentials/CiscoSecureEndpointApi.credentials.ts:95
		const secureEndpointToken = (await http.request({
			url: `https://api.${region}.cisco.com/v3/access_tokens`,
			method: 'POST',
			body: new URLSearchParams({
				grant_type: 'client_credentials',
			}).toString(),
			headers: {
				'Content-Type': 'application/x-www-form-urlencoded',
				Accept: 'application/json',
				Authorization: `Bearer ${secureXToken.access_token}`,
			},
			json: true,
			timeout: TOKEN_REQUEST_TIMEOUT,
		})) as { access_token: string };

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #ab7e274d40313625 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/credentials/GoogleApi.credentials.ts:366 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/credentials/GoogleApi.credentials.ts:334 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/credentials/GoogleApi.credentials.ts:366
		const { access_token } = (await http.request({
			url: 'https://oauth2.googleapis.com/token',
			method: 'POST',
			body: new URLSearchParams({
				grant_type: 'urn:ietf:params:oauth:grant-type:jwt-bearer',
				assertion: signature,
			}).toString(),
			headers: {
				'Content-Type': 'application/x-www-form-urlencoded',
			},
			json: true,
			timeout: TOKEN_REQUEST_TIMEOUT,
		})) as { access_token: string };

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #4b622fec644dddc4 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/credentials/MicrosoftEntraServicePrincipalApi.credentials.ts:140 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/credentials/MicrosoftEntraServicePrincipalApi.credentials.ts:148 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/credentials/MicrosoftEntraServicePrincipalApi.credentials.ts:140
	const response = await http.request({
		url: tokenUrl,
		method: 'POST',
		body: body.toString(),
		headers: {
			'Content-Type': 'application/x-www-form-urlencoded',
		},
		json: true,
		timeout: TOKEN_REQUEST_TIMEOUT,
	});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #a2acd2e8e2d49da5 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/credentials/SalesforceJwtApi.credentials.ts:121 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/credentials/SalesforceJwtApi.credentials.ts:105 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/credentials/SalesforceJwtApi.credentials.ts:121
		const response = (await http.request({
			url: `${authUrl}/services/oauth2/token`,
			method: 'POST',
			body: new URLSearchParams({
				grant_type: 'urn:ietf:params:oauth:grant-type:jwt-bearer',
				assertion: signature,
			}).toString(),
			headers: {
				'Content-Type': 'application/x-www-form-urlencoded',
			},
			json: true,
			timeout: TOKEN_REQUEST_TIMEOUT,
		})) as { access_token?: string; instance_url?: string };

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #81f195e04e8eeb75 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/credentials/common/aws/system-credentials-utils.ts:283 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/credentials/common/aws/system-credentials-utils.ts:264 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/credentials/common/aws/system-credentials-utils.ts:283
		const response = await fetch(fullUri, {
			method: 'GET',
			headers,
			signal: AbortSignal.timeout(2000),
		});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #e3b79a878da10f79 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/credentials/common/aws/system-credentials-utils.ts:349 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/credentials/common/aws/system-credentials-utils.ts:328 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/credentials/common/aws/system-credentials-utils.ts:349
		const credentialsResponse = await fetch(`https://sts.${region}.${getAwsDomain(region)}`, {
			method: 'POST',
			headers,
			body: body.toString(),
			signal: AbortSignal.timeout(2000),
		});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #654902d411d2796a User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/AcuityScheduling/GenericFunctions.ts:45 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/AcuityScheduling/GenericFunctions.ts:41 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/AcuityScheduling/GenericFunctions.ts:45
			return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #cc7be4bee6f17432 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Affinity/GenericFunctions.ts:47 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Affinity/GenericFunctions.ts:24 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Affinity/GenericFunctions.ts:47
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #061033b4f3d7fc1b User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/AgileCrm/GenericFunctions.ts:50 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/AgileCrm/GenericFunctions.ts:31 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/AgileCrm/GenericFunctions.ts:50
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #8fd2b407216c255f User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/AgileCrm/GenericFunctions.ts:128 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/AgileCrm/GenericFunctions.ts:112 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/AgileCrm/GenericFunctions.ts:128
			lastSuccesfulUpdateReturn = await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #75733ae10b8d0038 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/AgileCrm/GenericFunctions.ts:140 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/AgileCrm/GenericFunctions.ts:112 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/AgileCrm/GenericFunctions.ts:140
			lastSuccesfulUpdateReturn = await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #9f3b8b67b724d36c User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/AgileCrm/GenericFunctions.ts:149 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/AgileCrm/GenericFunctions.ts:112 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/AgileCrm/GenericFunctions.ts:149
			lastSuccesfulUpdateReturn = await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #127d0a3a104f3047 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/AgileCrm/GenericFunctions.ts:160 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/AgileCrm/GenericFunctions.ts:112 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/AgileCrm/GenericFunctions.ts:160
			lastSuccesfulUpdateReturn = await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #137fd36a377e2e48 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Autopilot/GenericFunctions.ts:45 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Autopilot/GenericFunctions.ts:29 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Autopilot/GenericFunctions.ts:45
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #0ab7e3db7e8fb732 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/BambooHr/v1/transport/index.ts:56 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/BambooHr/v1/transport/index.ts:25 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/BambooHr/v1/transport/index.ts:56
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #34679b43cd91631b User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Bannerbear/GenericFunctions.ts:45 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Bannerbear/GenericFunctions.ts:29 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Bannerbear/GenericFunctions.ts:45
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #3a643695445ec635 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Bitbucket/BitbucketTrigger.node.ts:217 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Bitbucket/BitbucketTrigger.node.ts:208 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Bitbucket/BitbucketTrigger.node.ts:217
					const response = await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #cb97d9ac20d8735d User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Bitbucket/GenericFunctions.ts:61 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Bitbucket/GenericFunctions.ts:48 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Bitbucket/GenericFunctions.ts:61
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #e296a50499ff2aae User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Chargebee/Chargebee.node.ts:600 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Chargebee/Chargebee.node.ts:591 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Chargebee/Chargebee.node.ts:600
					responseData = await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #4df56794e2356d24 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/CircleCi/GenericFunctions.ts:39 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/CircleCi/GenericFunctions.ts:25 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/CircleCi/GenericFunctions.ts:39
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #fa7e53b59b6c5114 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Clearbit/GenericFunctions.ts:37 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Clearbit/GenericFunctions.ts:25 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Clearbit/GenericFunctions.ts:37
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #7ac4ddc75571d731 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Demio/GenericFunctions.ts:38 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Demio/GenericFunctions.ts:26 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Demio/GenericFunctions.ts:38
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #130851dc0606e8ec User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Dhl/GenericFunctions.ts:42 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Dhl/GenericFunctions.ts:28 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Dhl/GenericFunctions.ts:42
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #9fa944750b2bbcbc User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Discord/v1/DiscordV1.node.ts:253 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Discord/v1/DiscordV1.node.ts:172 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Discord/v1/DiscordV1.node.ts:253
					response = await this.helpers.request(requestOptions);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #b78af0f38559a797 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Egoi/GenericFunctions.ts:50 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Egoi/GenericFunctions.ts:36 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Egoi/GenericFunctions.ts:50
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #c3d7e5307d76bd76 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Emelia/GenericFunctions.ts:135 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Emelia/GenericFunctions.ts:126 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Emelia/GenericFunctions.ts:135
		await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #2b46eb5dc420fd9b User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/FileMaker/GenericFunctions.ts:64 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/FileMaker/GenericFunctions.ts:37 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/FileMaker/GenericFunctions.ts:64
		const response = await this.helpers.request(requestOptions);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #4f113de2eb8c0ee7 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Freshdesk/GenericFunctions.ts:46 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Freshdesk/GenericFunctions.ts:23 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Freshdesk/GenericFunctions.ts:46
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #bd3f87de61167e21 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Google/Chat/GoogleChat.node.ts:223 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Google/Chat/GoogleChat.node.ts:187 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Google/Chat/GoogleChat.node.ts:223
					const response = await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #9eea000ec2489ff5 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Google/GenericFunctions.ts:126 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Google/GenericFunctions.ts:90 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Google/GenericFunctions.ts:126
	return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #9cdbaa8075c80f14 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/GraphQL/GraphQL.node.ts:535 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/GraphQL/GraphQL.node.ts:432 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/GraphQL/GraphQL.node.ts:535
					response = await this.helpers.request(requestOptions);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #4dc8ab414145b6c1 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/HttpRequest/V1/HttpRequestV1.node.ts:1014 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/HttpRequest/V1/HttpRequestV1.node.ts:958 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/HttpRequest/V1/HttpRequestV1.node.ts:1014
				const request = this.helpers.request(requestOptions);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #ccbfb040f37af938 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/HttpRequest/V2/HttpRequestV2.node.ts:1078 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/HttpRequest/V2/HttpRequestV2.node.ts:1019 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/HttpRequest/V2/HttpRequestV2.node.ts:1078
					const request = this.helpers.request(requestOptions);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #14a77ba880c4ba3b User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/HttpRequest/V3/HttpRequestV3.node.ts:766 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/HttpRequest/V3/HttpRequestV3.node.ts:556 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/HttpRequest/V3/HttpRequestV3.node.ts:766
						const request = this.helpers.request(requestOptions);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #ba7f7364fdc1a19a User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Hubspot/V1/GenericFunctions.ts:46 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Hubspot/V1/GenericFunctions.ts:45 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Hubspot/V1/GenericFunctions.ts:46
			return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #6b1688f949675e17 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Hubspot/V1/GenericFunctions.ts:56 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Hubspot/V1/GenericFunctions.ts:55 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Hubspot/V1/GenericFunctions.ts:56
				return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #f3f8554516cc4ac8 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Hubspot/V2/GenericFunctions.ts:48 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Hubspot/V2/GenericFunctions.ts:47 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Hubspot/V2/GenericFunctions.ts:48
				return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #0e341ed7bc55be79 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/HumanticAI/GenericFunctions.ts:41 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/HumanticAI/GenericFunctions.ts:35 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/HumanticAI/GenericFunctions.ts:41
		const response = await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #f89735e2b559afeb User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Hunter/GenericFunctions.ts:36 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Hunter/GenericFunctions.ts:23 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Hunter/GenericFunctions.ts:36
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #e59a0988105047b7 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Jenkins/GenericFunctions.ts:42 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Jenkins/GenericFunctions.ts:32 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Jenkins/GenericFunctions.ts:42
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #d45132e6a02a4874 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/JotForm/GenericFunctions.ts:41 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/JotForm/GenericFunctions.ts:26 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/JotForm/GenericFunctions.ts:41
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #d6577f364344fe5d User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Linear/GenericFunctions.ts:122 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Linear/GenericFunctions.ts:109 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Linear/GenericFunctions.ts:122
	return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #8a5b38d3c491c5a0 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/LingvaNex/GenericFunctions.ts:37 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/LingvaNex/GenericFunctions.ts:26 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/LingvaNex/GenericFunctions.ts:37
		const response = await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #a6a90f06a8ae51f8 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Mandrill/GenericFunctions.ts:37 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Mandrill/GenericFunctions.ts:24 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Mandrill/GenericFunctions.ts:37
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #073b2dc71d493adb User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Marketstack/GenericFunctions.ts:35 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Marketstack/GenericFunctions.ts:24 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Marketstack/GenericFunctions.ts:35
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #c1141f7db7c16c7d User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Odoo/v1/OdooV1.node.ts:266 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Odoo/v1/OdooV1.node.ts:248 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Odoo/v1/OdooV1.node.ts:266
					const result = await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #9097c31e2322fab6 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Onfleet/GenericFunctions.ts:43 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Onfleet/GenericFunctions.ts:33 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Onfleet/GenericFunctions.ts:43
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #28ea8b360782ef7c User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Onfleet/Onfleet.node.ts:146 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Onfleet/Onfleet.node.ts:137 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Onfleet/Onfleet.node.ts:146
					await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #f915194b03c94441 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/PayPal/GenericFunctions.ts:42 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/PayPal/GenericFunctions.ts:25 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/PayPal/GenericFunctions.ts:42
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #87c8c55c3a4bc933 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/PayPal/PayPal.node.ts:117 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/PayPal/PayPal.node.ts:86 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/PayPal/PayPal.node.ts:117
					await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #dc5e34bbfe8a660d User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/PostHog/GenericFunctions.ts:41 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/PostHog/GenericFunctions.ts:24 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/PostHog/GenericFunctions.ts:41
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #e3de2590225e6033 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/QuickBase/GenericFunctions.ts:58 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/QuickBase/GenericFunctions.ts:36 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/QuickBase/GenericFunctions.ts:58
		return await this.helpers?.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #c2146384144dffca User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/SeaTable/v1/GenericFunctions.ts:62 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/SeaTable/v1/GenericFunctions.ts:56 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/SeaTable/v1/GenericFunctions.ts:62
	ctx.base = await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #a034ab07cf7f309a User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/SecurityScorecard/GenericFunctions.ts:74 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/SecurityScorecard/GenericFunctions.ts:51 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/SecurityScorecard/GenericFunctions.ts:74
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #c1df5f927047a466 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/SentryIo/GenericFunctions.ts:68 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/SentryIo/GenericFunctions.ts:65 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/SentryIo/GenericFunctions.ts:68
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #3d6063ccb9668acb User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Stackby/GenericFunction.ts:49 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Stackby/GenericFunction.ts:30 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Stackby/GenericFunction.ts:49
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #13d7f633092a1105 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Strapi/GenericFunctions.ts:85 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Strapi/GenericFunctions.ts:79 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Strapi/GenericFunctions.ts:85
	return await (this.helpers.request(options) as Promise<{ jwt: string }>);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #1fc2b28923eb6bdd User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Strapi/Strapi.node.ts:119 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Strapi/Strapi.node.ts:111 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Strapi/Strapi.node.ts:119
					await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #c30b5bca8614e4c4 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Tapfiliate/GenericFunctions.ts:43 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Tapfiliate/GenericFunctions.ts:26 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Tapfiliate/GenericFunctions.ts:43
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #0a0333d03268acc5 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/UnleashedSoftware/GenericFunctions.ts:53 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/UnleashedSoftware/GenericFunctions.ts:43 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/UnleashedSoftware/GenericFunctions.ts:53
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #855d3014509d8788 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Uplead/GenericFunctions.ts:36 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Uplead/GenericFunctions.ts:24 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Uplead/GenericFunctions.ts:36
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #06b53b0758fee551 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/UptimeRobot/GenericFunctions.ts:33 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/UptimeRobot/GenericFunctions.ts:25 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/UptimeRobot/GenericFunctions.ts:33
		const responseData = await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #0d133ba67dc5ec1d User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Zammad/GenericFunctions.ts:73 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Zammad/GenericFunctions.ts:44 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Zammad/GenericFunctions.ts:73
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #7687ab81cd3f950d User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Zammad/Zammad.node.ts:299 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Zammad/Zammad.node.ts:293 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Zammad/Zammad.node.ts:299
					await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #94c297d32d37a954 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Zulip/GenericFunctions.ts:53 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Zulip/GenericFunctions.ts:33 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Zulip/GenericFunctions.ts:53
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #68c82e87f0885056 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/testing/containers/services/keycloak.ts:520 · flow /tmp/closeopen-zwski0h_/repo/packages/testing/containers/services/keycloak.ts:509 → /tmp/closeopen-zwski0h_/repo/packages/testing/containers/services/keycloak.ts:520
			const { headers, body } = await undiciRequest(formAction, {
				method: 'POST',
				headers: loginHeaders,
				body: loginBody.toString(),
				dispatcher: agent,
			});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #ab4f8d9b3cfb35cb User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/testing/containers/services/ngrok.ts:85 · flow /tmp/closeopen-zwski0h_/repo/packages/testing/containers/services/ngrok.ts:48 → /tmp/closeopen-zwski0h_/repo/packages/testing/containers/services/ngrok.ts:85
			const response = await fetch(`http://${host}:${hostPort}/api/tunnels`);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #6e3f7f7957e6a97a User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/testing/playwright/reporters/metrics-reporter.ts:75 · flow /tmp/closeopen-zwski0h_/repo/packages/testing/playwright/reporters/metrics-reporter.ts:40 → /tmp/closeopen-zwski0h_/repo/packages/testing/playwright/reporters/metrics-reporter.ts:75
					const response = await fetch(webhookUrl, {
						method: 'POST',
						headers: {
							'Content-Type': 'application/json',
							Authorization: `Basic ${auth}`,
						},
						body: JSON.stringify(payload),
						signal: AbortSignal.timeout(30000),
					});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #554b3d2baf8a3f7b User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/testing/playwright/scripts/coverage-analysis.mjs:146 · flow /tmp/closeopen-zwski0h_/repo/packages/testing/playwright/scripts/coverage-analysis.mjs:87 → /tmp/closeopen-zwski0h_/repo/packages/testing/playwright/scripts/coverage-analysis.mjs:146
			res = await fetch(url, { headers });

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #c674b3c915493190 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/testing/playwright/scripts/import-victoria-data.mjs:46 · flow /tmp/closeopen-zwski0h_/repo/packages/testing/playwright/scripts/import-victoria-data.mjs:49 → /tmp/closeopen-zwski0h_/repo/packages/testing/playwright/scripts/import-victoria-data.mjs:46
	const res = await fetch(`http://localhost:${VM_PORT}/api/v1/import`, {
		method: 'POST',
		headers: { 'Content-Type': 'application/json' },
		body: readFileSync(metricsFile),
	});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #6d35f1009481aecc User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/testing/playwright/scripts/import-victoria-data.mjs:56 · flow /tmp/closeopen-zwski0h_/repo/packages/testing/playwright/scripts/import-victoria-data.mjs:59 → /tmp/closeopen-zwski0h_/repo/packages/testing/playwright/scripts/import-victoria-data.mjs:56
	const res = await fetch(`http://localhost:${VL_PORT}/insert/jsonline`, {
		method: 'POST',
		headers: { 'Content-Type': 'application/json' },
		body: readFileSync(logsFile),
	});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #95f436ecd239621a User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/testing/playwright/services/api-helper.ts:660 · flow /tmp/closeopen-zwski0h_/repo/packages/testing/playwright/services/api-helper.ts:662 → /tmp/closeopen-zwski0h_/repo/packages/testing/playwright/services/api-helper.ts:660
		const response = await this.request.post('/rest/login', {
			data: {
				emailOrLdapLoginId: credentials.email,
				password: credentials.password,
			},
			maxRetries: 3,
		});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #aacc905404ff2bc5 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/testing/playwright/services/mcp-oauth-api-helper.ts:223 · flow /tmp/closeopen-zwski0h_/repo/packages/testing/playwright/services/mcp-oauth-api-helper.ts:225 → /tmp/closeopen-zwski0h_/repo/packages/testing/playwright/services/mcp-oauth-api-helper.ts:223
		return await this.api.request.post(`${params.basePath ?? DEFAULT_ENDPOINT_BASE_PATH}/revoke`, {
			form: {
				token: params.token,
				client_id: params.clientId,
				...(params.tokenTypeHint && { token_type_hint: params.tokenTypeHint }),
			},
		});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #db4c4e34cd165ebc User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/testing/playwright/services/public-api-helper.ts:182 · flow /tmp/closeopen-zwski0h_/repo/packages/testing/playwright/services/public-api-helper.ts:164 → /tmp/closeopen-zwski0h_/repo/packages/testing/playwright/services/public-api-helper.ts:182
			const acceptResponse = await isolatedContext.post('/rest/invitations/accept', {
				data: { token, firstName, lastName, password },
			});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #9d41ebc7549df0fd User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/testing/playwright/services/user-api-helper.ts:39 · flow /tmp/closeopen-zwski0h_/repo/packages/testing/playwright/services/user-api-helper.ts:31 → /tmp/closeopen-zwski0h_/repo/packages/testing/playwright/services/user-api-helper.ts:39
		const inviteResponse = await this.api.request.post('/rest/invitations', {
			data: [{ email: user.email, role: user.role }],
		});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #2a5fbb3ecc9010b8 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/testing/playwright/services/user-api-helper.ts:55 · flow /tmp/closeopen-zwski0h_/repo/packages/testing/playwright/services/user-api-helper.ts:31 → /tmp/closeopen-zwski0h_/repo/packages/testing/playwright/services/user-api-helper.ts:55
		const acceptResponse = await this.api.request.post('/rest/invitations/accept', {
			data: {
				token,
				firstName: user.firstName,
				lastName: user.lastName,
				password: user.password,
			},
		});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #c28457ec6aa3b2ce User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/scripts/instance-seeding/seedInstance.mjs:228 · flow /tmp/closeopen-zwski0h_/repo/scripts/instance-seeding/seedInstance.mjs:10 → /tmp/closeopen-zwski0h_/repo/scripts/instance-seeding/seedInstance.mjs:228
	const res = await fetch(`${BASE}/api/v1${path}`, {
		method,
		headers: HEADERS,
		body: body !== undefined ? JSON.stringify(body) : undefined,
	});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium pii_flow production #e47c8ea5cea10100 Credentials parsed from the request URL are applied as authorization on the same outbound HTTP request. This is intentional URL authentication, not unexpected data exfiltration.
repo/.claude/plugins/n8n/scripts/track-skill-usage.mjs:45 · flow /tmp/closeopen-zwski0h_/repo/.claude/plugins/n8n/scripts/track-skill-usage.mjs:29 → /tmp/closeopen-zwski0h_/repo/.claude/plugins/n8n/scripts/track-skill-usage.mjs:45
	await fetch(`${TELEMETRY_HOST}/v1/track`, {
		method: 'POST',
		headers: {
			'Content-Type': 'application/json',
			Authorization: `Basic ${Buffer.from(`${TELEMETRY_WRITE_KEY}:`).toString('base64')}`,
		},
		body: payload,
	});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium telemetry test-only #bde4a435c3c1e2c2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/agents/src/runtime/__tests__/background-task-tracker.test.ts:10
		tracker.track(inner);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only #9517ef503aecbf1f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/agents/src/runtime/__tests__/background-task-tracker.test.ts:34
		tracker.track(a);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only #27549a253d70dde0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/agents/src/runtime/__tests__/background-task-tracker.test.ts:35
		tracker.track(b);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only #0c6733d31b6076bf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/agents/src/runtime/__tests__/background-task-tracker.test.ts:46
		tracker.track(rejected);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only #60c058ee0ddf85bd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/agents/src/runtime/__tests__/background-task-tracker.test.ts:58
		tracker.track(inner);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only #862cc0da4625d7e0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/agents/src/runtime/__tests__/background-task-tracker.test.ts:67
		tracker.track(Promise.resolve());

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ae0bc39af06e028b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/agents/src/runtime/loop/agent-runtime.ts:669
		this.backgroundTasks.track(titlePromise);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #01936958d876c454 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/agents/src/runtime/memory/memory-orchestrator.ts:373
		this.backgroundTasks.track(queued);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d6ad1ac68c35a2ac Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/agents/src/runtime/memory/scoped-memory-task-runner.ts:130
		this.tracker.track(queued);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #91c0552088c82ed8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/errors/src/application.error.ts:1
import type { Event } from '@sentry/node';

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #28d7b3fd10c22d70 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/errors/src/types.ts:1
import type { Event } from '@sentry/node';

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #fe658a3df3a92326 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/mcp-apps/src/apps/workflow-preview/composables/use-workflow-preview.ts:120
		telemetry.track(WORKFLOW_PREVIEW_TELEMETRY_EVENTS.PREVIEW_RENDER_FAILED, {
			...getPreviewTelemetryPayload(),
			reason,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #23de33085221a7dd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/mcp-apps/src/apps/workflow-preview/composables/use-workflow-preview.ts:129
		telemetry.track(
			WORKFLOW_PREVIEW_TELEMETRY_EVENTS.PREVIEW_RENDERED_SUCCESSFULLY,
			getPreviewTelemetryPayload(),
		);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #fc45e20637bb0c71 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/mcp-apps/src/apps/workflow-preview/composables/use-workflow-preview.ts:147
		telemetry.track(WORKFLOW_PREVIEW_TELEMETRY_EVENTS.OPEN_IN_N8N_CLICKED, {
			...getPreviewTelemetryPayload(),
			source,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #f83aeb7bffebf451 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/mcp-apps/src/apps/workflow-preview/composables/use-workflow-preview.ts:193
		telemetry.track(WORKFLOW_PREVIEW_TELEMETRY_EVENTS.PREVIEW_TOOL_CALL_COMPLETED, {
			...getPreviewToolCallTelemetryPayload(requestId),
			duration_ms: Math.max(0, Math.round(performance.now() - startedAt)),
			outcome,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #9ed2ab2b8d3edd75 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/mcp-apps/src/apps/workflow-preview/composables/use-workflow-preview.ts:212
		telemetry.track(WORKFLOW_PREVIEW_TELEMETRY_EVENTS.PREVIEW_CRASHED, {
			...getPreviewTelemetryPayload(),
			...(message ? { error_message: sanitizeTelemetryErrorMessage(message) } : {}),
			source: WORKFLOW_PREVIEW_CRASH_SOURCES.PREVIEW_IFRAME_ERROR,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #66a80295e685afa4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/mcp-apps/src/apps/workflow-preview/composables/use-workflow-preview.ts:234
		telemetry.track(
			WORKFLOW_PREVIEW_TELEMETRY_EVENTS.PREVIEW_TOOL_CALL_REQUESTED,
			getPreviewToolCallTelemetryPayload(requestId),
		);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #8771f8fa52a6474c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/mcp-apps/src/composables/use-mcp-app-crash-telemetry.ts:33
		telemetry.track(event, {
			app,
			...getMcpClientTelemetryProperties(hostVersion.value),
			error_message: sanitizeTelemetryErrorMessage(getErrorMessage(error)),
			source,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b4d948076079deaf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/mcp-apps/src/composables/use-mcp-app-telemetry.ts:48
			telemetry.track(events.renderFailed, {
				app,
				...getMcpClientTelemetryProperties(hostVersion.value),
				error_message: getConnectionErrorReason(connectionError.value),
				reason: renderFailedReason,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b612db5611054cd1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/mcp-apps/src/telemetry/index.test.ts:54
		telemetry.track('Test event', { boot_ms: 42 });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #f94b10d4efd95dc4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/mcp-apps/src/telemetry/index.test.ts:70
		telemetry.track('Test event', {
			apiKey: 'secret-api-key',
			error_message: 'Authorization: Bearer abc.def-ghi_jkl/mno=',
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #efd00e5d0b54519a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/mcp-apps/src/telemetry/index.test.ts:93
		telemetry.track('Test event');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #f6fe791a41d86d7f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/mcp-apps/src/telemetry/index.test.ts:103
		telemetry.track('Test event');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b3bec66e3917901c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/mcp-apps/src/telemetry/index.test.ts:111
		telemetry.track('Test event');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #31b17d3f7dc62750 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/mcp-apps/src/telemetry/index.test.ts:118
		telemetry.track('Test event', { reason: 'x' });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #2d1d9058454b9b7e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/mcp-apps/src/telemetry/index.ts:88
			this.rudderStack?.track(
				event,
				{
					...sanitizedProperties,
					instance_id: this.config.instanceId,
					version_cli: this.config.versionCli,
				},
				// Send a fake IP so RudderStack does not capture the user's real one.
				{ context: { ip: '0.0.0.0' } },
			);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b3f795f2a351870f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/nodes-langchain/nodes/agents/Agent/agents/SqlAgent/other/handlers/sqlite.ts:32
	temp.track();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only #7b701a40421aaf9b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/task-runner/src/__tests__/task-runner-sentry.test.ts:1
import type { ErrorEvent } from '@sentry/core';

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #c2c0dc927e2d7e11 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/task-runner/src/task-runner-sentry.ts:2
import type { ErrorEvent, Exception } from '@sentry/core';

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #7a3493553afd91c0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/concurrency/concurrency-control.service.ts:138
				this.telemetry.track('User hit concurrency limit', {
					threshold: CLOUD_TEMP_PRODUCTION_LIMIT - capacity,
					concurrencyQueue: type,
				});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only #f4a395e03567ae36 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/controllers/__tests__/posthog.controller.test.ts:17
		expect(maskIp(input)).toBe(expected);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only #1baebe3347a9e616 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/controllers/__tests__/posthog.controller.test.ts:36
		setPostHogProxyHeaders(proxyReq, createReq({ ip: '203.0.113.7', method: 'GET' }));

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only #7bbc232513086d84 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/controllers/__tests__/posthog.controller.test.ts:45
		setPostHogProxyHeaders(proxyReq, createReq({ method: 'GET' }));

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only #c9ef665dfc161d77 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/controllers/__tests__/posthog.controller.test.ts:54
		setPostHogProxyHeaders(proxyReq, createReq({ ip: '203.0.113.7', method: 'POST', rawBody }));

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only #9bbbc0b9a47a91c6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/controllers/__tests__/telemetry.controller.test.ts:122
		await controller.track(req, res, next);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #8884335fee060ce9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/evaluation.ee/evaluation-collection.service.ts:187
		this.telemetry.track('Eval collection created', {
			user_id: user.id,
			workflow_id: workflowId,
			collection_id: collection.id,
			evaluation_config_id: input.evaluationConfigId,
			version_count: input.versions.length,
			existing_run_count: existingRunIds.length,
			new_run_count: runsStartedIds.length,
			dataset_id: this.extractDatasetId(config),
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d34331d6dcfa53b1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/evaluation.ee/evaluation-collection.service.ts:264
		this.telemetry.track('Eval collection deleted', {
			user_id: user.id,
			workflow_id: workflowId,
			collection_id: collectionId,
			runs_unlinked: runsUnlinked,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #780d09ec53604956 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/evaluation.ee/insights/eval-insights.service.ts:143
		this.telemetry.track('Eval collection insights generated', {
			user_id: user.id,
			workflow_id: workflowId,
			collection_id: collectionId,
			model_used: response.modelUsed,
			duration_ms: Date.now() - startMs,
			status: response.status,
			regressions_found: response.insights.regressions.length,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ee145a8a25859c93 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/evaluation.ee/test-runner/test-runner.service.ee.ts:736
			this.telemetry.track('User ran test', {
				user_id: user.id,
				run_id: testRun.id,
				workflow_id: workflowId,
				run_type: runType,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #73e4e1f7cd1ffa58 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/evaluation.ee/test-runner/test-runner.service.ee.ts:1201
			this.telemetry.track('Test run finished', telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #c4ad183f320deb0d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/evaluation.ee/test-runs.controller.ee.ts:107
		this.telemetry.track('User deleted a run', { run_id: testRunId });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a7e083d46cba8c82 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/evaluation.ee/test-runs.controller.ee.ts:145
		this.telemetry.track('User cancelled a test case', {
			run_id: req.params.id,
			case_id: caseId,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #710a20843b62a28c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:224
		this.telemetry.track('Instance AI mcp connected', {
			user_id: userId,
			server_slug: serverSlug,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #8be3e6869907d2a5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:234
		this.telemetry.track('Instance AI mcp disconnected', {
			user_id: userId,
			server_slug: serverSlug,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #8e918a0edc9a6454 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:253
		this.telemetry.track('Project settings updated', {
			user_id: userId,
			role,
			project_id: projectId,
			members: members?.map(({ userId: user_id, role }) => ({ user_id, role })),
			otel_project_custom_tags_count: otelProjectCustomTagsCount,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ccec5e0343c78118 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:269
		this.telemetry.track('User deleted project', {
			user_id: userId,
			role,
			project_id: projectId,
			removal_type: removalType,
			target_project_id: targetProjectId,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #82c2bb9b9fb1359c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:279
		this.telemetry.track('User created project', {
			user_id: userId,
			role,
			uiContext,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #3e3a939300ab6bb3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:297
		this.telemetry.track('User updated source control settings', {
			branch_name: branchName,
			read_only_instance: readOnlyInstance,
			repo_type: repoType,
			connected,
			connection_type: connectionType,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #4e01a97019be8485 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:312
		this.telemetry.track('User started pull via UI', {
			user_id: userId,
			workflow_updates: workflowUpdates,
			workflow_conflicts: workflowConflicts,
			cred_conflicts: credConflicts,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #65bc98564adbce48 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:324
		this.telemetry.track('User finished pull via UI', {
			user_id: userId,
			workflow_updates: workflowUpdates,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #4696c3154dcc7750 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:334
		this.telemetry.track('User pulled via API', {
			workflow_updates: workflowUpdates,
			forced,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #5b650b9656828177 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:348
		this.telemetry.track('User started push via UI', {
			user_id: userId,
			workflows_eligible: workflowsEligible,
			workflows_eligible_with_conflicts: workflowsEligibleWithConflicts,
			creds_eligible: credsEligible,
			creds_eligible_with_conflicts: credsEligibleWithConflicts,
			variables_eligible: variablesEligible,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #fd0a75735bb0f39a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:365
		this.telemetry.track('User finished push via UI', {
			user_id: userId,
			workflows_eligible: workflowsEligible,
			workflows_pushed: workflowsPushed,
			creds_pushed: credsPushed,
			variables_pushed: variablesPushed,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #5f7384ac3eb2dcf2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:379
		this.telemetry.track('Instance attempted to refresh license', {
			success,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #fc09384897627a63 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:389
		this.telemetry.track('User registered for license community plus', {
			user_id: userId,
			email,
			licenseKey,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #35ab1c57b4c28481 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:401
		this.telemetry.track('User created variable', {
			user_id: user.id,
			...(projectId && { project_id: projectId }),
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #6f1ab5a7a446bc0f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:408
		this.telemetry.track('User updated variable', {
			user_id: user.id,
			...(projectId && { project_id: projectId }),
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #1ab220375cd3fdf6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:415
		this.telemetry.track('User deleted variable', {
			user_id: user.id,
			...(projectId && { project_id: projectId }),
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #2ce76eef4332cad4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:432
		this.telemetry.track('User updated external secrets settings', {
			user_id: userId,
			vault_type: vaultType,
			is_valid: isValid,
			is_new: isNew,
			error_message: errorMessage,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e93565fa65f4d859 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:444
		this.telemetry.track('User reloaded external secrets', {
			vault_type: vaultType,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d91fd3d75691952c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:455
		this.telemetry.track('User created external secrets connection', {
			user_id: userId,
			user_role: userRole,
			vault_type: vaultType,
			scope: projects.length === 0 ? 'global' : 'project',
			project_ids: projects.map((project) => project.id),
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e02f71f18e2c6f7b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:470
		this.telemetry.track('User updated external secrets connection', {
			user_id: userId,
			user_role: userRole,
			vault_type: vaultType,
			scope: projects.length === 0 ? 'global' : 'project',
			project_ids: projects.map((project) => project.id),
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #5dc14e5bfe2dddaf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:485
		this.telemetry.track('User deleted external secrets connection', {
			user_id: userId,
			user_role: userRole,
			vault_type: vaultType,
			scope: projects.length === 0 ? 'global' : 'project',
			project_ids: projects.map((project) => project.id),
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #9a5f209b2a014f95 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:498
		this.telemetry.track('User toggled external secrets system roles', {
			user_id: userId,
			enabled,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a197fac0d3a81ed1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:527
		this.telemetry.track('API key created', {
			user_id: user.id,
			public_api: publicApi,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #4276a4e9168e29b0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:536
		this.telemetry.track('API key deleted', {
			user_id: user.id,
			public_api: publicApi,
			is_own: isOwn,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #0cb4e363e5042494 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:546
		this.telemetry.track('API key rotated', {
			user_id: user.id,
			public_api: publicApi,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #8d8ea65dc057e3b8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:567
		this.telemetry.track('cnr package install finished', {
			user_id: user.id,
			input_string: inputString,
			package_name: packageName,
			success,
			package_version: packageVersion,
			package_node_names: packageNodeNames,
			package_author: packageAuthor,
			package_author_email: packageAuthorEmail,
			failure_reason: failureReason,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #bc6b775de6712c3e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:589
		this.telemetry.track('cnr package updated', {
			user_id: user.id,
			package_name: packageName,
			package_version_current: packageVersionCurrent,
			package_version_new: packageVersionNew,
			package_node_names: packageNodeNames,
			package_author: packageAuthor,
			package_author_email: packageAuthorEmail,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #eaf27b95a7016d63 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:608
		this.telemetry.track('cnr package deleted', {
			user_id: user.id,
			package_name: packageName,
			package_version: packageVersion,
			package_node_names: packageNodeNames,
			package_author: packageAuthor,
			package_author_email: packageAuthorEmail,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #422b9313203e19c9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:635
		this.telemetry.track('User created credentials', {
			user_id: user.id,
			user_role: user.role?.slug,
			credential_type: credentialType,
			credential_id: credentialId,
			project_id: projectId,
			project_type: projectType,
			uiContext,
			is_private: isDynamic ?? false,
			uses_external_secrets: usesExternalSecrets ?? false,
			jwe_enabled: jweEnabled ?? false,
			credential_supports_managed_auth: supportsManagedAuth ?? false,
			credential_uses_managed_auth: usesManagedAuth ?? false,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #24dc18808db3365e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:659
		this.telemetry.track('User updated cred sharing', {
			user_id: user.id,
			user_role: user.role?.slug,
			credential_type: credentialType,
			credential_id: credentialId,
			user_id_sharer: userIdSharer,
			user_ids_sharees_added: userIdsShareesAdded,
			sharees_removed: shareesRemoved,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #be6f47fff2caaec7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:680
		this.telemetry.track('User updated credentials', {
			user_id: user.id,
			user_role: user.role?.slug,
			credential_type: credentialType,
			credential_id: credentialId,
			is_private: isDynamic ?? false,
			uses_external_secrets: usesExternalSecrets ?? false,
			jwe_enabled: jweEnabled ?? false,
			credential_supports_managed_auth: supportsManagedAuth ?? false,
			credential_uses_managed_auth: usesManagedAuth ?? false,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d21950b913c4120a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:698
		this.telemetry.track('User deleted credentials', {
			user_id: user.id,
			user_role: user.role?.slug,
			credential_type: credentialType,
			credential_id: credentialId,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #08157b014736c04c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:711
		this.telemetry.track('User disconnected own credential connection', {
			user_id: user.id,
			user_role: user.role?.slug,
			credential_type: credentialType,
			credential_id: credentialId,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #829f9ad41b4a6a5f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:726
		this.telemetry.track('User created end-user credential', {
			user_id: user.id,
			user_role: user.role?.slug,
			credential_type: credentialType,
			credential_id: credentialId,
			project_id: projectId,
			project_type: projectType,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ee9e95db7ec0db9e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:741
		this.telemetry.track('User made credential end-user', {
			user_id: user.id,
			user_role: user.role?.slug,
			credential_type: credentialType,
			credential_id: credentialId,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e9966b3f9e446e44 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:754
		this.telemetry.track('User made credential fixed', {
			user_id: user.id,
			user_role: user.role?.slug,
			credential_type: credentialType,
			credential_id: credentialId,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #f2b41c807e6da37f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:767
		this.telemetry.track('User cleared end-user credential connections', {
			user_id: user.id,
			user_role: user.role?.slug,
			credential_type: credentialType,
			credential_id: credentialId,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #7c48723f1e0e63f6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:780
		this.telemetry.track('User deleted end-user credential', {
			user_id: user.id,
			user_role: user.role?.slug,
			credential_type: credentialType,
			credential_id: credentialId,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #909574d5892a46d9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:795
		this.telemetry.track('User connected to end-user credential', {
			user_id: user.id,
			user_role: user.role?.slug,
			credential_type: credentialType,
			credential_id: credentialId,
			credential_supports_managed_auth: supportsManagedAuth ?? false,
			credential_uses_managed_auth: usesManagedAuth ?? false,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #188717755f83eb33 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:815
		this.telemetry.track('Ldap general sync finished', {
			type,
			succeeded,
			users_synced: usersSynced,
			error,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #6bb3fc4edba79f6f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:837
		this.telemetry.track('User updated Ldap settings', {
			user_id: userId,
			loginIdAttribute,
			firstNameAttribute,
			lastNameAttribute,
			emailAttribute,
			ldapIdAttribute,
			searchPageSize,
			searchTimeout,
			synchronizationEnabled,
			synchronizationInterval,
			loginLabel,
			loginEnabled,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #75bfa94de4637ea3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:854
		this.telemetry.track('Ldap login sync failed', { error });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #f93e982fb8c85d48 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:860
		this.telemetry.track('User login failed since ldap disabled', { user_ud: userId });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ec3c94aa5b04cf34 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:872
		this.telemetry.track('Sso user project access update', {
			user_id: userId,
			projects_removed: projectsRemoved,
			projects_added: projectsAdded,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e9a8a7bb4ae89c37 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:883
		this.telemetry.track('Sso user instance role update', { user_id: userId, role });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #514be9732314ed55 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:901
		this.telemetry.track('User created workflow', {
			user_id: user.id,
			workflow_id: workflow.id,
			node_graph_string: limitNodeGraphStringSize(JSON.stringify(nodeGraph)),
			public_api: publicApi,
			project_id: projectId,
			project_type: projectType,
			meta: JSON.stringify(workflow.meta),
			otel_workflow_custom_tags_count: countWorkflowCustomTelemetryTags(workflow),
			otel_nodes_with_custom_tags_count: countNodesWithCustomTelemetryTags(workflow.nodes),
			otel_node_custom_tags_count: countNodeCustomTelemetryTags(workflow.nodes),
			uiContext,
			source,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #6c7a7c18619dcc82 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:918
		this.telemetry.track('User archived workflow', {
			user_id: user.id,
			workflow_id: workflowId,
			public_api: publicApi,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #4cbea18d61ee551c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:930
		this.telemetry.track('User unarchived workflow', {
			user_id: user.id,
			workflow_id: workflowId,
			public_api: publicApi,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #2542b8cae87343f0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:938
		this.telemetry.track('User deleted workflow', {
			user_id: user.id,
			workflow_id: workflowId,
			public_api: publicApi,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #344afafea0d6d0fd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:997
		this.telemetry.track('User activated workflow', {
			user_id: user.id,
			workflow_id: workflowId,
			public_api: publicApi,
			source,
			private_credentials_count: privateCredentialsCount,
			private_credential_types: privateCredentialTypes,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #7b2ce94034b7f1a0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1014
		this.telemetry.track('User deactivated workflow', {
			user_id: user.id,
			workflow_id: workflowId,
			public_api: publicApi,
			deactivated_version_id: deactivatedVersionId,
			source,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e78859d3c36eff6d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1028
		this.telemetry.track('User updated workflow sharing', {
			workflow_id: workflowId,
			user_id_sharer: userIdSharer,
			user_id_list: userIdList,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #c5578638078ac28d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1036
		this.telemetry.track('User imported n8n package', {
			user_id: user.id,
			workflow_conflict_policy: options.workflowConflictPolicy,
			workflow_id_policy: options.workflowIdPolicy,
			credential_matching_mode: options.credentialMatchingMode,
			credential_missing_mode: options.credentialMissingMode,
			workflow_publishing_policy: options.workflowPublishingPolicy,
			workflows_created: counts.workflows.created,
			workflows_updated: counts.workflows.updated,
			workflows_skipped: counts.workflows.skipped,
			credentials_matched: counts.credentials.matched,
			credentials_created: counts.credentials.created,
			credentials_required: counts.credentials.requirements,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d4a191c7f92c2b21 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1053
		this.telemetry.track('User exported n8n package', {
			user_id: user.id,
			workflow_count: counts.workflows,
			folder_count: counts.folders,
			credential_count: counts.credentials,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #24c4ca13808a1c04 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1068
		this.telemetry.track('User package export failed', {
			user_id: user.id,
			reason,
			workflow_count: workflowIds?.length ?? 0,
			folder_count: folderIds?.length ?? 0,
			project_count: projectIds?.length ?? 0,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #fa04646ee078e3df Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1078
		this.telemetry.track('User package import failed', {
			user_id: user.id,
			reason,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #072b66848764d7ee Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1162
		this.telemetry.track('User saved workflow', {
			user_id: user.id,
			workflow_id: workflow.id,
			node_graph_string: limitNodeGraphStringSize(JSON.stringify(nodeGraph)),
			notes_count_overlapping: overlappingCount,
			notes_count_non_overlapping: notesCount - overlappingCount,
			version_cli: N8N_VERSION,
			num_tags: workflow.tags?.length ?? 0,
			public_api: publicApi,
			sharing_role: userRole,
			meta: JSON.stringify(workflow.meta),
			workflow_edited_no_pos: workflowEditedNoPos,
			credential_edited: credentialEdited,
			ai_builder_assisted: aiBuilderAssisted ?? false,
			credential_resolver_id: credentialResolverId,
			identity_extractor_changed: identityExtractorChanged,
			redaction_policy: redactionPolicy,
			private_credentials_count: privateCredentialsCount,
			private_credential_types: privateCredentialTypes,
			otel_workflow_custom_tags_count: countWorkflowCustomTelemetryTags(workflow),
			otel_nodes_with_custom_tags_count: countNodesWithCustomTelemetryTags(workflow.nodes),
			otel_node_custom_tags_count: countNodeCustomTelemetryTags(workflow.nodes),
			source,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #24d5c0ab9524ec27 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1258
					this.telemetry.track('User ran out of free AI credits');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #f0cb85afb55f0799 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1386
					this.telemetry.track('Manual node exec finished', telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #671bdf08f7c168f4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1399
					this.telemetry.track('Manual workflow exec finished', manualExecEventProperties);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d5649ba2a9a8a39d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1541
		this.telemetry.track('Instance started', {
			...info,
			earliest_workflow_created: firstWorkflow?.createdAt,
			otel,
			settings_managed_by_env_vars: settingsManagedByEnvVars,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #f63ca6fcf124b291 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1624
		this.telemetry.track('Session started', { session_id: pushRef });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #4958916f6095722a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1628
		this.telemetry.track('User instance stopped');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #9d7dafae11a5e004 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1637
		this.telemetry.track('Owner finished instance setup', { user_id: userId });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #74347a157840bc1b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1645
		this.telemetry.track('Workflow first prod success', {
			project_id: projectId,
			workflow_id: workflowId,
			user_id: userId ?? undefined,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #530a4f48a3173625 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1657
		this.telemetry.track('Instance first prod failure', {
			project_id: projectId,
			workflow_id: workflowId,
			user_id: userId,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #619ffe3b1f5dba19 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1672
		this.telemetry.track('Workflow first data fetched', {
			user_id: userId,
			workflow_id: workflowId,
			node_type: nodeType,
			node_id: nodeId,
			credential_type: credentialType,
			credential_id: credentialId,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #dfd8a9fff1e1c1de Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1699
		this.telemetry.track('User changed role', {
			user_id: userId,
			target_user_id: targetUserId,
			target_user_new_role: targetUserNewRole,
			public_api: publicApi,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #202905aba4243dc6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1708
		this.telemetry.track('User retrieved user', {
			user_id: userId,
			public_api: publicApi,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #3ef028598867c920 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1715
		this.telemetry.track('User retrieved all users', {
			user_id: userId,
			public_api: publicApi,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #1b79fb381729991f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1722
		this.telemetry.track('User retrieved execution', {
			user_id: userId,
			public_api: publicApi,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #00152b6df0714c11 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1732
		this.telemetry.track('User retrieved all executions', {
			user_id: userId,
			public_api: publicApi,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #5e166acab1552fed Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1739
		this.telemetry.track('User retrieved workflow', {
			user_id: userId,
			public_api: publicApi,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #9761651a81fedd68 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1749
		this.telemetry.track('User retrieved workflow version', {
			user_id: userId,
			public_api: publicApi,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #47142ff603b491c6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1759
		this.telemetry.track('User retrieved all workflows', {
			user_id: userId,
			public_api: publicApi,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #c88f5b3e06be6f8b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1774
		this.telemetry.track('User changed personal settings', {
			user_id: user.id,
			fields_changed: fieldsChanged,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #005f3d1e25770cc5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1788
		this.telemetry.track('User deleted user', {
			user_id: user.id,
			public_api: publicApi,
			target_user_old_status: targetUserOldStatus,
			migration_strategy: migrationStrategy,
			target_user_id: targetUserId,
			migration_user_id: migrationUserId,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #522358c31bf23e5f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1812
		this.telemetry.track('User invited new user', {
			user_id: user.id,
			target_user_id: targetUserId,
			public_api: publicApi,
			email_sent: emailSent,
			invitee_role: inviteeRole,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #3a72042ef638b029 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1839
		this.telemetry.track('User signed up', payload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ba7767d799039066 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1854
		this.telemetry.track('User responded to personalization questions', personalizationSurveyData);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #10059e199c6569be Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1862
		this.telemetry.track('Instance failed to send transactional email to user', {
			user_id: user.id,
			message_type: messageType,
			public_api: publicApi,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #5379bb34dba16e15 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1874
		this.telemetry.track('User sent transactional email', {
			user_id: userId,
			message_type: messageType,
			public_api: publicApi,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #dbbfb18bc5dbc4f8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1973
		this.telemetry.track('User clicked invite link from email', {
			user_id: invitee.id,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #fff128d0871de9a5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1979
		this.telemetry.track('User clicked password reset link from email', {
			user_id: user.id,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b5d50875d429a270 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1987
		this.telemetry.track('User requested password reset while logged out', {
			user_id: user.id,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #1ea554f44e75d8ac Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:2004
		this.telemetry.track('Instance compacted workflow history', {
			workflows_processed: workflowsProcessed,
			total_versions_seen: totalVersionsSeen,
			total_versions_deleted: totalVersionsDeleted,
			window_start_iso: new Date(windowStartIso),
			window_end_iso: new Date(windowEndIso),
			error_count: errorCount,
			compaction_start_time_iso: compactionStartTime,
			compaction_duration_ms: durationMs,
			compaction_batch_delay_ms: this.globalConfig.workflowHistoryCompaction.batchDelayMs,
			compaction_batch_size: this.globalConfig.workflowHistoryCompaction.batchSize,
			compaction_trimming_optimizing_time_window_hours:
				this.globalConfig.workflowHistoryCompaction.optimizingTimeWindowHours,
			compaction_trimming_time_window_days:
				this.globalConfig.workflowHistoryCompaction.trimmingTimeWindowDays,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a2abf7de767c7779 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:2030
		this.telemetry.track('User updated instance policies', {
			user_id: user.id,
			[settingName]: value,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ad2bb8b924f5e040 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:2042
		this.telemetry.track('User confirmed reveal data', {
			user_id: user.id,
			execution_id: executionId,
			workflow_id: workflowId,
			redaction_policy: redactionPolicy,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #789f3d1721286ae2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:2055
		this.telemetry.track('User created custom role', {
			user_id: userId,
			role_slug: roleSlug,
			scopes,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #cca3d8d675ab8b93 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:2063
		this.telemetry.track('User updated custom role', {
			user_id: userId,
			role_slug: roleSlug,
			scopes,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ab7bca303bb98edb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:2071
		this.telemetry.track('User deleted custom role', {
			user_id: userId,
			role_slug: roleSlug,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #36e0780a78f68a52 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:2086
		this.telemetry.track('User imported workflows via server cli', {
			active_state: activeState,
			workflow_count: workflowCount,
			separate,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #85b13ba6cd896f3f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:2100
		this.telemetry.track('User exported workflows via server cli', {
			selector,
			published,
			separate,
			backup,
			workflow_count: workflowCount,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #77fa4ef2c2362e69 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/data-table/data-table-size-validator.service.ts:62
			this.telemetry.track('User hit data table storage limit', {
				total_bytes: size.totalBytes,
				max_bytes: this.globalConfig.dataTable.maxSize,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d7537ef653ca970e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/browser/instance-ai-browser-session.service.ts:224
		this.telemetry.track('Instance AI Browser connected', { user_id: userId });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #fcf0594fa191434e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai-credit.service.ts:108
			this.telemetry.track('Builder credits claimed', {
				instance_id: this.instanceSettings.instanceId,
				user_id: user.id,
				thread_id: threadId,
				agent_run_id: dedupeId,
				status,
				success: false,
				error_message: getErrorMessage(error),
				attempted_usage: usage,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #89c776da60819df9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai-credit.service.ts:176
		this.telemetry.track('Builder credits claimed', {
			instance_id: this.instanceSettings.instanceId,
			user_id: user.id,
			thread_id: threadId,
			agent_run_id: dedupeId,
			status,
			success: true,
			credits_used: delta,
			credits_claimed_total: creditsClaimed,
			credits_quota: creditsQuota,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #c0faa751f77ffd66 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai-credit.service.ts:194
				this.telemetry.track('User exhausted assistant quota', {
					instance_id: this.instanceSettings.instanceId,
					user_id: user.id,
				});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d8cc983cf50d8b43 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai-gateway.service.ts:81
		this.telemetry.track('User connected to Computer Use', {
			user_id: userId,
			tool_groups: data.toolCategories.filter((c) => c.enabled).map((c) => c.name),
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a36c0166f52a9ca7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai-terminal-outcome.service.ts:270
		this.telemetry.track('instance_ai_terminal_response_decision', {
			thread_id: threadId,
			run_id: runId,
			message_group_id: messageGroupId,
			source: 'terminal_guard',
			status: decision.status,
			action: decision.action,
			reason: decision.reason,
			visibility_source: decision.visibilitySource,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #2fb755c6c944afa4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai-terminal-outcome.service.ts:398
					this.telemetry.track('instance_ai_terminal_response_decision', {
						thread_id: threadId,
						run_id: outcome.runId,
						message_group_id: outcome.messageGroupId,
						task_id: outcome.taskId,
						source: 'terminal_outcome_replay',
						status: outcome.status,
						action: published ? 'replay_event' : 'already-emitted',
						visibility_source: 'background-outcome',
					});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #cfa463931a4d425f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai-terminal-outcome.service.ts:433
			this.telemetry.track('instance_ai_terminal_response_decision', {
				thread_id: threadId,
				run_id: outcome.runId,
				message_group_id: outcome.messageGroupId,
				task_id: outcome.taskId,
				source: 'terminal_outcome_replay',
				status: outcome.status,
				action,
				visibility_source: 'background-outcome',
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #7fa06e9e37601397 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai-terminal-outcome.service.ts:509
			this.telemetry.track('instance_ai_terminal_outcome_persistence_failure', {
				thread_id: task.threadId,
				run_id: task.runId,
				task_id: task.taskId,
				status: outcome.status,
				phase: 'metadata',
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #0ce8b7a63f698be4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai-terminal-outcome.service.ts:521
		this.telemetry.track('instance_ai_terminal_response_decision', {
			thread_id: task.threadId,
			run_id: task.runId,
			message_group_id: task.messageGroupId,
			task_id: task.taskId,
			source: 'background_outcome',
			status: outcome.status,
			action: published ? 'emit' : 'already-emitted',
			visibility_source: 'background-outcome',
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b8a0d3315988293d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai-terminal-outcome.service.ts:542
			this.telemetry.track('instance_ai_terminal_outcome_persistence_failure', {
				thread_id: task.threadId,
				run_id: task.runId,
				task_id: task.taskId,
				status: outcome.status,
				phase: 'snapshot',
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e8089958461261df Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai.adapter.service.ts:525
					telemetry.track('Builder published workflow', {
						thread_id: threadId,
						workflow_id: workflowId,
						executed_by: 'ai',
					});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #baecea64dbb59992 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai.adapter.service.ts:698
					telemetry.track('Builder created workflow', {
						thread_id: threadId,
						workflow_id: updated.id,
					});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #45d10af558c632b6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai.adapter.service.ts:775
					telemetry.track('Builder modified workflow', {
						thread_id: threadId,
						workflow_id: workflowId,
					});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #59437f7f4dfaaf89 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai.adapter.service.ts:1074
					telemetry.track('Builder executed workflow', {
						thread_id: threadId,
						workflow_id: workflowId,
						executed_by: 'ai',
						pinned_node_count: Object.keys(runData.pinData ?? {}).length,
						exec_type: runData.executionMode,
						status,
						...(error ? { error } : {}),
					});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #550de31252b21030 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai.service.ts:1646
			this.telemetry?.track('instance_ai_workflow_verification_obligation', {
				event,
				thread_id: obligation.threadId,
				run_id: obligation.runId,
				task_id: obligation.taskId,
				planned_task_id: obligation.plannedTaskId,
				work_item_id: obligation.workItemId,
				workflow_id: obligation.workflowId,
				source: obligation.source,
				policy: obligation.policy,
				status: obligation.status,
				readiness_status: obligation.readiness?.status,
				setup_status: obligation.setupRequirement?.status,
				has_evidence: obligation.evidence?.attempted === true,
				evidence_success: obligation.evidence?.success,
				blocking_reason: obligation.blockingReason,
				...extra,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a8e3457e89b45957 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai.service.ts:2042
			this.telemetry.track(eventName, properties);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b7c34a69082ea13e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai.service.ts:2059
				this.telemetry.track(eventName, properties);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ede0276d89161979 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai.service.ts:3328
					this.telemetry.track('Builder sent message', {
						thread_id: threadId,
						message: intermediateText,
						is_intermediate: true,
					});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #2d8a80f0d6c2ce65 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai.service.ts:3482
				this.telemetry.track('Builder sent message', {
					thread_id: threadId,
					message: outputText,
				});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #fcbc62057f1dcc56 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai.service.ts:3486
				this.telemetry.track('Builder satisfied user intent', {
					thread_id: threadId,
				});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #fa896d98d5351e5b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai.service.ts:4456
					this.telemetry.track('Builder sent message', {
						thread_id: opts.threadId,
						message: intermediateText,
						is_intermediate: true,
					});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #073186cf8b3f18d4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai.service.ts:4606
				this.telemetry.track('Builder sent message', {
					thread_id: opts.threadId,
					message: outputText,
				});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #c5bd05483e0860aa Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai.service.ts:4610
				this.telemetry.track('Builder satisfied user intent', {
					thread_id: opts.threadId,
				});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #8daf0e1c55512874 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai.service.ts:5045
		this.telemetry.track('Builder asked for input', {
			thread_id: threadId,
			input_thread_id: inputThreadId,
			type,
			num_steps: numSteps,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #19d25b9be3710cad Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai.service.ts:5130
		this.telemetry.track('instance_ai_run_finished', {
			thread_id: threadId,
			run_id: runId,
			status: effectiveStatus,
			...(userId ? { user_id: userId } : {}),
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #2ee522887aa1c7ba Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai.service.ts:5387
			this.telemetry.track('Instance AI mcp tool called', {
				user_id: userId,
				server_slug: serverSlug,
				tool_name: toolName,
				success,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a98a4cbf9d63ee09 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/log-streaming.ee/destinations/message-event-bus-destination-sentry.ee.ts:1
import * as Sentry from '@sentry/node';

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #8c2f0fef9b232c11 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/mcp-server-middleware.service.ts:139
		this.telemetry.track(USER_CONNECTED_TO_MCP_EVENT, payload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #0fe933cae66aeb24 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/mcp.controller.ts:216
		this.telemetry.track(USER_CONNECTED_TO_MCP_EVENT, payload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #44042d93e2676c71 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/mcp.service.ts:509
					this.telemetry.track(MCP_PREVIEW_RENDER_REQUESTED_EVENT, {
						user_id: user.id,
						client_name: clientInfo?.name,
						client_version: clientInfo?.version,
					});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #02d9cf81f50f7cc9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/data-table/add-data-table-column.tool.ts:74
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #0c86d89b9a931fa3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/data-table/add-data-table-column.tool.ts:83
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #75f6b15614450ca2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/data-table/add-data-table-rows.tool.ts:76
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #4248bc3e77a8040d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/data-table/add-data-table-rows.tool.ts:88
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d0f189e67a872ee2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/data-table/create-data-table.tool.ts:90
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #70f69c8932769155 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/data-table/create-data-table.tool.ts:102
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d861c4c9f7974bad Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/data-table/delete-data-table-column.tool.ts:59
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #767d2178d8b7ea33 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/data-table/delete-data-table-column.tool.ts:68
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e3a1c36bcb1e91ec Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/data-table/rename-data-table-column.tool.ts:75
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #35a78a1c3c0cb86d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/data-table/rename-data-table-column.tool.ts:84
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #4f8e6c9bf8ca2646 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/data-table/rename-data-table.tool.ts:58
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #75de8d6a8595b8e5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/data-table/rename-data-table.tool.ts:67
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #1b9608cc096e8dfc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/data-table/search-data-tables.tool.ts:91
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #95024cab8084008e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/data-table/search-data-tables.tool.ts:104
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #214f630dac3a582c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/execute-workflow.tool.ts:147
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #3d3d886c148df39a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/execute-workflow.tool.ts:181
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #8aefb00a3cffbb67 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/get-execution.tool.ts:157
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #77ea0f97736094e1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/get-execution.tool.ts:195
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e1266fde073f7bda Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/get-workflow-details.tool.ts:87
				telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #189bc4db20fdd4fa Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/get-workflow-details.tool.ts:99
				telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ccbed65066e772e9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/get-workflow-history.tool.ts:102
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #cf60db1f20a019a6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/get-workflow-history.tool.ts:125
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #f030982edf2dfb20 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/get-workflow-version.tool.ts:110
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #65283d7f49c5ea8e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/get-workflow-version.tool.ts:140
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a3567e344e39de0e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/list-credentials.tool.ts:135
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e2e42ed311bc7765 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/list-credentials.tool.ts:147
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #0817c159df3dcf08 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/list-tags.tool.ts:96
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #451afc820d0ceea3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/list-tags.tool.ts:107
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #2405de16fe4cf5ee Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/prepare-workflow-pin-data.tool.ts:100
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d4681bb5af3251e0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/prepare-workflow-pin-data.tool.ts:109
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #1d29e92016739e45 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/publish-workflow.tool.ts:93
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #851b4888dba52480 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/publish-workflow.tool.ts:115
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #8f4a3113026e90ce Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/search-executions.tool.ts:150
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #dd8c7394d90409dc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/search-executions.tool.ts:165
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #1bdd60b0e0848d84 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/search-folders.tool.ts:75
				telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #28ae88a8f8be3c82 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/search-folders.tool.ts:103
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #78dbed7be7686e52 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/search-folders.tool.ts:116
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #807262b32ec5d730 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/search-projects.tool.ts:166
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #c207eebe963b1029 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/search-projects.tool.ts:179
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #9b691bdb8269dc1b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/search-workflows.tool.ts:130
				telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #f03b5970cc7e2eb1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/search-workflows.tool.ts:148
				telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #4ed9254c5b05b2da Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/test-workflow.tool.ts:112
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #51d1031322e56741 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/test-workflow.tool.ts:136
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #75faaeba89abd312 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/unpublish-workflow.tool.ts:82
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #477bc3ca067aa1b3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/unpublish-workflow.tool.ts:103
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #9f267053bd045584 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/workflow-builder/connection-structure-check.ts:174
	telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a53a6f31393a89d5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/workflow-builder/create-workflow-from-code.tool.ts:211
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e012215cfff66b70 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/workflow-builder/create-workflow-from-code.tool.ts:328
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #3542f0ca6ad5dd2a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/workflow-builder/create-workflow-from-code.tool.ts:389
					telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #dc1d3487630d7584 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/workflow-builder/create-workflow-from-code.tool.ts:416
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b4b2cc8b754cb469 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/workflow-builder/delete-workflow.tool.ts:71
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #20cfe7e5203fc3f9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/workflow-builder/delete-workflow.tool.ts:90
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #bc3fb899e180186d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/workflow-builder/explore-node-resources.tool.ts:128
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #8264f657fbcaeff4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/workflow-builder/explore-node-resources.tool.ts:141
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ae970e6c9845c6d3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/workflow-builder/get-workflow-best-practices.tool.ts:140
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #cb3a6dfcf635e259 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/workflow-builder/get-workflow-best-practices.tool.ts:151
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #da4ba2e26ea5b02f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/workflow-builder/get-workflow-node-types.tool.ts:68
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ab4b3fbc9bfd094b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/workflow-builder/get-workflow-node-types.tool.ts:79
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #0b4f6ca61945373c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/workflow-builder/get-workflow-sdk-reference.tool.ts:68
		telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #758d155e35447de0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/workflow-builder/restore-workflow-version.tool.ts:128
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #7abb431f96c50e06 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/workflow-builder/restore-workflow-version.tool.ts:151
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #f1d69a924e95f4d5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/workflow-builder/search-workflow-nodes.tool.ts:67
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #3b766f56bb1acc07 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/workflow-builder/search-workflow-nodes.tool.ts:78
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #90a3be9933a54c3a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/workflow-builder/update-workflow.tool.ts:744
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #f469bf5e8db4423d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/workflow-builder/update-workflow.tool.ts:771
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ed37bf14a17f8ae9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/workflow-builder/validate-node.tool.ts:133
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #03650f52cf65da1a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/workflow-builder/validate-node.tool.ts:148
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #28094e16ec9ec93c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/workflow-builder/validate-workflow-code.tool.ts:104
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #1723b71df941a5ff Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/workflow-builder/validate-workflow-code.tool.ts:126
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only #5518c583daabb5ec Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/posthog/__tests__/posthog.test.ts:5
import { PostHog } from 'posthog-node';

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only #de43b4d1159f3332 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/posthog/__tests__/posthog.test.ts:52
		ph.track({
			userId: 'test',
			event: 'test',
			properties: {},
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only #a88aceaaf0383a05 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/posthog/__tests__/posthog.test.ts:72
		ph.track({
			userId,
			event,
			properties,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only #d42c512760c5cab8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/posthog/__tests__/posthog.test.ts:89
		ph.track({
			userId: instanceId,
			event: 'Instance started',
			properties: { instance_id: instanceId },
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only #15ba22b01e2ec355 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/posthog/__tests__/posthog.test.ts:102
		ph.track({
			userId: '',
			event: 'Some event',
			properties: {},
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ad1d11062c9fced8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/posthog/index.ts:7
import type { PostHog, FeatureFlagEvaluations } from 'posthog-node';

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #10fc6b754b0231f0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/services/ai-workflow-builder.service.ts:122
			this.telemetry.track(event, properties);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #7d9210d795c5b9ce Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/services/user.service.ts:173
			publicUser.featureFlags = await posthog.getFeatureFlags(publicUser);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only #e68c68cd3fa8ede6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/telemetry/__tests__/telemetry.test.ts:990
			telemetry.track(eventName, properties);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only #010081b0ddb5531f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/telemetry/__tests__/telemetry.test.ts:1006
			telemetry.track(eventName, properties);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only #61b99e8e2d1f3831 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/telemetry/__tests__/telemetry.test.ts:1025
			telemetry.track(eventName, properties);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only #bf7ee33e71231e24 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/telemetry/__tests__/telemetry.test.ts:1037
			telemetry.track(eventName, {});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only #32a27347ce033b12 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/telemetry/__tests__/telemetry.test.ts:1049
			telemetry.track(eventName, {});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #40270570f361aa08 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/telemetry/index.ts:230
				this.track('Public API usage', {
					user_id: userId,
					total_calls: entry.total_calls,
					first: entry.first,
					endpoints: JSON.stringify(entry.endpoints),
					user_agents: JSON.stringify(entry.user_agents),
				});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d04e1ee3b9de7ac1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/telemetry/index.ts:258
		this.track('pulse', pulsePacket);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #1250062dd246cd10 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/telemetry/index.ts:276
			this.track('Workflow execution count', {
				event_version: '2',
				workflow_id: workflowId,
				...this.executionCountsBuffer[workflowId],
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #31d91f8b28a63e74 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/telemetry/index.ts:300
			this.track('Agent execution count', {
				event_version: '1',
				agent_id,
				...(user_id ? { user_id } : {}),
				...counts,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #9af2d0d684126428 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/telemetry/index.ts:334
			this.track('Agent session metrics', {
				event_version: '1',
				agent_id: bucket.agent_id,
				...bucket.configuration,
				run_type: bucket.run_type,
				turn_status: bucket.turn_status,
				session_count: sessions.length,
				turn_count: turnCount,
				latency_ms_sum: latencyMsSum,
				cost_sum: costSum,
				tool_call_count_sum: toolCallCountSum,
				num_skills_sum: numSkillsSum,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e8549ab380075889 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/telemetry/index.ts:386
				this.track('Workflow execution with end-user credentials', properties);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #13fc898029a79ee2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/telemetry/index.ts:394
				this.track('Workflow execution errored', properties);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #914e5dbb85c7d5e3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/telemetry/index.ts:588
		this.postHog?.track(payload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #cdc0d8b4f81b01c1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/telemetry/index.ts:590
		return this.rudderStack.track(rudderStackPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only #84b4dabda3baacc5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/core/src/errors/__tests__/error-reporter.test.ts:3
import type { ErrorEvent } from '@sentry/core';

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b7f0dfd325ae169f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/core/src/errors/error-reporter.ts:6
import type { ErrorEvent, EventHint } from '@sentry/core';

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #c1b04ea00d344291 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/core/src/errors/error-reporter.ts:7
import type { NodeOptions } from '@sentry/node';

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only #f2139a7332e95d6a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/core/src/observability/tracing/__tests__/sentry-tracing.test.ts:1
import type { StartSpanOptions } from '@sentry/core';

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only #b05d094be320c5f8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/core/src/observability/tracing/__tests__/sentry-tracing.test.ts:2
import type Sentry from '@sentry/node';

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only #c4325a3701ee90f7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/core/src/observability/tracing/__tests__/span-sampling.test.ts:1
import type { SpanJSON, TracesSamplerSamplingContext, TransactionEvent } from '@sentry/core';

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only #6fae74a32192e475 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/core/src/observability/tracing/__tests__/tracing.test.ts:1
import type { StartSpanOptions } from '@sentry/core';

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #32b2305347ddf115 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/core/src/observability/tracing/sentry-tracing.ts:2
import type Sentry from '@sentry/node';

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #11bac99757c1cba2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/core/src/observability/tracing/span-sampling.ts:1
import type { SpanJSON, TracesSamplerSamplingContext, TransactionEvent } from '@sentry/core';

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e2204cda26284ba5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/core/src/observability/tracing/tracing.ts:2
import type {
	StartSpanOptions as SentryStartSpanOptions,
	SpanContextData as SentrySpanContextData,
	SpanAttributes as SentrySpanAttributes,
} from '@sentry/core';

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a1589a50e9716414 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/core/src/observability/tracing/tracing.ts:7
import type Sentry from '@sentry/node';

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #6b296438276cc01d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useAutocompleteTelemetry.ts:93
		telemetry.track('User autocompleted code', payload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #64602a79ce2a6df6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useCalloutHelpers.ts:81
			telemetry.track('User clicked on RAG callout', {
				node_type: options.telemetry.nodeType ?? null,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #20611d4f78323603 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useCalloutHelpers.ts:85
			telemetry.track('User inserted tutorial template', {
				template: templateId,
				source: options.telemetry.source,
				node_type: options.telemetry.nodeType ?? null,
				section: options.telemetry.section ?? null,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #8913790f8015eb63 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useCanvasOperations.ts:285
		telemetry.track('User tidied up canvas', {
			source,
			target,
			nodes_count: result.nodes.length,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d5e2102329ab1b95 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useCanvasOperations.ts:608
			telemetry.track('User deleted workflow note', {
				workflow_id: workflowDocumentStore.value.workflowId,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ada51d86af400cb5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useCanvasOperations.ts:613
			telemetry.track('User deleted node', {
				node_type: node.type,
				workflow_id: workflowDocumentStore.value.workflowId,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #86729f8b393a08c8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useCanvasOperations.ts:1230
		telemetry.track('User inserted workflow note', {
			workflow_id: workflowDocumentStore.value.workflowId,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b74cdffdb1805caf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useCanvasOperations.ts:2956
						telemetry.track('User pasted nodes', {
							workflow_id: workflowDocumentStore.value.workflowId,
							node_graph_string: nodeGraph,
						});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #961a25e42b473317 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useCanvasOperations.ts:2961
						telemetry.track('User duplicated nodes', {
							workflow_id: workflowDocumentStore.value.workflowId,
							node_graph_string: nodeGraph,
						});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #fc8bf7621902c2d0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useCanvasOperations.ts:2966
						telemetry.track('User imported workflow', {
							source,
							workflow_id: workflowDocumentStore.value.workflowId,
							node_graph_string: nodeGraph,
						});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #3a81a6c02f4e9914 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useCanvasOperations.ts:3279
		telemetry.track('User copied nodes', {
			node_types: workflowData.nodes.map((node) => node.type),
			workflow_id: workflowDocumentStore.value.workflowId,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b8542a57e6ebe8d1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useCanvasOperations.ts:3353
		telemetry.track('User clicked chat open button', payload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #7fb1937f7530fecc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useCanvasOperations.ts:3538
		telemetry.track('User inserted workflow template', {
			source: 'workflow',
			template_id: tryToParseNumber(templateId),
			wf_template_repo_session_id: templatesStore.previousSessionId,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #9a712c4a46dac851 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useCollectionOverhaul.ts:6
	const postHogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #492e31cc6165b803 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useErrorHandler.ts:3
import { captureException } from '@sentry/vue';

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a6cbe871a42d9b18 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useFreeAiCredits.ts:79
			telemetry.track('User claimed OpenAI credits', { source });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #045690b3529fb228 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useGlobalEntityCreation.ts:460
			telemetry.track('User clicked sidebar add variable button');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b5136d060b7659d9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useGlobalEntityCreation.ts:465
			telemetry.track('User clicked sidebar add data table button');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #653884074ca37777 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useHistoryHelper.ts:90
			telemetry.track(`User hit ${type}`, { commands_length: 1, commands: [command.name] });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #fa373d076b62dc5f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useHistoryHelper.ts:92
			telemetry.track(`User hit ${type}`, {
				commands_length: command.commands.length,
				commands: command.commands.map((c) => c.name),
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #3f35b57064df80ea Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useHistoryHelper.ts:102
			telemetry?.track('User hit undo in NDV', { node_type: activeNode.type });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #05dac999eb0bf783 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useNodeExecution.ts:427
			telemetry.track('User clicked execute node button', telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #16cb2e929f0002bd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useNodeHelpers.ts:798
			telemetry.track('User set node enabled status', {
				node_type: node.type,
				is_enabled: node.disabled,
				workflow_id: workflowDocumentStore.value.workflowId,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b0425a768ed03146 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/usePageRedirectionHelper.ts:63
		telemetry.track('User clicked upgrade CTA', {
			source,
			isTrial: userIsTrialing,
			deploymentType,
			trialDaysLeft,
			executionsLeft,
			workflowsLeft,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #586e45582a59117f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/usePinnedData.ts:241
		telemetry.track('Ndv data pinning success', telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #8c6196eb23c9788f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/usePinnedData.ts:255
		telemetry.track('Ndv data pinning failure', {
			pinning_source: source,
			node_type: targetNode?.type,
			push_ref: rootStore.pushRef,
			data_size: stringSizeInBytes(data.value),
			view: displayMode,
			run_index: runIndex,
			error_type: errorType,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #8af70e83d083db68 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/usePinnedData.ts:307
		telemetry.track('User unpinned ndv data', {
			node_type: targetNode?.type,
			push_ref: rootStore.pushRef,
			run_index: runIndex,
			source,
			data_size: stringSizeInBytes(data.value),
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #51ef885fd05bf2da Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/usePostMessageHandler.ts:176
		telemetry.track('User opened read-only execution', {
			workflow_id: data.workflowData.id,
			execution_mode: data.mode,
			execution_finished: data.finished,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ba42ed1de6d05a0d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/usePushConnection/handlers/executionFinished.ts:121
			telemetry.track('User executed test AI workflow', {
				status: data.status,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #07e3bb7b6a4284c7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/usePushConnection/handlers/executionFinished.ts:140
			telemetry.track('User executed tutorial template', {
				template: templateId,
				status: data.status,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #260db5771e00bcca Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/usePushConnection/handlers/executionFinished.ts:401
		telemetry.track('Instance FE emitted paired item error', eventData);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a310b2a68bab2284 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/usePushConnection/handlers/trackNodeExecution.ts:23
		telemetry.track('Manual exec errored', {
			error_title: pushData.data.error.message,
			node_type: node?.type,
			node_type_version: node?.typeVersion,
			node_id: node?.id,
			node_graph_string: JSON.stringify(
				TelemetryHelpers.generateNodesGraph(
					workflowDocumentStore.serialize(),
					workflowHelpers.getNodeTypes(),
					{
						isCloudDeployment: settingsStore.isCloudDeployment,
					},
				).nodeGraph,
			),
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #92d3c11869d69d67 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useRunWorkflow.ts:651
		telemetry.track('User clicked execute workflow button', telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ffb00110098946fd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useToast.ts:82
			telemetry.track('Instance FE emitted error', {
				error_title: params.title,
				error_message: messageForTelemetry,
				caused_by_credential: causedByCredential(messageForTelemetry),
				workflow_id: workflowDocumentStore.value.workflowId,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ff855f11d645a2f8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useToast.ts:177
		telemetry.track('Instance FE emitted error', {
			error_title: title,
			error_description: message,
			error_message: error.message,
			caused_by_credential: causedByCredential(error.message),
			workflow_id: workflowDocumentStore.value.workflowId,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #74e86d8c1254c19c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useWorkflowActivate.ts:200
		telemetry.track('User set workflow active status', telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b5bda6625d20e0d6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useWorkflowExtraction.ts:526
		telemetry.track('User started nodes to sub-workflow extraction', {
			node_count: nodeCount,
			success,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #f9ee9b642f68920b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useWorkflowExtraction.ts:533
		telemetry.track('User extracted nodes to sub-workflow', {
			node_count: nodeCount,
			success,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #92c4cbfe6600b16e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useWorkflowInitialization.ts:352
				telemetry.track(
					`User opened workflow from onboarding template with ID ${workflowData.meta.onboardingId}`,
					{ workflow_id: id },
				);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #19eda0def8ae1ef1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useWorkflowSaving.ts:264
					telemetry.track('User attempted to save locked workflow', {
						workflowId: currentWorkflow,
						sharing_role: getWorkflowProjectRole(currentWorkflow),
					});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #075cf5323f94d076 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useWorkflowSaving.ts:523
				telemetry.track('User saved new workflow from template', {
					template_id: tryToParseNumber(String(templateId)),
					workflow_id: workflowData.id,
					wf_template_repo_session_id: templatesStore.previousSessionId,
				});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #f3e0634fb2e77f21 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/init.ts:234
	const postHogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #dade4070bcdb7e0b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/plugins/sentry.test.ts:1
import type * as Sentry from '@sentry/vue';

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #9de5c84c5b03014b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/plugins/sentry.ts:4
import * as Sentry from '@sentry/vue';

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #36c3a269244cdcfb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/plugins/telemetry.test.ts:194
			telemetry.track(event, properties);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b85683db4e240dc5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/plugins/telemetry.test.ts:217
			telemetry.track(event, properties);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #332611e725809b6e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/plugins/telemetry/index.ts:69
		this.track('Session started', { session_id: rootStore.pushRef });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #5ff5ab4d9b9f16ef Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/plugins/telemetry/index.ts:115
		this.rudderStack.track(event, updatedProperties, {
			context: {
				// provide a fake IP address to instruct RudderStack to not use the user's IP address
				ip: '0.0.0.0',
			},
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #24469938414de2e9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/plugins/telemetry/index.ts:123
			usePostHog().capture(event, updatedProperties);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #5c83ec7eb0e29c1d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/plugins/telemetry/index.ts:176
					this.track('Ai code generation finished', properties);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #6ccc04c97e5cf504 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/plugins/telemetry/index.ts:190
					this.track('Ai Transform code generation finished', properties);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b0fbcfdef2b1cac4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/plugins/telemetry/index.ts:208
				this.track('User toggled n8n reference option', {
					node: nodeType,
					toValue: change.value,
				});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #c978f4bf8f7be014 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/router.test.ts:212
			const posthog = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #58dc84779cd09723 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/router.test.ts:217
			const posthog = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #fdb9c5a2970ae53a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/router.test.ts:225
			const posthog = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #6fff72b0f3aeee59 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/router.test.ts:238
			const posthog = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #31fe9ebbd30c19a6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/router.ts:256
			const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e6e6a493f581785f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/router.ts:306
			const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #24bea1bf1b295396 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/favorites.store.ts:67
			telemetry.track('User toggled favorite', {
				action: 'removed',
				resource_type: resourceType,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d4cfcedeff5a96f8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/favorites.store.ts:75
			telemetry.track('User toggled favorite', {
				action: 'added',
				resource_type: resourceType,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d246b2c46f2d081b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/logs.store.ts:92
		telemetry.track('User toggled log view sub pane', {
			pane: 'input',
			newState: wasOpen ? 'hidden' : 'visible',
			isSubNode: isSubNodeSelected.value,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #7f27233950d10f09 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/logs.store.ts:113
		telemetry.track('User toggled log view sub pane', {
			pane: 'output',
			newState: wasOpen ? 'hidden' : 'visible',
			isSubNode: isSubNodeSelected.value,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #fc0131c75f8f417e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/posthog.store.test.ts:119
			const posthog = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #2a7e39e81644f400 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/posthog.store.test.ts:120
			posthog.init();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #06750638e9ec7d40 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/posthog.store.test.ts:127
			const posthog = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #6a5d41168e396b60 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/posthog.store.test.ts:128
			posthog.init();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #cf36c1717c658ccc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/posthog.store.test.ts:152
			const posthog = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ed92ac05ff683df3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/posthog.store.test.ts:153
			posthog.init(flags);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b08f0918e5bc7e04 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/posthog.store.test.ts:155
			expect(posthog.getVariant('test')).toEqual(flags[TEST]);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b1af8c91218366db Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/posthog.store.test.ts:168
			const posthog = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #237b2099f9927226 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/posthog.store.test.ts:169
			posthog.init();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #3dded12d17394976 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/posthog.store.test.ts:183
			const posthog = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #681eb3b9c78132c3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/posthog.store.test.ts:184
			posthog.init();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d1876ff9bd402435 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/posthog.store.test.ts:194
			const posthog = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ee5c3c21e0050565 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/posthog.store.test.ts:196
			posthog.capture('Test event', { test: 'value' });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #860f26f505a9faff Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/posthog.store.test.ts:204
			const posthog = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #3befd48a170ba837 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/posthog.store.test.ts:206
			posthog.capture('Test event', {
				test: 'value',
				$groups: {
					organization: 'n8n',
				},
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #f2cd64d463566a59 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/posthog.store.test.ts:226
			const posthog = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #96b2db6e310120e6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/posthog.store.test.ts:227
			posthog.init(flags);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #768bbe24e0222242 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/posthog.store.test.ts:232
			expect(posthog.getVariant('test')).toEqual('override');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #06e371f901a54d2e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/posthog.store.test.ts:246
			const posthog = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #316357b69814ebba Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/posthog.store.test.ts:247
			posthog.init();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ecbe274ea4dc1e26 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/posthog.store.test.ts:249
			expect(posthog.hasPendingFeatureFlags()).toBe(true);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #fb8bbbbf0760533e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/posthog.store.test.ts:253
			const waitForFlags = posthog.waitForFeatureFlags().then(() => {

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b07bc50513f63f81 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/posthog.store.test.ts:263
			expect(posthog.hasPendingFeatureFlags()).toBe(false);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #4194b8dd9d9459f1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/posthog.store.test.ts:264
			expect(posthog.getVariant('test')).toEqual('variant');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #5aaf6e11ceda1eac Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/posthog.store.ts:147
		telemetry.track(TELEMETRY_EVENTS.IS_PART_OF_EXPERIMENT, {
			name,
			variant,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #bd6f18fcbcf9da13 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/ui.store.ts:596
		telemetry.track('User clicked to open community node update modal', {
			source,
			package_name: packageName,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a3b09d401493a697 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/ui.store.ts:646
		telemetry.track('User toggled sidebar', {
			expanded: !sidebarMenuCollapsed.value,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #2494d9ce15eef4b4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/versions.store.ts:213
								telemetry.track("User clicked on what's new notification", {
									article_id: articleId,
								});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #f18533e2c8dbc3db Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/aiTemplatesStarterCollection/stores/aiTemplatesStarterCollection.store.ts:27
		const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a7e83937d2b16fca Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/aiTemplatesStarterCollection/stores/aiTemplatesStarterCollection.store.ts:71
			telemetry.track('User created AI templates starter collection', {
				source,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #7552b5302da53842 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/aiTemplatesStarterCollection/stores/aiTemplatesStarterCollection.store.ts:77
			telemetry.track('User dismissed AI templates starter collection callout');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d4704fd9e2dcf430 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/aiTemplatesStarterCollection/stores/aiTemplatesStarterCollection.store.ts:81
			telemetry.track('User opened AI template workflow', {
				template,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #4670393ab51ba330 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/aiTemplatesStarterCollection/stores/aiTemplatesStarterCollection.store.ts:87
			telemetry.track('User executed AI template', {
				template,
				status,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a826580aeb272137 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/credentialsAppSelection/stores/credentialsAppSelection.store.ts:16
		const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #874fc35507ea16a3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/credentialsAppSelection/stores/credentialsAppSelection.store.ts:52
			telemetry.track('App selection page viewed');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b880b2deb6111df2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/credentialsAppSelection/stores/credentialsAppSelection.store.ts:56
			telemetry.track('App selection search performed', {
				search_term: searchTerm,
				result_count: resultCount,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #19a075fb103fc10b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/credentialsAppSelection/stores/credentialsAppSelection.store.ts:67
			telemetry.track('App selection completed', {
				connected_count: connectedCount.value,
				connected_apps: connectedApps,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #6e794bc4142cbcf3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/emptyStateBuilderPrompt/stores/emptyStateBuilderPrompt.store.ts:25
		const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #5611983d9acd9e3b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/emptyStateBuilderPrompt/stores/emptyStateBuilderPrompt.store.ts:66
			telemetry.track('User submitted empty state builder prompt', {
				prompt_length: prompt.length,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d189661f9063b8a7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/emptyStateBuilderPrompt/stores/emptyStateBuilderPrompt.store.ts:103
			telemetry.track('User imported workflow from empty state', {
				node_count: workflowData.nodes?.length ?? 0,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #531debe858b9c084 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/evaluationsWizardSidepanel/useEvaluationsWizardSidepanelExperiment.ts:7
	const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e2d1461ece0f1a70 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/instanceAiBrowserCredentialSetup/useInstanceAiBrowserCredentialSetupExperiment.ts:7
	const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #bb0f742318ec1bb1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/instanceAiBrowserUse/useInstanceAiBrowserUseExperiment.ts:7
	const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #de7df054369b3f00 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/instanceAiComputerUse/useInstanceAiComputerUseExperiment.ts:7
	const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #4771e0b1f52bd357 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/instanceAiMcpConnections/useInstanceAiMcpConnectionsExperiment.ts:7
	const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a8efa96f983c348f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/instanceAiPersonalizedPromptSuggestions/useInstanceAiPersonalizedPromptSuggestionsExperiment.ts:9
	const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #8fe6087e078ed7a5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/instanceAiProactiveAgent/useInstanceAiProactiveAgentExperiment.ts:7
	const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b2573ca9ec1e6592 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/instanceAiPromptSuggestionsV2/useInstanceAiPromptSuggestionsV2Experiment.ts:7
	const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #0797500afa62c3fd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/instanceAiSplitEmptyState/useInstanceAiSplitEmptyStateExperiment.ts:6
	const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ee3cc43f3524be1e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/instanceAiTemplateExamples/useInstanceAiTemplateExamplesExperiment.ts:7
	const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #2560d032e5791247 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/personalizedTemplates/stores/personalizedTemplates.store.ts:68
	const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a690fc5dd9c91493 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/personalizedTemplates/stores/personalizedTemplates.store.ts:99
		telemetry.track('User was recommended personalized templates', {
			templateIds,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ec599c1bd81b7f65 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/personalizedTemplates/stores/personalizedTemplates.store.ts:105
		telemetry.track('User clicked on personalized template callout', {
			templateId,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #25d0dae93b2ea422 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/personalizedTemplates/stores/personalizedTemplates.store.ts:111
		telemetry.track('User dismissed personalized template callout', {
			templateId,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #f8406787d89d5c81 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/personalizedTemplatesV3/stores/personalizedTemplatesV3.store.ts:14
	const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d134d1cbf195b91f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/personalizedTemplatesV3/stores/personalizedTemplatesV3.store.ts:74
		telemetry.track('User clicked on personalization card');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #4b1ee55491d6af32 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/personalizedTemplatesV3/stores/personalizedTemplatesV3.store.ts:78
		telemetry.track('User viewed personalization modal');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #abc503e0d3589411 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/personalizedTemplatesV3/stores/personalizedTemplatesV3.store.ts:82
		telemetry.track('User viewed personalization tooltip');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ac8ee8b76c9f4222 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/personalizedTemplatesV3/stores/personalizedTemplatesV3.store.ts:86
		telemetry.track('User dismissed personalization tooltip');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #0c7e07ce611abdf3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/personalizedTemplatesV3/stores/personalizedTemplatesV3.store.ts:90
		telemetry.track('User clicked on template from modal', {
			templateId,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #6411fa6e7073b67f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/personalizedTemplatesV3/stores/personalizedTemplatesV3.store.ts:96
		telemetry.track('User clicked on templates repo from modal');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #04aed61da8e0820e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/personalizedTemplatesV3/stores/personalizedTemplatesV3.store.ts:120
			telemetry.track(TELEMETRY_EVENTS.IS_PART_OF_EXPERIMENT, {
				name: PERSONALIZED_TEMPLATES_V3.name,
				variant,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #15a96faaaf2e8a5a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/readyToRunWorkflows/stores/readyToRunWorkflows.store.ts:27
		const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #6482135656172a5b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/readyToRunWorkflows/stores/readyToRunWorkflows.store.ts:49
			telemetry.track('User created ready to run workflows', {
				source,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #12307ef27d9b6e57 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/readyToRunWorkflows/stores/readyToRunWorkflows.store.ts:55
			telemetry.track('User dismissed ready to run workflows callout');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #4758d966e2e4b799 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/readyToRunWorkflows/stores/readyToRunWorkflows.store.ts:59
			telemetry.track('User opened ready to run workflow', {
				template,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e948e3327bc06a6b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/readyToRunWorkflows/stores/readyToRunWorkflows.store.ts:65
			telemetry.track('User executed ready to run workflow', {
				template,
				status,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #0add63fcd29ceb6c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/readyToRunWorkflowsV2/stores/readyToRunWorkflowsV2.store.ts:14
		const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #af6ba793e2663087 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/resourceCenter/stores/resourceCenter.store.ts:20
	const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #6ae1fbd9d1647a89 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/resourceCenter/stores/resourceCenter.store.ts:69
		telemetry.track('User visited resource center');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a5984993a3f4fc60 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/resourceCenter/stores/resourceCenter.store.ts:73
		telemetry.track('User clicked on resource center tile', { section, type, id });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d1d0bcaae508d284 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/sidebarExpanded/useSidebarExpandedExperiment.ts:7
	const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #6d687cc28319c661 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/surfaceMcpToNewCloudUsers/stores/surfaceMcpToNewCloudUsers.store.ts:28
		const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #689a49e67f7c28d4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/surfaceMcpToNewCloudUsers/stores/surfaceMcpToNewCloudUsers.store.ts:72
			telemetry.track(
				'MCP onboarding entry point viewed',
				getTelemetryPayload({
					surface,
					entry_point: entryPoint,
					mcp_access_enabled: mcpAccessEnabled,
				}),
			);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #2712991a78452e8b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/surfaceMcpToNewCloudUsers/stores/surfaceMcpToNewCloudUsers.store.ts:89
			telemetry.track(
				'MCP onboarding opportunity viewed',
				getTelemetryPayload({
					surface,
					entry_point: entryPoint,
					eligible: true,
					surface_available: surfaceAvailable,
					suppressed_by: suppressedBy,
					mcp_access_enabled: mcpAccessEnabled,
				}),
			);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ca76a3b08a931ca8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/surfaceMcpToNewCloudUsers/stores/surfaceMcpToNewCloudUsers.store.ts:106
			telemetry.track(
				'MCP onboarding opened',
				getTelemetryPayload({
					surface,
					...(payload.entryPoint ? { entry_point: payload.entryPoint } : {}),
					...(payload.mcpAccessEnabled !== undefined
						? { mcp_access_enabled: payload.mcpAccessEnabled }
						: {}),
				}),
			);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #614afbcc1a0427b4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/surfaceMcpToNewCloudUsers/stores/surfaceMcpToNewCloudUsers.store.ts:126
			telemetry.track(
				'MCP onboarding dismissed',
				getTelemetryPayload({
					surface,
					...(payload.activeClient ? { active_client: payload.activeClient } : {}),
					...(payload.enabledDuringThisOpen !== undefined
						? { enabled_during_this_open: payload.enabledDuringThisOpen }
						: {}),
					...(payload.mcpAccessEnabled !== undefined
						? { mcp_access_enabled: payload.mcpAccessEnabled }
						: {}),
				}),
			);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #2a69bd6f62e352e7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/surfaceMcpToNewCloudUsers/stores/surfaceMcpToNewCloudUsers.store.ts:142
			telemetry.track('MCP onboarding enable clicked', getTelemetryPayload({ surface }));

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #df13826da8f7b1fa Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/surfaceMcpToNewCloudUsers/stores/surfaceMcpToNewCloudUsers.store.ts:146
			telemetry.track('MCP onboarding enabled', getTelemetryPayload({ surface }));

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #c11b9a4c5d34c248 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/surfaceMcpToNewCloudUsers/stores/surfaceMcpToNewCloudUsers.store.ts:150
			telemetry.track(
				'MCP onboarding enable failed',
				getTelemetryPayload({ surface, error_type: errorType }),
			);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ccada81f1c6a9fb3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/surfaceMcpToNewCloudUsers/stores/surfaceMcpToNewCloudUsers.store.ts:160
			telemetry.track('MCP onboarding client selected', getTelemetryPayload({ surface, client }));

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #0c70a061c62d769c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/surfaceMcpToNewCloudUsers/stores/surfaceMcpToNewCloudUsers.store.ts:168
			telemetry.track(
				'MCP onboarding setup shown',
				getTelemetryPayload({ surface, client, setup_type: setupType }),
			);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #259c0041905e4bb4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/surfaceMcpToNewCloudUsers/stores/surfaceMcpToNewCloudUsers.store.ts:179
			telemetry.track(
				'MCP onboarding copied parameter',
				getTelemetryPayload({ surface, client, parameter }),
			);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #8ed7e064b4768c00 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/templateRecoV2/stores/templateRecoV2.store.ts:17
		const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b7c4f64285196b9f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/templateRecoV2/stores/templateRecoV2.store.ts:59
			telemetry.track('User clicked on node minicard', {
				tool,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a61289342c183453 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/templateRecoV2/stores/templateRecoV2.store.ts:65
			telemetry.track('User visited template recommendation modal tab', {
				tool,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #2e1868212ade92d9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/templateRecoV2/stores/templateRecoV2.store.ts:71
			telemetry.track('User clicked on template recommendation tile', {
				templateId,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #6db891241a449890 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/templateRecoV2/stores/templateRecoV2.store.ts:77
			telemetry.track('User clicked on template recommendation video', {
				name,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b4c4ef0c50022e3a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/templateRecoV2/stores/templateRecoV2.store.ts:83
			telemetry.track('User clicked on template recommendation see more', {
				type,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b21499053944d8e6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/utils.ts:34
		usePostHog().getVariant(EXTRA_TEMPLATE_LINKS_EXPERIMENT.name) ===

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #9732766d7fc3c06d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/utils.ts:79
	useTelemetry().track('User clicked on templates', {
		role: useCloudPlanStore().currentUserCloudInfo?.role,
		active_workflow_count: useWorkflowsListStore().activeWorkflows.length,
		source,
	});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e7f4f0ac61cb49b4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/agents/composables/useAgentCreate.ts:57
		telemetry.track('User created agent', {
			agent_id: agent.id,
			source: options.telemetrySource,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #682af033c9887be5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/agents/composables/useAgentTelemetry.ts:31
			telemetry.track(event, props);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #034b8465ab22b78d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/agents/composables/useAgentToolTelemetry.ts:39
		telemetry.track(
			'User started adding agent tool',
			withAgent({ tool_type: toolType, source: 'manual' }),
		);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #90673bc5302a6380 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/agents/composables/useAgentToolTelemetry.ts:47
		telemetry.track(
			'User added agent tool',
			withAgent({
				tool_type: ref.type,
				has_approval: ref.requireApproval ?? false,
				...identityProps(ref),
			}),
		);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #aaffb276fd2d6de8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/agents/composables/useAgentToolTelemetry.ts:59
		telemetry.track(
			'User added agent tool',
			withAgent({
				tool_type: 'mcpServer',
				has_approval: false,
				server_name: server.name,
				authentication: server.authentication,
			}),
		);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #2a67f19785a4b3b5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/agents/composables/useAgentToolTelemetry.ts:72
		telemetry.track(
			'User edited agent tool',
			withAgent({ tool_type: ref.type, ...identityProps(ref) }),
		);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a1f72c6d42e59370 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/agents/composables/useAgentToolTelemetry.ts:80
		telemetry.track(
			'User removed agent tool',
			withAgent({ tool_type: ref.type, ...identityProps(ref) }),
		);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #53cb60bde89272c1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/assistant/assistant.store.test.ts:103
		posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #3578731d09470aba Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/assistant/assistant.store.ts:280
			telemetry.track('Assistant session started', {
				chat_session_id: currentSessionId.value,
				task: chatSessionTask.value,
				node_type: chatSessionError.value?.node.type,
				credential_type: chatSessionCredType.value?.name,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #fbfee8f564b30968 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/assistant/assistant.store.ts:610
			telemetry.track('User executed node after assistant suggestion', {
				task: chatSessionTask.value,
				chat_session_id: currentSessionId.value,
				success: false,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e13a6f4c10e5e6c1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/assistant/assistant.store.ts:621
			telemetry.track('User executed node after assistant suggestion', {
				task: chatSessionTask.value,
				chat_session_id: currentSessionId.value,
				success: true,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #4a7b49034182f94b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/assistant/assistant.store.ts:696
		telemetry.track('User sent message in Assistant', {
			message,
			is_quick_reply: isQuickReply,
			chat_session_id: currentSessionId.value,
			message_number: usersMessages.value.length,
			task: chatSessionTask.value,
			allow_sending_parameter_values: allowSendingParameterValues.value,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #43bd4be9b519f271 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/assistant/assistant.store.ts:733
		telemetry.track('User opened assistant', {
			source,
			task,
			has_existing_session,
			instance_id: rootStore.instanceId,
			workflow_id: workflowId,
			canvas_status: canvasStatus,
			node_type: chatSessionError.value?.node?.type,
			error: chatSessionError.value?.error,
			chat_session_id: currentSessionId.value,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #7d37d43405c8c96b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/assistant/builder.store.test.ts:172
		posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #f8877a724095e901 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/assistant/builder.store.ts:272
	const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #442b0f33d972c7ff Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/assistant/builder.store.ts:510
		telemetry.track('End of response from builder', {
			user_message_id: userMessageId,
			workflow_id: routeWorkflowId.value,
			session_id: trackingSessionId.value,
			tab_visible: document.visibilityState === 'visible',
			code_builder: isCodeBuilder.value,
			mode: builderMode.value,
			...(planApproved ? { plan_approved: true } : {}),
			...getWorkflowModifications(currentStreamingMessage.value),
			...payload,
			...getTodosToTrack(),
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d9aa1554706cef73 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/assistant/builder.store.ts:797
		telemetry.track('User submitted builder message', trackingPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #500e6c85cbe17453 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/assistant/builder.store.ts:804
			telemetry.track('ai.focusedNodes.chatSent', {
				focused_count: focusedCount,
				has_deictic_ref: hasDeicticRef,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d93541e534107efa Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/assistant/builder.store.ts:1543
		telemetry.track('Workflow builder journey', payload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d760835e4d377a1b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/assistant/builder.utils.ts:41
	const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #6480f6ae4d6c0851 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/assistant/chatPanel.store.ts:45
	const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #6e185355a9268290 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/assistant/composables/useAskModeCoachmark.ts:23
	const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ba1e1b82311b6122 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/assistant/composables/useReviewChanges.ts:41
	const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #493b672f5fbf4da4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/assistant/focusedNodes.store.ts:30
	const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b148d246b12736b5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/assistant/focusedNodes.store.ts:121
			telemetry.track('ai.focusedNodes.added', {
				source,
				node_count: nodeTypes.length,
				node_types: nodeTypes,
				...(source === 'mention' && options?.mentionQueryLength !== undefined
					? { mention_query_length: options.mentionQueryLength }
					: {}),
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #35b3a00a034e9009 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/assistant/focusedNodes.store.ts:191
			telemetry.track('ai.focusedNodes.removed', {
				method,
				removed_count: 1,
				remaining_count: confirmedNodes.value.length,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #904bb261baf2c15e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/assistant/focusedNodes.store.ts:204
			telemetry.track('ai.focusedNodes.removed', {
				method: 'clear_all',
				removed_count: previousCount,
				remaining_count: 0,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #6ed2419fd5af61ed Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/assistant/focusedNodes.store.ts:258
			telemetry.track('ai.focusedNodes.removed', {
				method: 'clear_all',
				removed_count: previousCount,
				remaining_count: confirmedNodes.value.length,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #adfc3ab30f93c6a3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/assistant/focusedNodes.store.ts:273
				telemetry.track('ai.focusedNodes.removed', {
					method: 'workflow_changed',
					removed_count: previousCount,
					remaining_count: 0,
				});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #8b67134be0cd00e0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/assistant/focusedNodes.store.ts:301
				telemetry.track('ai.focusedNodes.removed', {
					method: 'node_deleted',
					removed_count: deletedConfirmedCount,
					remaining_count: confirmedNodes.value.length,
				});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a5da609b0b0828c0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/chatHub/chat.store.ts:632
		telemetry.track('User sent chat hub message', {
			...flattenModel(agent.model),
			is_custom: agent.model.provider === 'custom-agent',
			chat_session_id: sessionId,
			mode,
			source,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a9f4842d97832d0f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/chatHub/chat.store.ts:757
		telemetry.track('User edited chat hub message', {
			...flattenModel(agent.model),
			is_custom: agent.model.provider === 'custom-agent',
			chat_session_id: sessionId,
			chat_message_id: editId,
			mode,
			source,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #3818e5dbf83f0982 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/chatHub/chat.store.ts:832
		telemetry.track('User regenerated chat hub message', {
			...flattenModel(agent.model),
			is_custom: agent.model.provider === 'custom-agent',
			chat_session_id: sessionId,
			chat_message_id: retryId,
			mode,
			source,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #cc21c3576f78845b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/chatHub/chat.store.ts:1026
		telemetry.track('User created agent', { ...flattenModel(payload) });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #bd6a756cd647da97 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/chatHub/chatHubPanel.store.ts:21
	const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #342d71bccb693734 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/chatHub/chatHubPanel.store.ts:42
		telemetry.track('User opened floating chat panel', { source: 'canvas' });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #85dad97a717e9d01 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/chatHub/chatHubPanel.store.ts:62
		telemetry.track('User popped out floating chat panel', { source: 'canvas' });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #2156f9f0695c8cb1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/chatHub/components/AgentEditorModal.test.ts:539
			const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #547c68f50b2c2d65 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/evaluation.ee/components/WizardSidepanel/useWizardPersistence.ts:196
			telemetry.track('User ran evaluation', {
				workflow_id: workflowId,
				run_id: dispatched?.testRunId ?? null,
				metric_count: wizardStore.selectedMetricKeys.length,
				custom_check_count: wizardStore.customChecks.length,
				slice_mode: wizardStore.isSliceMode,
				trigger,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #eea9b5755e5effde Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/evaluation.ee/composables/useEvalCollectionsFlag.ts:19
	const postHog = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #dd8030490332c1bd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/instanceAi/composables/useInstanceAiHandoffCapability.ts:132
		telemetry.track('Instance AI opened from editor', {
			source,
			workflow_id: workflowId,
			execution_id: executionId ?? null,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #6687a7cf0458b0ea Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/instanceAi/composables/useInstanceAiHandoffCapability.ts:144
			telemetry.track('Instance AI opened from editor', {
				source,
				workflow_id: null,
				execution_id: null,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #8829ceeada191c95 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/instanceAi/composables/useInstanceAiHandoffCapability.ts:171
		telemetry.track('Instance AI opened from editor', {
			source,
			workflow_id: null,
			execution_id: null,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a8972571c488e98f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/instanceAi/instanceAi.threadRuntime.ts:428
			telemetry.track('User viewed new builder workflow', {
				thread_id: threadId,
				instance_id: rootStore.instanceId,
				workflow_id: workflowId,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #90d51a194cf63151 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/instanceAi/instanceAi.threadRuntime.ts:470
			telemetry.track('Builder generation stalled', { thread_id: threadId });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #4d804f086eac86fc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/instanceAi/instanceAi.threadRuntime.ts:602
					telemetry.track('User finished providing input', {
						thread_id: threadId,
						input_thread_id: conf.inputThreadId ?? '',
						instance_id: rootStore.instanceId,
						type: 'approval',
						provided_inputs: [
							{
								label: conf.message,
								options: ['approve', 'deny', 'approve_always'],
								option_chosen: 'approve_auto',
							},
						],
						skipped_inputs: [],
						auto_resolved: true,
					});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #3388cb972fdf02fe Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/instanceAi/instanceAi.threadRuntime.ts:991
		telemetry.track('User sent builder message', {
			thread_id: threadId,
			instance_id: rootStore.instanceId,
			is_first_message: isFirstMessage,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d4bc567312d22912 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/instanceAi/instanceAiBrowserUse.telemetry.ts:7
			telemetry.track('Instance AI Connect Browser Use modal opened');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #05fe94ae82541e9d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/instanceAi/instanceAiBrowserUse.telemetry.ts:10
			telemetry.track('Instance AI Install Chrome Browser Extension button clicked');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #f173240371766c69 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/instanceAi/instanceAiBrowserUse.telemetry.ts:13
			telemetry.track('Instance AI Open Browser Use Extension button clicked');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #0806388a7a969b9b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/instanceAi/instanceAiMcp.telemetry.ts:7
			telemetry.track('Instance AI mcp modal opened');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #5e3b5a1590587437 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/instanceAi/instanceAiMcp.telemetry.ts:10
			telemetry.track('Instance AI mcp settings opened', { server_slug: serverSlug });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e7ff7979c6ea1a6e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/instanceAi/instanceAiPromptSuggestions.telemetry.ts:76
			telemetry.track('Instance AI prompt suggestions shown', createBasePayload(context));

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #62d6c03adb1e453c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/instanceAi/instanceAiPromptSuggestions.telemetry.ts:80
			telemetry.track('Instance AI quick examples opened', {
				...createBasePayload(context),
				suggestion_id: context.suggestionId,
				position: context.position,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #6433317fa43ccd47 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/instanceAi/instanceAiPromptSuggestions.telemetry.ts:88
			telemetry.track('Instance AI prompt suggestions cycled', {
				...context.telemetryPayload,
				suggestion_catalog_version: resolveSuggestionCatalogVersion(context),
				visible_suggestion_ids: context.visibleSuggestionIds,
				cycle_count: context.cycleCount,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ef5d9f4421021b0f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/instanceAi/instanceAiPromptSuggestions.telemetry.ts:97
			telemetry.track('Instance AI prompt suggestion selected', {
				...createBasePayload(context),
				suggestion_id: context.suggestionId,
				suggestion_kind: context.suggestionKind,
				position: context.position,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #bf227c0c8a5423ef Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/instanceAi/instanceAiPromptSuggestions.telemetry.ts:106
			telemetry.track('Instance AI prompt suggestion submitted', {
				...createBasePayload(context),
				suggestion_id: context.suggestionId,
				suggestion_kind: context.suggestionKind,
				position: context.position,
				prompt_modified: context.promptModified,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a6dee8e2ac9c2ec1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/instanceAi/useResponseFeedback.ts:116
			telemetry.track('User rated workflow generation', {
				thread_id: threadId,
				response_id: responseId,
				helpful: payload.rating === 'up',
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d2a50856a715fb4a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/instanceAi/useResponseFeedback.ts:128
			telemetry.track('User submitted workflow generation feedback', {
				thread_id: threadId,
				response_id: responseId,
				feedback: payload.feedback,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #15d0de5cebcec565 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/instanceAi/workflowSetup/composables/useWorkflowSetupTelemetry.ts:141
		telemetry.track('Instance AI workflow setup step shown', getStepTelemetryPayload(step));

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #79900e5dd46f27a8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/instanceAi/workflowSetup/composables/useWorkflowSetupTelemetry.ts:152
		telemetry.track(
			'Instance AI workflow setup step handled',
			getStepTelemetryPayload(step, outcome),
		);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #7d35cf99d183544a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/instanceAi/workflowSetup/composables/useWorkflowSetupTelemetry.ts:198
		telemetry.track('User finished providing input', {
			...getSetupTelemetryContext(),
			provided_inputs: provided,
			skipped_inputs: skipped,
			explicitly_skipped_inputs: explicitlySkipped,
			num_tasks: deps.sections.value.length,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #fe912e1b73503afd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/mcpAccess/composables/useMcp.ts:7
		telemetry.track('User gave MCP access to workflow', { workflow_id: workflowId });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a025a00b17ada93b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/mcpAccess/composables/useMcp.ts:11
		telemetry.track('User toggled MCP access', { state: enabled });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #cf7b620b8772f377 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/core/dataTable/composables/useDataTableOperations.ts:142
			telemetry.track('User deleted data table column', {
				column_id: columnId,
				column_type: columnToDelete.cellDataType,
				data_table_id: dataTableId,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #119e06b4bbc5e292 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/core/dataTable/composables/useDataTableOperations.ts:181
			telemetry.track('User renamed data table column', {
				column_id: columnId,
				column_type: columnToRename.cellDataType,
				data_table_id: dataTableId,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #62e0ecff20a378fb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/core/dataTable/composables/useDataTableOperations.ts:212
			telemetry.track('User added data table column', {
				column_id: newColumn.id,
				column_type: newColumn.type,
				data_table_id: dataTableId,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #eea867b7b8e03b08 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/core/dataTable/composables/useDataTableOperations.ts:266
			telemetry.track('User added row to data table', {
				data_table_id: dataTableId,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #3c28b8be1da10164 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/core/dataTable/composables/useDataTableOperations.ts:302
			telemetry.track('User edited data table content', {
				data_table_id: dataTableId,
				column_id: colDef.colId,
				column_type: colDef.cellDataType,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #666a58f6d95eb102 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/core/dataTable/composables/useDataTableOperations.ts:379
			telemetry.track('User deleted rows in data table', {
				data_table_id: dataTableId,
				deleted_row_count: idsToDelete.length,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #efe5e75173fdf9c7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/credentials/composables/useCredentialOAuth.ts:339
			telemetry.track('User created credentials', {
				credential_type: credential.type,
				credential_id: credential.id,
				workflow_id: workflowsStore.workflowId,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #c2b1a2bfe06247b4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/credentials/composables/useCredentialOAuth.ts:372
		telemetry.track('User saved credentials', trackProperties);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #0544ef25875710c6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/credentials/quickConnect/composables/useQuickConnect.ts:150
		telemetry.track('User clicked quick connect button', {
			source,
			credential_type: credentialTypeName,
			node_type: nodeType,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #4d14da8b14e8af57 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/execution/executions/composables/useExecutionDebugging.ts:154
		telemetry.track('User clicked debug execution button', {
			instance_id: useRootStore().instanceId,
			exec_status: isFullExecutionResponse(execution) ? execution.status : '',
			override_pinned_data: pinnableNodes.length === pinnings,
			all_exec_data_imported: missingNodeNames.length === 0,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #856931d0ed4a9dde Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/execution/executions/composables/useExecutionHelpers.ts:116
		telemetry.track(
			metadata.parentExecution
				? 'User clicked parent execution button'
				: 'User clicked inspect sub-workflow',
			{
				view,
			},
		);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ab17efa04c8dc265 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/execution/executions/composables/useExecutionPreviewDocument.ts:261
			telemetry.track('User opened read-only execution', {
				workflow_id: data.workflowData.id,
				execution_mode: data.mode,
				execution_finished: data.finished,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d2d87c8cc3ef3d76 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/execution/executions/composables/useExecutionRedaction.ts:35
		telemetry.track('User clicked reveal data', {
			workflow_id: workflowDocumentStore.value.workflowId,
			execution_id: workflowExecutionStateStore.value.activeExecution?.id,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #87311686845cef96 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/execution/logs/composables/useLogsPanelLayout.ts:72
			telemetry.track('User toggled log view', { new_state: 'attached' });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #412e92435fbeb1e0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/execution/logs/composables/useLogsPanelLayout.ts:86
		telemetry.track('User toggled log view', {
			new_state: wasOpen ? 'collapsed' : 'attached',
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #62674a57582c23d7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/execution/logs/composables/useLogsPanelLayout.ts:92
		telemetry.track('User toggled log view', { new_state: 'floating' });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #459a90bedbe9932e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/execution/logs/composables/useLogsSelection.ts:66
				telemetry.track('User selected node in log view', {
					node_type: value.node.type,
					node_id: value.node.id,
					execution_id: execution.value?.id,
					workflow_id: execution.value?.workflowData.id,
					subworkflow_depth: getDepth(value),
				});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #92b9208587ec2945 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/execution/logs/composables/useLogsSelection.ts:74
				telemetry.track('User selected canvas group in log view', {
					group_id: value.group.id,
					node_count: value.group.nodeIds.length,
					execution_id: execution.value?.id,
					workflow_id: execution.value?.workflowData.id,
					subworkflow_depth: getDepth(value),
				});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #8bf7b989aeca4001 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/integrations/sourceControl.ee/sourceControl.utils.ts:63
					telemetry.track('User clicked review variables');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #315e9073b335e831 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/integrations/sourceControl.ee/sourceControl.utils.ts:86
					telemetry.track('User clicked review credentials');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #730af86e48a3775f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ndv/runData/components/VirtualSchema.test.ts:678
			const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d581806fac2aad71 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ndv/runData/components/VirtualSchema.test.ts:748
		const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #99a2f41419d8c360 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ndv/runData/components/VirtualSchema.test.ts:1101
			const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ed9a9ab5316ff194 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ndv/runData/schemaPreview.store.ts:67
		telemetry.track('User executed node with schema preview', {
			node_id: id,
			node_type: type,
			node_version: typeVersion,
			node_resource: resource,
			node_operation: operation,
			schema_preview: JSON.stringify(result.result),
			output_schema: JSON.stringify(generateJsonSchema(pushEvent.data.data?.main?.[0]?.[0]?.json)),
			workflow_id: workflowId,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #32e9fb90a38cc158 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ndv/shared/ndv.utils.ts:29
import { captureException } from '@sentry/vue';

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b52a0f1005415fb4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/roles/composables/useRolesListActions.ts:57
			telemetry.track('User duplicated role', {
				role_id: item.slug,
				role_name: item.displayName,
				permissions: item.scopes,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #7be76e835bcde5a5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/settings/communityNodes/composables/useInstallNode.ts:68
			telemetry.track('user started cnr package install', {
				input_string: props.packageName,
				has_quick_connect: props.telemetry.hasQuickConnect,
				source: props.telemetry.source,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #def6339295ed5e16 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/settings/sso/provisioning/composables/useUserRoleProvisioningForm.ts:111
		telemetry.track('User updated provisioning settings', {
			instance_id: useRootStore().instanceId,
			authentication_method: protocol,
			assignment_method: getTelemetryAssignmentMethod(roleAssignment.value),
			role_mapping_method: getTelemetryRoleMappingMethod(mappingMethod.value),
			instance_rule_count: ruleSaveResult?.instanceRuleCount ?? 0,
			project_rule_count: ruleSaveResult?.projectRuleCount ?? 0,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #af4368e39cd7722e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/setupPanel/setupPanel.store.ts:11
	const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #6bd562ef372442ae Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/shared/commandBar/composables/useCommandBar.ts:245
		telemetry.track('User executed command bar command', {
			command_id: item.id,
			command_section: item.section,
			view,
			parent_command_id: parentItem?.id,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #28f346c4b8a630d1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/shared/commandBar/composables/useExecutionCommands.ts:163
			telemetry.track('User clicked retry execution button', {
				workflow_id: workflowId.value,
				execution_id: activeExecution.value.id,
				retry_type: loadWorkflow ? 'current' : 'original',
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #77bb4221c0d7180d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/shared/commandBar/composables/useWorkflowCommands.ts:368
					telemetry.track('User exported workflow', { workflow_id: workflowData.id });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a948a92410dce5c5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/shared/editors/plugins/codemirror/resolvableHighlighter.ts:6
import { captureException } from '@sentry/vue';

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a89aad72e9b9986b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/shared/nodeCreator/composables/useActionsGeneration.test.ts:37
		posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #141830f178dc089d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/shared/nodeCreator/nodeCreator.store.ts:342
		telemetry.track(event, {
			...properties,
			nodes_panel_session_id: nodePanelSessionId.value,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b57426d9897bc51f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/workflows/canvas/composables/useCanvasNodeGroupTelemetry.ts:35
			telemetry.track('User grouped nodes', buildProperties(group, source));

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #29bae618742f97e2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/workflows/canvas/composables/useCanvasNodeGroupTelemetry.ts:38
			telemetry.track('User ungrouped nodes', buildProperties(group, source));

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #3c30be433a903fbd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/workflows/canvas/composables/useCanvasNodeGroupTelemetry.ts:41
			telemetry.track('User collapsed group', buildProperties(group, source));

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #fe3947fca831d9f3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/workflows/canvas/composables/useCanvasNodeGroupTelemetry.ts:44
			telemetry.track('User expanded group', buildProperties(group, source));

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #cc6313d92e35ec3a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/workflows/canvas/experimental/experimentalNdv.store.ts:18
	const postHogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #3012868006fe6892 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/workflows/readyToRun/stores/readyToRun.store.ts:119
		telemetry.track('User executed ready to run AI workflow', {
			status,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #954b9c39abfb3c3e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/workflows/readyToRun/stores/readyToRun.store.ts:125
		telemetry.track('User executed ready to run AI workflow successfully');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #1931c7f67f152585 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/workflows/readyToRun/stores/readyToRun.store.ts:136
			telemetry.track('User claimed OpenAI credits');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #017385a4e51bf149 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/workflows/readyToRun/stores/readyToRun.store.ts:153
		telemetry.track('User opened ready to run AI workflow', {
			source,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e726b3796a82b73d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/workflows/templates/recommendations/recommendedTemplates.store.ts:22
	const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #589bbec078d7d0fe Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/workflows/templates/recommendations/recommendedTemplates.store.ts:49
		telemetry.track('User viewed template detail', {
			templateId,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #c3961d12b66636c3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/workflows/templates/recommendations/recommendedTemplates.store.ts:55
		telemetry.track('User viewed template cell', {
			tileNumber,
			templateId,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #6616b6784a479cc3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/workflows/templates/setupTemplate.store.ts:159
		telemetry.track('User closed cred setup', {
			completed: false,
			creds_filled: 0,
			creds_needed: credentialUsages.value.length,
			workflow_id: null,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #8ba0c5c2a60885bb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/workflows/templates/setupTemplate.store.ts:196
			telemetry.track('User closed cred setup', {
				completed: true,
				creds_filled: numFilledCredentials.value,
				creds_needed: credentialUsages.value.length,
				workflow_id: createdWorkflow.id,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #913c5b8cb29e4b10 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/workflows/templates/setupTemplate.store.ts:203
			telemetry.track('User inserted workflow template', {
				source: 'workflow',
				template_id: tryToParseNumber(templateId.value),
				wf_template_repo_session_id: templatesStore.currentSessionId,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #31790969432a5623 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/workflows/templates/setupTemplate.store.ts:209
			telemetry.track('User saved new workflow from template', {
				template_id: tryToParseNumber(templateId.value),
				workflow_id: createdWorkflow.id,
				wf_template_repo_session_id: templatesStore.currentSessionId,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #86de66c4ee867e81 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/workflows/templates/utils/templateActions.ts:81
	telemetry.track('User opened cred setup', { source });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #416856d3b5c94398 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/workflow/src/errors/base/base.error.ts:1
import type { Event } from '@sentry/node';

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 2392 low-confidence finding(s)
low egress production #96d72cef502a74a3 Hardcoded external endpoint. Review what data is sent to this destination.
repo/.claude/plugins/n8n/scripts/track-skill-usage.mjs:45
	await fetch(`${TELEMETRY_HOST}/v1/track`, {
		method: 'POST',
		headers: {
			'Content-Type': 'application/json',
			Authorization: `Basic ${Buffer.from(`${TELEMETRY_WRITE_KEY}:`).toString('base64')}`,
		},
		body: payload,
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only #390509872fcc4ac8 Filesystem access.
repo/.github/actions/ci-filter/__tests__/ci-filter.test.ts:338
		writeFileSync(join(repoDir, 'shared.ts'), 'shared\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5e48971a0478ef67 Filesystem access.
repo/.github/actions/ci-filter/__tests__/ci-filter.test.ts:345
		writeFileSync(join(repoDir, 'pr-only.ts'), 'pr\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0bb18eac771933cd Filesystem access.
repo/.github/actions/ci-filter/__tests__/ci-filter.test.ts:351
		writeFileSync(join(repoDir, 'shared.ts'), 'shared\ndrift-from-master\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d060f0e9b9b6ebfb Filesystem access.
repo/.github/actions/ci-filter/__tests__/ci-filter.test.ts:386
		writeFileSync(join(repoDir, 'shared.ts'), 'shared\npr-edit\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4e5335e03a3e37a6 Environment-variable access.
repo/.github/actions/ci-filter/__tests__/ci-filter.test.ts:405
	const originalStep = process.env.CI_FILTER_DEEPEN_STEP;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8159e98a98e27cb2 Filesystem access.
repo/.github/actions/ci-filter/__tests__/ci-filter.test.ts:417
		writeFileSync(join(builderDir, 'shared.ts'), 'shared\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f73ad17a9f95f808 Filesystem access.
repo/.github/actions/ci-filter/__tests__/ci-filter.test.ts:424
		writeFileSync(join(builderDir, 'pr-only.ts'), 'pr\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9389f48cca7ff499 Filesystem access.
repo/.github/actions/ci-filter/__tests__/ci-filter.test.ts:432
			writeFileSync(join(builderDir, 'shared.ts'), `shared\ndrift ${i}\n`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #14445c7cf0af7071 Environment-variable access.
repo/.github/actions/ci-filter/__tests__/ci-filter.test.ts:445
		process.env.CI_FILTER_DEEPEN_STEP = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #828cbffe58cf240d Environment-variable access.
repo/.github/actions/ci-filter/__tests__/ci-filter.test.ts:451
		if (originalStep === undefined) delete process.env.CI_FILTER_DEEPEN_STEP;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #20e9c1736a710823 Environment-variable access.
repo/.github/actions/ci-filter/__tests__/ci-filter.test.ts:452
		else process.env.CI_FILTER_DEEPEN_STEP = originalStep;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #49b583fcd34be8b8 Environment-variable access.
repo/.github/actions/ci-filter/__tests__/ci-filter.test.ts:472
	const originalStep = process.env.CI_FILTER_DEEPEN_STEP;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cfafb39019c2e35b Environment-variable access.
repo/.github/actions/ci-filter/__tests__/ci-filter.test.ts:473
	const originalMax = process.env.CI_FILTER_MAX_DEEPEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8c0f668235a23a4e Filesystem access.
repo/.github/actions/ci-filter/__tests__/ci-filter.test.ts:484
		writeFileSync(join(builderDir, 'shared.ts'), 'shared\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #18fa24e975d20009 Filesystem access.
repo/.github/actions/ci-filter/__tests__/ci-filter.test.ts:490
		writeFileSync(join(builderDir, 'pr-only.ts'), 'pr\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #141955e76b1bf03d Filesystem access.
repo/.github/actions/ci-filter/__tests__/ci-filter.test.ts:497
			writeFileSync(join(builderDir, 'shared.ts'), `shared\ndrift ${i}\n`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c2745929119ddebb Environment-variable access.
repo/.github/actions/ci-filter/__tests__/ci-filter.test.ts:510
		process.env.CI_FILTER_DEEPEN_STEP = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #317375a641160c51 Environment-variable access.
repo/.github/actions/ci-filter/__tests__/ci-filter.test.ts:511
		process.env.CI_FILTER_MAX_DEEPEN = '2';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #02ff521be2889c39 Environment-variable access.
repo/.github/actions/ci-filter/__tests__/ci-filter.test.ts:517
		if (originalStep === undefined) delete process.env.CI_FILTER_DEEPEN_STEP;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3bd7df9ec38c6cbb Environment-variable access.
repo/.github/actions/ci-filter/__tests__/ci-filter.test.ts:518
		else process.env.CI_FILTER_DEEPEN_STEP = originalStep;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3f7e445e4bed6dd2 Environment-variable access.
repo/.github/actions/ci-filter/__tests__/ci-filter.test.ts:519
		if (originalMax === undefined) delete process.env.CI_FILTER_MAX_DEEPEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #44e470a4cd243033 Environment-variable access.
repo/.github/actions/ci-filter/__tests__/ci-filter.test.ts:520
		else process.env.CI_FILTER_MAX_DEEPEN = originalMax;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4dd7378c8133911f Filesystem access.
repo/.github/actions/ci-filter/__tests__/ci-filter.test.ts:552
		writeFileSync(join(repoDir, 'main.ts'), 'main\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #157a2c899ca0da6f Filesystem access.
repo/.github/actions/ci-filter/__tests__/ci-filter.test.ts:560
		writeFileSync(join(repoDir, 'feature.ts'), 'feature\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c33efbf3d00cd728 Environment-variable access.
repo/.github/actions/ci-filter/__tests__/ci-filter.test.ts:582
		const originalEnv = process.env.INPUT_JOB_RESULTS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #939e033fab84056e Environment-variable access.
repo/.github/actions/ci-filter/__tests__/ci-filter.test.ts:586
		process.env.INPUT_JOB_RESULTS = JSON.stringify(jobResults);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #40227968d40e766c Environment-variable access.
repo/.github/actions/ci-filter/__tests__/ci-filter.test.ts:594
			process.env.INPUT_JOB_RESULTS = originalEnv;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a1587626d0567672 Environment-variable access.
repo/.github/actions/ci-filter/ci-filter.mjs:147
	let step = Number(process.env.CI_FILTER_DEEPEN_STEP) || 200;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cf3e6311aec9a4ee Environment-variable access.
repo/.github/actions/ci-filter/ci-filter.mjs:148
	const maxDeepen = Number(process.env.CI_FILTER_MAX_DEEPEN) || 20_000;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a5712464d23b4036 Filesystem access.
repo/.github/actions/ci-filter/ci-filter.mjs:195
		const content = readFileSync(shallowPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ba6249ef0ec835b9 Environment-variable access.
repo/.github/actions/ci-filter/ci-filter.mjs:245
	const outputFile = process.env.GITHUB_OUTPUT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #21feabf5f93bbaed Environment-variable access.
repo/.github/actions/ci-filter/ci-filter.mjs:265
	maxCount = Number(process.env.CI_FILTER_MAX_CHANGED_FILES) || 1000,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #72045f0615c7b4b9 Environment-variable access.
repo/.github/actions/ci-filter/ci-filter.mjs:279
	const filtersInput = process.env.INPUT_FILTERS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4931d35eb146f0a2 Environment-variable access.
repo/.github/actions/ci-filter/ci-filter.mjs:280
	const baseRef = process.env.INPUT_BASE_REF;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e394c55438add9ce Environment-variable access.
repo/.github/actions/ci-filter/ci-filter.mjs:318
	const raw = process.env.INPUT_JOB_RESULTS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c5b84cc192096ad1 Environment-variable access.
repo/.github/actions/ci-filter/ci-filter.mjs:348
	const mode = process.env.INPUT_MODE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aff4ec03c8310f97 Filesystem access.
repo/.github/scripts/bump-versions.mjs:3
import { writeFile, readFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ab59a6feef5dac53 Environment-variable access.
repo/.github/scripts/bump-versions.mjs:175
	const releaseType = /** @type { import('semver').ReleaseType | "experimental" } */ (
		process.env.RELEASE_TYPE
	);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #df44adebe6a6a369 Filesystem access.
repo/.github/scripts/bump-versions.mjs:224
	const rootPkgJson = JSON.parse(await readFile(resolve(rootDir, 'package.json'), 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #646c5ad2aeee75ff Filesystem access.
repo/.github/scripts/bump-versions.mjs:235
		await readFile(resolve(rootDir, 'pnpm-workspace.yaml'), 'utf-8').catch(() => ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e526f52220fc2fdb Filesystem access.
repo/.github/scripts/bump-versions.mjs:252
		const packageJson = JSON.parse(await readFile(packageFile, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #90e801d1d4a6237c Filesystem access.
repo/.github/scripts/bump-versions.mjs:271
		const packageJson = JSON.parse(await readFile(packageFile, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ad337dcf01aa75f6 Filesystem access.
repo/.github/scripts/bump-versions.mjs:285
		await writeFile(packageFile, JSON.stringify(packageJson, null, 2) + '\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #89cbcb1b595a3e8d Environment-variable access.
repo/.github/scripts/cla/check-signatures.mjs:25
	const prNumber = process.env.PR_NUMBER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2b91a917bb04ed61 Environment-variable access.
repo/.github/scripts/cla/check-signatures.mjs:26
	const headSha = process.env.HEAD_SHA;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #33d38cb90f8bed56 Environment-variable access.
repo/.github/scripts/cla/check-signatures.mjs:27
	const baseSha = process.env.BASE_SHA;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #123d14107a4008f5 Environment-variable access.
repo/.github/scripts/cla/check-signatures.mjs:28
	const isMergeGroup = process.env.IS_MERGE_GROUP === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #abe0bb248ac566da Environment-variable access.
repo/.github/scripts/cla/check-signatures.mjs:90
		const url = `${process.env.CLA_API}?checkContributor=${encodeURIComponent(login)}`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a7984e8bf23aecbd Environment-variable access.
repo/.github/scripts/cla/manage-label.mjs:23
	const issue_number = Number(process.env.PR_NUMBER);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cd0a9b1baa2c8b3c Environment-variable access.
repo/.github/scripts/cla/manage-label.mjs:24
	const allSigned = process.env.ALL_SIGNED === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #00d5c397ef9e6a61 Environment-variable access.
repo/.github/scripts/cla/post-final-status.mjs:24
	const allSigned = process.env.ALL_SIGNED === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8f1d2d430d813cf0 Environment-variable access.
repo/.github/scripts/cla/post-final-status.mjs:25
	const unsigned = (process.env.UNSIGNED ?? '').split(',').filter(Boolean);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cd2427e5953270dd Environment-variable access.
repo/.github/scripts/cla/post-final-status.mjs:26
	const errored = (process.env.ERRORED ?? '').split(',').filter(Boolean);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #03ceab1b2d53c4e8 Environment-variable access.
repo/.github/scripts/cla/post-final-status.mjs:27
	const unlinked = JSON.parse(process.env.UNLINKED || '[]');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #77411063a2124294 Environment-variable access.
repo/.github/scripts/cla/post-final-status.mjs:52
	const prNumber = process.env.PR_NUMBER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #59a33eaa35c90e48 Environment-variable access.
repo/.github/scripts/cla/post-final-status.mjs:55
		: process.env.CLA_SIGN_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5f69059511480652 Environment-variable access.
repo/.github/scripts/cla/post-final-status.mjs:60
		sha: /** @type {string} */ (process.env.HEAD_SHA),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #88b2e6dc5ef5bd1e Environment-variable access.
repo/.github/scripts/cla/post-final-status.mjs:62
		context: /** @type {string} */ (process.env.STATUS_CONTEXT),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d9f4fcc33306302d Environment-variable access.
repo/.github/scripts/cla/update-pr-comment.mjs:19
	const issue_number = Number(process.env.PR_NUMBER);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #88e7bde555072c3b Environment-variable access.
repo/.github/scripts/cla/update-pr-comment.mjs:20
	const allSigned = process.env.ALL_SIGNED === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c921b0f4653ce922 Environment-variable access.
repo/.github/scripts/cla/update-pr-comment.mjs:21
	const unsigned = (process.env.UNSIGNED ?? '').split(',').filter(Boolean);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8fdeb30793c338e9 Environment-variable access.
repo/.github/scripts/cla/update-pr-comment.mjs:22
	const errored = (process.env.ERRORED ?? '').split(',').filter(Boolean);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #db34091fd9916e86 Environment-variable access.
repo/.github/scripts/cla/update-pr-comment.mjs:23
	const unlinked = JSON.parse(process.env.UNLINKED || '[]');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bebe678663ac4ebf Environment-variable access.
repo/.github/scripts/cla/update-pr-comment.mjs:24
	const MARKER = /** @type {string} */ (process.env.COMMENT_MARKER);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bfca438cc1e245d8 Environment-variable access.
repo/.github/scripts/cla/update-pr-comment.mjs:54
Like many open source projects, we ask that you sign our [Contributor License Agreement](${process.env.CLA_SIGN_URL}) before we can accept your contribution.`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5ec0a7695c01dc6f Environment-variable access.
repo/.github/scripts/claude-task/prepare-claude-prompt.mjs:17
const task = process.env.INPUT_TASK;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4415905d26a0647d Environment-variable access.
repo/.github/scripts/claude-task/prepare-claude-prompt.mjs:18
const useRaw = process.env.USE_RAW_PROMPT === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bd103877b1070dda Environment-variable access.
repo/.github/scripts/claude-task/prepare-claude-prompt.mjs:19
const envFile = process.env.GITHUB_ENV;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #061a7de82ce3b9a4 Environment-variable access.
repo/.github/scripts/claude-task/resume-callback.mjs:18
const resumeUrl = process.env.RESUME_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #453f9619dd300ce5 Environment-variable access.
repo/.github/scripts/claude-task/resume-callback.mjs:19
const executionFile = process.env.EXECUTION_FILE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d04168c31fb1cdc8 Environment-variable access.
repo/.github/scripts/claude-task/resume-callback.mjs:20
const claudeOutcome = process.env.CLAUDE_OUTCOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f166253abc6f8f5d Environment-variable access.
repo/.github/scripts/claude-task/resume-callback.mjs:21
const sessionId = process.env.CLAUDE_SESSION_ID ?? '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #085cd2925759f323 Environment-variable access.
repo/.github/scripts/claude-task/resume-callback.mjs:22
const branchName = process.env.BRANCH_NAME ?? '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d4dd4f1b97be52eb Filesystem access.
repo/.github/scripts/claude-task/resume-callback.mjs:34
		const execution = JSON.parse(readFileSync(executionFile, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b11baaa10433e68e Environment-variable access.
repo/.github/scripts/cleanup-ghcr-images.mjs:18
const ORG = process.env.GHCR_ORG || 'n8n-io';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #95e8ae888f4ee906 Environment-variable access.
repo/.github/scripts/cleanup-ghcr-images.mjs:19
const REPO = process.env.GHCR_REPO || 'n8n';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7244d97ef875b1b0 Filesystem access.
repo/.github/scripts/cleanup-release-branch.mjs:85
	const rawEventData = await fs.readFile(eventPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c229b665881fe9df Environment-variable access.
repo/.github/scripts/compute-backport-targets.mjs:70
	const pullRequestEnv = process.env.PULL_REQUEST_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d04c78b4906847bd Environment-variable access.
repo/.github/scripts/compute-backport-targets.test.mjs:72
		process.env.GITHUB_EVENT_PATH = './fixtures/mock-github-event.json';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ab21e19d6abf74a5 Environment-variable access.
repo/.github/scripts/compute-backport-targets.test.mjs:81
		process.env.PULL_REQUEST_ID = '123';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1ad003d151e75d86 Environment-variable access.
repo/.github/scripts/compute-backport-targets.test.mjs:91
		process.env.PULL_REQUEST_ID = '#123';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d229fdc61c8cd83c Environment-variable access.
repo/.github/scripts/compute-backport-targets.test.mjs:96
		process.env.PULL_REQUEST_ID = '123';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6758c8891ee59397 Environment-variable access.
repo/.github/scripts/compute-backport-targets.test.mjs:101
		process.env.PULL_REQUEST_ID = 'abc-123';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2625c6bab1dab952 Environment-variable access.
repo/.github/scripts/create-github-release.mjs:29
	const ADDITIONAL_TAGS = process.env.ADDITIONAL_TAGS ?? '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #88c5151a95ce8466 Environment-variable access.
repo/.github/scripts/determine-release-candidate-branch-for-track.mjs:34
	const force = process.env.FORCE === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fb01406c4d550764 Filesystem access.
repo/.github/scripts/determine-version-info.mjs:139
	const packageJson = JSON.parse(readFileSync('./package.json', 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #471fead68a4c5906 Environment-variable access.
repo/.github/scripts/docker/docker-config.mjs:7
		this.githubOutput = process.env.GITHUB_OUTPUT || null;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #722f047f02d1c8c4 Environment-variable access.
repo/.github/scripts/docker/docker-config.mjs:147
			event: getArg('event') || process.env.GITHUB_EVENT_NAME,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #79dc442d9b7c8993 Environment-variable access.
repo/.github/scripts/docker/docker-config.mjs:148
			pr: getArg('pr') || process.env.GITHUB_PR_NUMBER,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4c17525f435c810b Environment-variable access.
repo/.github/scripts/docker/docker-config.mjs:149
			branch: getArg('branch') || process.env.GITHUB_REF_NAME,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f3e190733c679893 Environment-variable access.
repo/.github/scripts/docker/docker-tags.mjs:7
		this.githubOwner = process.env.GITHUB_REPOSITORY_OWNER || 'n8n-io';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e462780d43c5e702 Environment-variable access.
repo/.github/scripts/docker/docker-tags.mjs:8
		this.dockerUsername = process.env.DOCKER_USERNAME || 'n8nio';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c51d1a140ecfdf6b Environment-variable access.
repo/.github/scripts/docker/docker-tags.mjs:9
		this.githubOutput = process.env.GITHUB_OUTPUT || null;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3f1f01ffd26f9e4b Environment-variable access.
repo/.github/scripts/docker/get-manifest-digests.mjs:18
const githubOutput = process.env.GITHUB_OUTPUT || null;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #18a4e518df2c7f86 Environment-variable access.
repo/.github/scripts/docker/get-manifest-digests.mjs:38
const n8nTag = process.env.N8N_TAG || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #942b6ba638376cab Environment-variable access.
repo/.github/scripts/docker/get-manifest-digests.mjs:39
const runnersTag = process.env.RUNNERS_TAG || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dae267862fa3031a Environment-variable access.
repo/.github/scripts/docker/get-manifest-digests.mjs:40
const distrolessTag = process.env.DISTROLESS_TAG || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #323938bb4c2e65a0 Filesystem access.
repo/.github/scripts/ensure-provenance-fields.mjs:1
import { writeFile, readFile, copyFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ad822f977bedf59a Filesystem access.
repo/.github/scripts/ensure-provenance-fields.mjs:25
		...JSON.parse(await readFile(packageFile, 'utf-8')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #95f197b0fd8c383c Filesystem access.
repo/.github/scripts/ensure-provenance-fields.mjs:49
	await writeFile(packageFile, JSON.stringify(packageJson, null, 2) + '\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #753cdf73ec582d9c Filesystem access.
repo/.github/scripts/github-helpers.mjs:172
	return JSON.parse(fs.readFileSync(eventPath, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #200ae0ddded33699 Environment-variable access.
repo/.github/scripts/github-helpers.mjs:214
	const v = process.env[variableName];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2d3a8fb865bac910 Environment-variable access.
repo/.github/scripts/github-helpers.mjs:253
	const path = process.env.GITHUB_OUTPUT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c0bef61b0eb7481b Environment-variable access.
repo/.github/scripts/github-helpers.test.mjs:24
		process.env.GITHUB_TOKEN = 'token';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ad65fd27693bfb03 Environment-variable access.
repo/.github/scripts/github-helpers.test.mjs:25
		process.env.GITHUB_REPOSITORY = 'n8n-io/n8n';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d9d1474814a1b18c Filesystem access.
repo/.github/scripts/owners.mjs:50
	const content = readFileSync(path, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #32248dfe69e84934 Filesystem access.
repo/.github/scripts/owners.mjs:127
		readFileSync(path, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4eead76a8de5190d Environment-variable access.
repo/.github/scripts/plan-release.mjs:13
const stable = process.env['STABLE_VERSION'];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9829d2eb4c0766a2 Environment-variable access.
repo/.github/scripts/plan-release.mjs:14
const beta = process.env['BETA_VERSION'];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ecf36eba0f0cc936 Environment-variable access.
repo/.github/scripts/plan-release.mjs:15
const v1 = process.env['V1_VERSION'];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #edcba01c6c771ae7 Environment-variable access.
repo/.github/scripts/post-qa-metrics-comment.mjs:42
const webhookUrl = process.env.QA_METRICS_COMMENT_WEBHOOK_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e56ddc8c62d68059 Environment-variable access.
repo/.github/scripts/post-qa-metrics-comment.mjs:48
const repo = process.env.GITHUB_REPOSITORY ?? 'n8n-io/n8n';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #80525e3e7eac6818 Environment-variable access.
repo/.github/scripts/post-qa-metrics-comment.mjs:49
const sha = process.env.GITHUB_SHA?.slice(0, 8) ?? '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3816de03b84d6097 Environment-variable access.
repo/.github/scripts/post-qa-metrics-comment.mjs:55
const user = process.env.QA_METRICS_WEBHOOK_USER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a6811999a813d746 Environment-variable access.
repo/.github/scripts/post-qa-metrics-comment.mjs:56
const pass = process.env.QA_METRICS_WEBHOOK_PASSWORD;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0b414a1e2091357e Environment-variable access.
repo/.github/scripts/post-qa-metrics-comment.mjs:104
const token = process.env.GITHUB_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #44ff92d9fbdb54a8 Environment-variable access.
repo/.github/scripts/post-qa-metrics-comment.mjs:141
	const match = (process.env.GITHUB_REF ?? '').match(/refs\/pull\/(\d+)/);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8a06f5aa1b4f7c92 Environment-variable access.
repo/.github/scripts/promote-backport-labels-on-minor.mjs:27
	const dryRun = process.env.DRY_RUN === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8b52ca46e9ce30b5 Filesystem access.
repo/.github/scripts/send-build-stats.mjs:36
const summary = JSON.parse(readFileSync(join(runsDir, files.at(-1)), 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #824af9850954cbe5 Filesystem access.
repo/.github/scripts/send-docker-stats.mjs:42
	? JSON.parse(readFileSync(buildManifestPath, 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #951b7ece7feb76d9 Filesystem access.
repo/.github/scripts/send-docker-stats.mjs:46
	? JSON.parse(readFileSync(dockerManifestPath, 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f274ccb602844217 Environment-variable access.
repo/.github/scripts/send-metrics.mjs:28
	const ref = process.env.GITHUB_REF || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2677c99228d34f40 Environment-variable access.
repo/.github/scripts/send-metrics.mjs:30
	const runId = process.env.GITHUB_RUN_ID || null;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6921661f5ba740b6 Environment-variable access.
repo/.github/scripts/send-metrics.mjs:36
			sha: process.env.GITHUB_SHA?.slice(0, 8) || null,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c124f8364adadda2 Environment-variable access.
repo/.github/scripts/send-metrics.mjs:37
			branch: process.env.GITHUB_HEAD_REF || process.env.GITHUB_REF_NAME || null,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #97aa2cbdee7a08ef Environment-variable access.
repo/.github/scripts/send-metrics.mjs:43
				runId && process.env.GITHUB_REPOSITORY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ebbe408bceab6c64 Environment-variable access.
repo/.github/scripts/send-metrics.mjs:44
					? `https://github.com/${process.env.GITHUB_REPOSITORY}/actions/runs/${runId}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c342fecd4f27b0a1 Environment-variable access.
repo/.github/scripts/send-metrics.mjs:46
			job: process.env.GITHUB_JOB || null,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fda939274116e9c3 Environment-variable access.
repo/.github/scripts/send-metrics.mjs:47
			workflow: process.env.GITHUB_WORKFLOW || null,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8c2906c181c7b45b Environment-variable access.
repo/.github/scripts/send-metrics.mjs:48
			attempt: process.env.GITHUB_RUN_ATTEMPT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d59a861a75b3b5d5 Environment-variable access.
repo/.github/scripts/send-metrics.mjs:49
				? parseInt(process.env.GITHUB_RUN_ATTEMPT, 10)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cbf01b328f39a01f Environment-variable access.
repo/.github/scripts/send-metrics.mjs:53
			provider: !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #15076962514003c3 Environment-variable access.
repo/.github/scripts/send-metrics.mjs:55
				: process.env.RUNNER_ENVIRONMENT === 'github-hosted'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #71fdce3a5bb7b5b9 Environment-variable access.
repo/.github/scripts/send-metrics.mjs:65
	const webhookUrl = process.env.QA_METRICS_WEBHOOK_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #478ce78fde53eceb Environment-variable access.
repo/.github/scripts/send-metrics.mjs:66
	const webhookUser = process.env.QA_METRICS_WEBHOOK_USER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f4f10b42bc355799 Environment-variable access.
repo/.github/scripts/send-metrics.mjs:67
	const webhookPassword = process.env.QA_METRICS_WEBHOOK_PASSWORD;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a19717f53d58cce1 Environment-variable access.
repo/.github/scripts/set-latest-for-monorepo-packages.mjs:27
	const token = process.env.NPM_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bc3e6068d9b7f9d2 Filesystem access.
repo/.github/scripts/slack/build-trivy-blocks.mjs:28
	const report = JSON.parse(readFileSync(results, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7c06696f0720a521 Filesystem access.
repo/.github/scripts/slack/build-trivy-blocks.test.mjs:18
	writeFileSync(path, JSON.stringify(report));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #5ed44d3d615a9b43 Hardcoded external endpoint. Review what data is sent to this destination.
repo/.github/scripts/slack/notify.mjs:31
	const res = await fetch('https://slack.com/api/chat.postMessage', {
		method: 'POST',
		headers: {
			'Content-Type': 'application/json; charset=utf-8',
			Authorization: `Bearer ${token}`,
		},
		body: JSON.stringify(payload),
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #e8957effe392fac0 Environment-variable access.
repo/.github/scripts/slack/notify.mjs:78
	const token = process.env.SLACK_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7ee5619e4ab5e012 Environment-variable access.
repo/.github/scripts/stale/clean-stale-branches.mjs:162
	if (process.env.GH_TOKEN) return process.env.GH_TOKEN.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a92abfad13f05634 Environment-variable access.
repo/.github/scripts/stale/clean-stale-branches.mjs:163
	if (process.env.GITHUB_TOKEN) return process.env.GITHUB_TOKEN.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #060e6ccddb68661d Environment-variable access.
repo/.github/scripts/stale/clean-stale-branches.mjs:172
	if (process.env.GITHUB_REPOSITORY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2b46b5b8462f530e Environment-variable access.
repo/.github/scripts/stale/clean-stale-branches.mjs:173
		const [owner, repo] = process.env.GITHUB_REPOSITORY.split('/');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a4f9561817cb2e55 Environment-variable access.
repo/.github/scripts/stale/clean-stale-branches.mjs:193
	if (process.env.DRY_RUN === 'false' || process.env.DRY_RUN === '0') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9ce15b3412b8b8d7 Environment-variable access.
repo/.github/scripts/stale/clean-stale-branches.mjs:196
	if (process.env.DRY_RUN === 'true' || process.env.DRY_RUN === '1') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d8e381bc8e2f9d73 Environment-variable access.
repo/.github/scripts/stale/clean-stale-branches.mjs:210
	const raw = [...(values.exclude ?? []), process.env.EXCLUDE_BRANCHES ?? ''];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #c9644548cc0b3284 Hardcoded external endpoint. Review what data is sent to this destination.
repo/.github/scripts/stale/clean-stale-branches.mjs:228
	const res = await fetch(`${API}/graphql`, {
		method: 'POST',
		headers: { ...ctx.headers, 'Content-Type': 'application/json' },
		body: JSON.stringify({ query, variables }),
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #ccb1ab6413aa2092 Environment-variable access.
repo/.github/scripts/stale/clean-stale-branches.mjs:398
	const staleDays = Number(values.days ?? process.env.STALE_DAYS ?? 100);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e9be9d145733149f Environment-variable access.
repo/.github/scripts/stale/clean-stale-branches.mjs:400
		throw new Error(`Invalid --days value: ${values.days ?? process.env.STALE_DAYS}`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #899e4acd4f952355 Environment-variable access.
repo/.github/scripts/sync-conflict-owners.mjs:112
	const repo = process.env.GITHUB_REPOSITORY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9a42c82e487ee82e Environment-variable access.
repo/.github/scripts/sync-conflict-owners.mjs:113
	const token = process.env.GH_TOKEN || process.env.GITHUB_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e5e808a66a2968f0 Filesystem access.
repo/.github/scripts/trim-fe-packageJson.js:1
const { writeFileSync } = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a78e3ea78be013f7 Filesystem access.
repo/.github/scripts/trim-fe-packageJson.js:13
	writeFileSync(filePath, JSON.stringify(packageJson, null, 2) + '\n', 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #08d347eb3e2c66e0 Filesystem access.
repo/.github/scripts/update-changelog.mjs:4
import { createReadStream, createWriteStream } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8472f37740b600a9 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/fixtures/generate-bulk-vector-fixture.ts:87
	if (!process.env.OPENAI_API_KEY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8a39b3d5684eba92 Filesystem access.
repo/packages/@n8n/agents/src/__tests__/fixtures/generate-bulk-vector-fixture.ts:139
	await writeFile(OUT_PATH, JSON.stringify(fixture));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #76a7b8935ba5a220 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/agent-vector-store-pinecone.test.ts:21
const PINECONE_API_KEY = process.env.PINECONE_TEST_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bd14cce21fd75630 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/agent-vector-store-pinecone.test.ts:22
const hasKeys = Boolean(process.env.ANTHROPIC_API_KEY) && Boolean(process.env.OPENAI_API_KEY);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cc4f5345a4f7e89c Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/agent-vector-store-postgres.test.ts:20
const PG_URL = process.env.PG_VECTOR_TEST_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ee07144fb6b2f769 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/agent-vector-store-postgres.test.ts:21
const hasKeys = Boolean(process.env.ANTHROPIC_API_KEY) && Boolean(process.env.OPENAI_API_KEY);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4698674df20333be Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/agent-vector-store-qdrant.test.ts:18
const QDRANT_URL = process.env.QDRANT_TEST_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7c379f252d22b581 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/agent-vector-store-qdrant.test.ts:19
const QDRANT_API_KEY = process.env.QDRANT_TEST_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6f1b2fd1546b606f Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/agent-vector-store-qdrant.test.ts:20
const hasKeys = Boolean(process.env.ANTHROPIC_API_KEY) && Boolean(process.env.OPENAI_API_KEY);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6c0d0244511d7936 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/agent-vector-store-supabase.test.ts:21
const SUPABASE_URL = process.env.SUPABASE_TEST_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #62ce829f207446e9 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/agent-vector-store-supabase.test.ts:22
const SUPABASE_API_KEY = process.env.SUPABASE_TEST_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #78b5eb619aabcb78 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/agent-vector-store-supabase.test.ts:23
const SUPABASE_DB_URL = process.env.SUPABASE_TEST_DB_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5ccca95929348a29 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/agent-vector-store-supabase.test.ts:24
const hasKeys = Boolean(process.env.ANTHROPIC_API_KEY) && Boolean(process.env.OPENAI_API_KEY);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4b4bf6f7fe12e0b2 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/helpers.ts:24
		return Boolean(process.env[envVar]);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e01926d42e1e247e Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/helpers.ts:26
	const isReplayMode = Boolean(process.env.CI);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2b297d59d9a490f5 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/pg-vector-store.test.ts:14
const PG_URL = process.env.PG_VECTOR_TEST_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a682a61ae9368e52 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/pinecone-vector-store.test.ts:17
const PINECONE_API_KEY = process.env.PINECONE_TEST_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #622313dc66fc3966 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/qdrant-vector-store.test.ts:14
const QDRANT_URL = process.env.QDRANT_TEST_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0cc74bb58180f614 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/qdrant-vector-store.test.ts:15
const QDRANT_API_KEY = process.env.QDRANT_TEST_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #34e4853a0caee3d8 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/supabase-vector-store.test.ts:22
const SUPABASE_URL = process.env.SUPABASE_TEST_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6c10b90ca1a25d71 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/supabase-vector-store.test.ts:23
const SUPABASE_API_KEY = process.env.SUPABASE_TEST_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7e307f398ee163ee Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/supabase-vector-store.test.ts:24
const SUPABASE_DB_URL = process.env.SUPABASE_TEST_DB_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #41045978288882f3 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/telemetry-langsmith.test.ts:36
		previousTracingV2 = process.env.LANGCHAIN_TRACING_V2;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #55ec5b3f8c0107a9 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/telemetry-langsmith.test.ts:37
		process.env.LANGCHAIN_TRACING_V2 = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #49d906863c5058cb Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/telemetry-langsmith.test.ts:68
			delete process.env.LANGCHAIN_TRACING_V2;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #96eaba0ef3879995 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/telemetry-langsmith.test.ts:70
			process.env.LANGCHAIN_TRACING_V2 = previousTracingV2;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b6a1c01cdd03a5c8 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/vcr.ts:13
export const IS_RECORD_MODE = process.env.VCR_MODE === 'record';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9f100a0bee3b5ae4 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/vcr.ts:19
export const IS_REPLAY_MODE = Boolean(process.env.CI);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4c7658c5a272dc3b Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/vector-store-bulk-pinecone.test.ts:21
const PINECONE_API_KEY = process.env.PINECONE_TEST_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7193128eb59251c2 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/vector-store-bulk-postgres.test.ts:20
const PG_URL = process.env.PG_VECTOR_TEST_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e4019c9c66f16711 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/vector-store-bulk-qdrant.test.ts:19
const QDRANT_URL = process.env.QDRANT_TEST_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b187025f016ddd01 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/vector-store-bulk-qdrant.test.ts:20
const QDRANT_API_KEY = process.env.QDRANT_TEST_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e74b1af1fab5c6c7 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/vector-store-bulk-supabase.test.ts:22
const SUPABASE_URL = process.env.SUPABASE_TEST_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b0a6dc02e3b7d9fa Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/vector-store-bulk-supabase.test.ts:23
const SUPABASE_API_KEY = process.env.SUPABASE_TEST_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1155d357cc539511 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/vector-store-bulk-supabase.test.ts:24
const SUPABASE_DB_URL = process.env.SUPABASE_TEST_DB_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2ec01787c76433b8 Filesystem access.
repo/packages/@n8n/agents/src/__tests__/integration/vector-store-helpers.ts:43
		readFileSync(path.resolve(__dirname, '../fixtures/bulk-vector-fixture.json'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f0db750cbae736a7 Filesystem access.
repo/packages/@n8n/agents/src/__tests__/integration/workspace-agent.test.ts:113
		await memFs.writeFile('/project/index.ts', 'console.log("hello")');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0a3ee6adf67081a9 Filesystem access.
repo/packages/@n8n/agents/src/__tests__/integration/workspace-agent.test.ts:114
		await memFs.writeFile('/project/README.md', '# Project');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9bdb413d486746f4 Filesystem access.
repo/packages/@n8n/agents/src/__tests__/integration/workspace-agent.test.ts:176
		await memFs.writeFile('/data.json', '{"key": "value", "count": 42}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1b20c6a2453002a6 Filesystem access.
repo/packages/@n8n/agents/src/__tests__/integration/workspace-agent.test.ts:206
		await memFs.writeFile('/project/source.txt', 'alpha');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6fa7b380f4a5d71d Filesystem access.
repo/packages/@n8n/agents/src/__tests__/integration/workspace-agent.test.ts:207
		await memFs.writeFile('/project/remove-me/old.txt', 'remove this');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d0b13c47c5bff5e7 Filesystem access.
repo/packages/@n8n/agents/src/__tests__/integration/workspace-agent.test.ts:296
		await memFs.writeFile(
			'/project/config.ts',
			[
				'export const region = "OLD_REGION";',
				'export const owner = "OLD_OWNER";',
				'export const status = "OLD_STATUS";',
			].join('\n'),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d435880ae12dad72 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/langsmith-telemetry.test.ts:76
	const previousTracingV2 = process.env.LANGCHAIN_TRACING_V2;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9a9cb72149d66f78 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/langsmith-telemetry.test.ts:89
		delete process.env.LANGCHAIN_TRACING_V2;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9c6b20e5e3b4243d Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/langsmith-telemetry.test.ts:94
			delete process.env.LANGCHAIN_TRACING_V2;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dc71bfde5cd1ce87 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/langsmith-telemetry.test.ts:96
			process.env.LANGCHAIN_TRACING_V2 = previousTracingV2;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bf369e455aa3f13f Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/langsmith-telemetry.test.ts:132
		expect(process.env.LANGCHAIN_TRACING_V2).toBe('true');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e4d687107bfaabff Filesystem access.
repo/packages/@n8n/agents/src/__tests__/workspace/base-filesystem.test.ts:211
			const content = await fs.readFile('/test');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e0f58b195338a5d2 Filesystem access.
repo/packages/@n8n/agents/src/__tests__/workspace/base-filesystem.test.ts:221
			await expect(fs.readFile('/test')).rejects.toThrow();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bc726a1d86a0f00b Filesystem access.
repo/packages/@n8n/agents/src/__tests__/workspace/sandbox/daytona-sandbox.test.ts:549
		await expect(filesystem.readFile('/workspace/file.txt')).resolves.toBeUndefined();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d16e341ce05b6588 Filesystem access.
repo/packages/@n8n/agents/src/__tests__/workspace/sandbox/n8n-sandbox-filesystem.test.ts:62
		await filesystem.writeFile('/workspace/nested/file.txt', 'hello', { recursive: true });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #27ead9fe3e35c312 Filesystem access.
repo/packages/@n8n/agents/src/__tests__/workspace/sandbox/n8n-sandbox-filesystem.test.ts:76
		const content = await filesystem.readFile('/workspace/file.txt', { encoding: 'utf8' });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #05b7270362ca7956 Filesystem access.
repo/packages/@n8n/agents/src/__tests__/workspace/test-utils.ts:93
		const content = await this.readFile(src);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0f47ee76210fa759 Filesystem access.
repo/packages/@n8n/agents/src/__tests__/workspace/test-utils.ts:94
		await this.writeFile(dest, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6ec44a5db28e6496 Filesystem access.
repo/packages/@n8n/agents/src/__tests__/workspace/workspace-integration.test.ts:215
			await memFs.writeFile('/log.txt', 'line1\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #303f4c0dfe76849c Filesystem access.
repo/packages/@n8n/agents/src/__tests__/workspace/workspace-integration.test.ts:218
			const content = await memFs.readFile('/log.txt', { encoding: 'utf-8' });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f819805f271dcd89 Filesystem access.
repo/packages/@n8n/agents/src/__tests__/workspace/workspace-integration.test.ts:223
			await memFs.writeFile('/original.txt', 'original');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #10fafc48d2fbf567 Filesystem access.
repo/packages/@n8n/agents/src/__tests__/workspace/workspace-integration.test.ts:226
			expect(await memFs.readFile('/copy.txt', { encoding: 'utf-8' })).toBe('original');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8e86fea7ec0b7960 Filesystem access.
repo/packages/@n8n/agents/src/__tests__/workspace/workspace-integration.test.ts:230
			expect(await memFs.readFile('/moved.txt', { encoding: 'utf-8' })).toBe('original');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0b9878859ef0861c Filesystem access.
repo/packages/@n8n/agents/src/__tests__/workspace/workspace-integration.test.ts:235
			await memFs.writeFile('/deep/nested/file.txt', 'data');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ff6d5bd9523c9d22 Filesystem access.
repo/packages/@n8n/agents/src/__tests__/workspace/workspace-integration.test.ts:244
			await expect(memFs.readFile('/nonexistent')).rejects.toThrow('ENOENT');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #610c40522558b034 Environment-variable access.
repo/packages/@n8n/agents/src/integrations/langsmith.ts:361
		process.env.LANGCHAIN_TRACING_V2 ??= 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #960ccf5f5df8abd6 Environment-variable access.
repo/packages/@n8n/agents/src/runtime/__tests__/model-factory.test.ts:195
		delete process.env.HTTPS_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #862474ebfbb64943 Environment-variable access.
repo/packages/@n8n/agents/src/runtime/__tests__/model-factory.test.ts:196
		delete process.env.HTTP_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #055e1e0a684aae6d Environment-variable access.
repo/packages/@n8n/agents/src/runtime/__tests__/model-factory.test.ts:282
		process.env.HTTPS_PROXY = 'http://proxy:8080';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ad805dd12551a9ad Environment-variable access.
repo/packages/@n8n/agents/src/runtime/__tests__/model-factory.test.ts:289
		process.env.HTTP_PROXY = 'http://proxy:9090';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c74b583b68c896ef Environment-variable access.
repo/packages/@n8n/agents/src/runtime/__tests__/model-factory.test.ts:308
		process.env.HTTPS_PROXY = 'http://https-proxy:8080';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e8c022100878f7ee Environment-variable access.
repo/packages/@n8n/agents/src/runtime/__tests__/model-factory.test.ts:309
		process.env.HTTP_PROXY = 'http://http-proxy:9090';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f56c01563953fba1 Environment-variable access.
repo/packages/@n8n/agents/src/runtime/model/model-factory.ts:40
	const proxyUrl = process.env.HTTPS_PROXY ?? process.env.HTTP_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #bb81e8a6da97f045 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/@n8n/agents/src/sdk/catalog.ts:129
	const response = await fetch(MODELS_DEV_URL);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only #a5a73dd71231c835 Filesystem access.
repo/packages/@n8n/agents/src/skills/__tests__/runtime-skills.test.ts:1
import { mkdtempSync, mkdirSync, rmSync, writeFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1e1ecb7d5afa17f4 Filesystem access.
repo/packages/@n8n/agents/src/skills/__tests__/runtime-skills.test.ts:277
			writeFileSync(
				join(skillDir, 'SKILL.md'),
				`---
name: workflow-builder
description: Build workflows.
---

Use the workflow SDK.`,
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4434f6c80797bb73 Filesystem access.
repo/packages/@n8n/agents/src/skills/__tests__/runtime-skills.test.ts:286
			writeFileSync(join(skillDir, 'references', 'guide.md'), 'Guide text');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #97ff179a4712a84b Filesystem access.
repo/packages/@n8n/agents/src/skills/__tests__/runtime-skills.test.ts:287
			writeFileSync(join(skillDir, 'examples', 'slack.workflow.ts'), 'export default {};');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #100646b8ea417f8e Filesystem access.
repo/packages/@n8n/agents/src/skills/__tests__/runtime-skills.test.ts:329
			writeFileSync(
				join(intentSkillDir, 'SKILL.md'),
				`---
name: intent-recognition
description: Classify intent.
---

Classify automation intent.`,
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4e940b81dddddb4d Filesystem access.
repo/packages/@n8n/agents/src/skills/__tests__/runtime-skills.test.ts:338
			writeFileSync(join(intentSkillDir, 'references', 'taxonomy.md'), 'Taxonomy text');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7763cea416510f9c Filesystem access.
repo/packages/@n8n/agents/src/skills/__tests__/runtime-skills.test.ts:339
			writeFileSync(
				join(workflowSkillDir, 'SKILL.md'),
				`---
name: workflow-builder
description: Build workflows.
---

Use the workflow SDK.`,
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #82412d89364aefe6 Filesystem access.
repo/packages/@n8n/agents/src/skills/registry.ts:3
import { existsSync, lstatSync, readdirSync, readFileSync, statSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #87a6eb4757add4f5 Filesystem access.
repo/packages/@n8n/agents/src/skills/registry.ts:115
				content: readFileSync(join(skill.directory, normalizedPath), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bd127d89d71a755f Filesystem access.
repo/packages/@n8n/agents/src/skills/registry.ts:131
		const content = readFileSync(skillPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #653b0b5c31d65c29 Filesystem access.
repo/packages/@n8n/agents/src/skills/registry.ts:317
			sha256: createHash('sha256').update(readFileSync(abs)).digest('hex'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e2b2d57d0e5a0936 Filesystem access.
repo/packages/@n8n/agents/src/workspace/filesystem/n8n-sandbox-filesystem.ts:49
		const content = await client.readFile(sandboxId, path);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9272c50c4dd0fc7e Filesystem access.
repo/packages/@n8n/agents/src/workspace/filesystem/n8n-sandbox-filesystem.ts:65
		await client.writeFile(sandboxId, path, content, options?.overwrite ?? true);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #10a58fa86f0ae72f Filesystem access.
repo/packages/@n8n/agents/src/workspace/tools/batch-str-replace-file.ts:61
				const content = await filesystem.readFile(input.path, { encoding: 'utf-8' });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #89ebbded95ad4545 Filesystem access.
repo/packages/@n8n/agents/src/workspace/tools/batch-str-replace-file.ts:74
				await filesystem.writeFile(input.path, editedContent, { overwrite: true });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c06a2964ea2adaa4 Filesystem access.
repo/packages/@n8n/agents/src/workspace/tools/read-file.ts:22
			const content = await filesystem.readFile(input.path, {
				encoding: (input.encoding ?? 'utf-8') as BufferEncoding,
			});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b36136d0c10c4603 Filesystem access.
repo/packages/@n8n/agents/src/workspace/tools/str-replace-file.ts:38
				const content = await filesystem.readFile(input.path, { encoding: 'utf-8' });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3862b4a8e6dd8d48 Filesystem access.
repo/packages/@n8n/agents/src/workspace/tools/str-replace-file.ts:51
				await filesystem.writeFile(input.path, editedContent, { overwrite: true });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8cce270517432455 Filesystem access.
repo/packages/@n8n/agents/src/workspace/tools/write-file.ts:26
			await filesystem.writeFile(input.path, input.content, { recursive: input.recursive });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #379ee22378555265 Filesystem access.
repo/packages/@n8n/agents/vitest.integration.setup.ts:11
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0550d21870b72269 Environment-variable access.
repo/packages/@n8n/agents/vitest.integration.setup.ts:174
	process.env.OPENAI_API_KEY = 'sk-proj-1234567890';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2c7e657f8e3804a2 Environment-variable access.
repo/packages/@n8n/agents/vitest.integration.setup.ts:175
	process.env.ANTHROPIC_API_KEY = 'sk-proj-1234567890';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b97b341ae8038c28 Environment-variable access.
repo/packages/@n8n/ai-utilities/integration-tests/openai.ts:136
			if (process.env.NODE_ENV !== 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aa151f7ef6dea228 Filesystem access.
repo/packages/@n8n/ai-utilities/scripts/copy-tokenizer-json.js:2
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only #ecd7006f3f0bd6ee Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/follow-redirects.test.ts:149
		const url = new URL('https://example.com');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only #7c8dfa6f7d7860b8 Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:27
		delete process.env.HTTP_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #82939015bcda3151 Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:28
		delete process.env.http_proxy;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f9bb0f94f8f4be51 Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:29
		delete process.env.HTTPS_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #29a06808efdb5aa9 Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:30
		delete process.env.https_proxy;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b0ecee84565f19ec Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:31
		delete process.env.NO_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ef35828e88f3c3cf Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:32
		delete process.env.no_proxy;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #46d775759c6c480e Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:33
		delete process.env.N8N_AI_TIMEOUT_MAX;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cd1eecfc908bccce Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:59
			process.env.HTTPS_PROXY = proxyUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #73b47c26e34060ad Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:76
			process.env.https_proxy = proxyUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #75e1d84508c7bb1c Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:89
			process.env.HTTP_PROXY = 'http://http-proxy.example.com:8080';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fdcd457446b8c3b7 Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:90
			process.env.http_proxy = 'http://http-proxy-lowercase.example.com:8080';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #75b5533f79f7562e Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:91
			process.env.HTTPS_PROXY = 'https://https-proxy.example.com:8080';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2f0c3dd1d29f36d0 Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:92
			process.env.https_proxy = 'https://https-proxy-lowercase.example.com:8080';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d9daf1ff400b7e6e Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:108
			process.env.HTTPS_PROXY = proxyUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #89cca5eafd5657c8 Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:117
			process.env.HTTP_PROXY = proxyUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d0201c40497ee705 Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:127
			process.env.HTTP_PROXY = httpProxy;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #af4f23ed6b8ee8f6 Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:128
			process.env.HTTPS_PROXY = httpsProxy;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6362e4d731fe048e Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:137
			process.env.HTTP_PROXY = proxyUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d5aa4aa3fd00a1af Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:138
			process.env.NO_PROXY = 'localhost,127.0.0.1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e0caabc4051f4ce3 Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:148
			process.env.HTTPS_PROXY = proxyUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ebb5279427757dea Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:149
			process.env.NO_PROXY = '*.internal.company.com,localhost';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #aed7a155ad9a9332 Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:159
			process.env.HTTPS_PROXY = proxyUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6bb89dd60184357e Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:160
			process.env.NO_PROXY = 'localhost,127.0.0.1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #94a7dbfc87ae84df Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:169
			process.env.https_proxy = proxyUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e02bbaad6dabf011 Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:170
			process.env.no_proxy = 'localhost';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #872f558d9bdc81a3 Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:181
			process.env.HTTPS_PROXY = proxyUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #17719aa5569480c3 Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:235
			process.env.N8N_AI_TIMEOUT_MAX = '300000';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7cd1a9123b3ec181 Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:259
		delete process.env.HTTP_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6e7be74bfb8f794b Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:260
		delete process.env.http_proxy;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b20ea38158ff7f38 Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:261
		delete process.env.HTTPS_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4a60f07893ea51fe Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:262
		delete process.env.https_proxy;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #60d20869e9172df0 Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:263
		delete process.env.NO_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9beb6321f2aba7d5 Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:264
		delete process.env.no_proxy;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only #0817157c5d04e91c Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:318
			const url = new URL('https://api.openai.com/v1');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only #506fefe79ad60eb7 Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:343
			process.env.HTTPS_PROXY = proxyUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9a1be12b8562987e Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:356
			process.env.HTTPS_PROXY = proxyUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #000ac0c7b26bc6f7 Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:375
			process.env.HTTP_PROXY = proxyUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only #59e565aea6ca39bb Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:377
			const url = new URL('http://api.example.com/data');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only #ab3d9efe385a8dbd Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:388
			process.env.HTTPS_PROXY = proxyUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d1ad4c6cc177631c Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:401
			process.env.HTTPS_PROXY = proxyUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #295d3ade9b543231 Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:402
			process.env.NO_PROXY = 'localhost,127.0.0.1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #16de0a8175979e68 Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:415
			process.env.HTTPS_PROXY = proxyUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #48fb2a750efa07e3 Filesystem access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/n8n-binary-loader.real-pdf.test.ts:31
		const pdfBuffer = readFileSync(
			join(__dirname, '../../../../../nodes-base/nodes/ReadPdf/test/sample.pdf'),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dd086243634e792d Filesystem access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/tokenizer/tiktoken.test.ts:1
import { readFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c70bc149eeb58546 Filesystem access.
repo/packages/@n8n/ai-utilities/src/node-catalog/__tests__/get-node-type-definition.test.ts:14
		writeFileSync(join(setDir, 'mode_manual.ts'), '// manual mode def');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4feb7d61e01b0155 Filesystem access.
repo/packages/@n8n/ai-utilities/src/node-catalog/__tests__/get-node-type-definition.test.ts:15
		writeFileSync(join(setDir, 'mode_raw.ts'), '// raw mode def');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c3b5386f6a8ecd07 Filesystem access.
repo/packages/@n8n/ai-utilities/src/node-catalog/__tests__/get-node-type-definition.test.ts:19
		writeFileSync(join(msgDir, 'operation_post.ts'), '// slack post def');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5a3709d9f2ffda1d Filesystem access.
repo/packages/@n8n/ai-utilities/src/node-catalog/__tests__/get-node-type-definition.test.ts:20
		writeFileSync(join(msgDir, 'operation_update.ts'), '// slack update def');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b6654fcae11ceb26 Filesystem access.
repo/packages/@n8n/ai-utilities/src/node-catalog/get.ts:531
				(variant) => `// ── mode: ${variant.mode} ──\n${readFileSync(variant.filePath, 'utf-8')}`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6e4811aff9dc4b1a Filesystem access.
repo/packages/@n8n/ai-utilities/src/node-catalog/get.ts:555
		const content = readFileSync(pathResult.filePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8ad3f606f39b8a55 Environment-variable access.
repo/packages/@n8n/ai-utilities/src/utils/http-proxy-agent.ts:37
const DEFAULT_TIMEOUT = parseInt(process.env.N8N_AI_TIMEOUT_MAX ?? '3600000', 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #915ab3372455f7bd Filesystem access.
repo/packages/@n8n/ai-utilities/src/utils/n8n-binary-loader.ts:8
import { createWriteStream } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9889f5647d62b2d1 Filesystem access.
repo/packages/@n8n/ai-utilities/src/utils/tokenizer/tiktoken.ts:1
import { readFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a834006d7fa03292 Filesystem access.
repo/packages/@n8n/ai-utilities/src/utils/tokenizer/tiktoken.ts:11
	const content = await readFile(filePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1c3d5b5b846dafc7 Environment-variable access.
repo/packages/@n8n/ai-utilities/src/utils/vector-store/MemoryManager/config.ts:13
	if (process.env.N8N_VECTOR_STORE_MAX_MEMORY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f9f018351ec96d0c Environment-variable access.
repo/packages/@n8n/ai-utilities/src/utils/vector-store/MemoryManager/config.ts:14
		const parsed = parseInt(process.env.N8N_VECTOR_STORE_MAX_MEMORY, 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8d29b4a57e0fec0e Environment-variable access.
repo/packages/@n8n/ai-utilities/src/utils/vector-store/MemoryManager/config.ts:22
	if (process.env.N8N_VECTOR_STORE_TTL_HOURS) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e20b89c03183b6b7 Environment-variable access.
repo/packages/@n8n/ai-utilities/src/utils/vector-store/MemoryManager/config.ts:23
		const parsed = parseInt(process.env.N8N_VECTOR_STORE_TTL_HOURS, 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #084a56bae0ed5caf Environment-variable access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/__tests__/cli.test.ts:403
				delete process.env.LANGSMITH_DATASET_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a6523c94b5810b9f Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/__tests__/csv-prompt-loader.test.ts:18
		fs.writeFileSync(csvPath, content, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #071ee39105050208 Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/__tests__/output.test.ts:5
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #256217c1bb786961 Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/__tests__/output.test.ts:157
			expect(fs.readFileSync(promptPath, 'utf-8')).toBe('Create a test workflow');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #67d07bec782c4f98 Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/__tests__/output.test.ts:170
			const workflow = jsonParse<ParsedWorkflow>(fs.readFileSync(workflowPath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1fd2c450731336c8 Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/__tests__/output.test.ts:186
			const feedback = jsonParse<ParsedFeedback>(fs.readFileSync(feedbackPath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8c56e3eae54ad83a Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/__tests__/output.test.ts:200
			const feedback = jsonParse<ParsedFeedback>(fs.readFileSync(feedbackPath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ebf508c49cd4beba Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/__tests__/output.test.ts:222
			const feedback = jsonParse<ParsedFeedback>(fs.readFileSync(feedbackPath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f5f822a33475ae3b Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/__tests__/output.test.ts:242
			expect(fs.readFileSync(errorPath, 'utf-8')).toBe('Generation failed: timeout');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9ca32b6c31672c89 Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/__tests__/output.test.ts:271
			const feedback = jsonParse<ParsedFeedback>(fs.readFileSync(feedbackPath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fbb77b8314a081ac Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/__tests__/output.test.ts:288
			const feedback = jsonParse<ParsedFeedback>(fs.readFileSync(feedbackPath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #63cf36353223eebd Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/__tests__/output.test.ts:321
			const savedSummary = jsonParse<ParsedSummary>(fs.readFileSync(summaryPath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7ce397470ab06e4f Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/__tests__/output.test.ts:333
			const savedSummary = jsonParse<ParsedSummary>(fs.readFileSync(summaryPath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3187fe8ba0f5cda9 Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/__tests__/output.test.ts:346
			const savedSummary = jsonParse<ParsedSummary>(fs.readFileSync(summaryPath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ccf8c785a79933bc Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/__tests__/output.test.ts:361
			const savedSummary = jsonParse<ParsedSummary>(fs.readFileSync(summaryPath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d8a4c1d81eaf2fe2 Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/__tests__/output.test.ts:388
			const savedSummary = jsonParse<ParsedSummary>(fs.readFileSync(summaryPath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #50c9f523c7067140 Environment-variable access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/cli/argument-parser.ts:602
	return process.env.LANGSMITH_DATASET_NAME ?? 'workflow-builder-canvas-prompts';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c3d878fc8f0f0e71 Environment-variable access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/cli/ci-metadata.ts:27
	const isCI = process.env.GITHUB_ACTIONS === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5102d9edd8cdb59b Environment-variable access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/cli/ci-metadata.ts:35
		trigger: process.env.GITHUB_EVENT_NAME,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cb985918ccdd3075 Environment-variable access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/cli/ci-metadata.ts:36
		runId: process.env.GITHUB_RUN_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #845c49259cd2b0ab Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/cli/csv-prompt-loader.ts:49
	const rows = parseCsv(readFileSync(resolvedPath, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #476f0b262cc5e6b2 Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/harness/__tests__/csv-writer.test.ts:71
		const content = readFileSync(outputPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b95c608fc03b24be Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/harness/__tests__/csv-writer.test.ts:112
		const content = readFileSync(outputPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1b7626c23eb0b90b Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/harness/__tests__/csv-writer.test.ts:187
		const content = readFileSync(outputPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f41874b0a5c9106d Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/harness/__tests__/csv-writer.test.ts:212
		const content = readFileSync(outputPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d7f0c7919070bb24 Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/harness/__tests__/csv-writer.test.ts:267
		const content = readFileSync(outputPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7596134152e6dfd5 Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/harness/__tests__/csv-writer.test.ts:322
		const content = readFileSync(outputPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #061c4924998601b5 Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/harness/__tests__/csv-writer.test.ts:363
		const content = readFileSync(outputPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3763e71cba157060 Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/harness/__tests__/csv-writer.test.ts:392
		const content = readFileSync(outputPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #44404f31d344435b Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/harness/__tests__/csv-writer.test.ts:429
		const content = readFileSync(outputPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3ea17a56f2af06cf Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/harness/csv-writer.ts:254
		writeFileSync(outputPath, '', 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #89816b6a0ca0824f Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/harness/csv-writer.ts:306
	writeFileSync(outputPath, lines.join('\n') + '\n', 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5bb72acb1d8746db Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/harness/output.ts:8
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5cfd6e33541a7251 Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/harness/output.ts:67
			fs.writeFileSync(path.join(exampleDir, 'prompt.txt'), result.prompt, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #772e297b855e7944 Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/harness/output.ts:72
				fs.writeFileSync(
					path.join(exampleDir, 'workflow.json'),
					JSON.stringify(workflowForExport, null, 2),
					'utf-8',
				);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a5f9442bf752370d Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/harness/output.ts:81
				fs.writeFileSync(path.join(exampleDir, 'code.ts'), result.generatedCode, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #084bfadef1c067b5 Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/harness/output.ts:86
				fs.writeFileSync(path.join(exampleDir, 'response.txt'), result.agentTextResponse, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e8796721fc459ac3 Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/harness/output.ts:91
			fs.writeFileSync(
				path.join(exampleDir, 'feedback.json'),
				JSON.stringify(feedbackOutput, null, 2),
				'utf-8',
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #344eb8724e671e3f Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/harness/output.ts:99
				fs.writeFileSync(path.join(exampleDir, 'error.txt'), result.error, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #31d5547c08de90fe Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/harness/output.ts:107
			fs.writeFileSync(
				path.join(outputDir, 'summary.json'),
				JSON.stringify(summaryOutput, null, 2),
				'utf-8',
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5f68f50c180daccc Environment-variable access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/harness/runner.ts:1362
	process.env.LANGSMITH_TRACING = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #264bcd8016008cea Environment-variable access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/langsmith/trace-filters.ts:154
	const envValue = process.env.LANGSMITH_MINIMAL_TRACING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #13a8e5fb2d546bad Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/lifecycles/introspection-analysis.ts:63
				await fs.writeFile(summaryPath, summaryContent);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5e9e2c818833349e Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/programmatic/evaluators/workflow-similarity.ts:111
			writeFile(generatedPath, JSON.stringify(generatedWorkflow)),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #944e2df530c0ce95 Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/programmatic/evaluators/workflow-similarity.ts:112
			writeFile(groundTruthPath, JSON.stringify(groundTruthWorkflow)),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b62bf74ea86a7c16 Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/support/environment.ts:4
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6453138bee3f9b31 Environment-variable access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/support/environment.ts:87
	const apiKey = process.env[envVar];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6198bf4be4a581d3 Environment-variable access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/support/environment.ts:151
	const apiKey = process.env.LANGSMITH_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f8df26d6a53af5b Environment-variable access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/support/environment.ts:308
	const envConcurrency = process.env.EVALUATION_CONCURRENCY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8fadc1f762d06932 Environment-variable access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/support/environment.ts:323
	return process.env.GENERATE_TEST_CASES === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ad6547d832889b4 Environment-variable access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/support/environment.ts:331
	const envCount = process.env.GENERATE_TEST_CASES_COUNT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a929d14712cde43f Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/support/load-nodes.test.ts:1
import { readFileSync, existsSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3921abf681ea6344 Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/support/load-nodes.ts:1
import { readFileSync, existsSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9fd7ff0c73de2596 Environment-variable access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/support/load-nodes.ts:20
	const disabledNodesEnv = process.env.N8N_EVALS_DISABLED_NODES ?? '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7e319a4ca65fdd2d Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/support/load-nodes.ts:72
	const nodesData = readFileSync(nodesPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #588a145243052629 Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/support/pin-data-generator.ts:11
import { existsSync, readFileSync, readdirSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3269e233e0243ceb Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/support/pin-data-generator.ts:143
							const content = readFileSync(join(entryPath, nodeFile), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #06a068c30e1efff2 Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/support/pin-data-generator.ts:218
				return JSON.parse(readFileSync(schemaFile, 'utf-8')) as Record<string, unknown>;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b0b9a45e122c962a Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/scripts/categorize-prompts.ts:3
import { writeFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8ed6f80c735868d1 Environment-variable access.
repo/packages/@n8n/ai-workflow-builder.ee/scripts/categorize-prompts.ts:31
	const parsedConcurrency = parseInt(process.env.CONCURRENCY ?? '', 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #71150050401be28b Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/scripts/categorize-prompts.ts:154
	writeFileSync(summaryPath, summaryLines.join('\n'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ebfa2ab57a15af93 Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/scripts/workflow-to-mermaid.ts:3
import { readFileSync, writeFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7e3c5cfe2419f12b Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/scripts/workflow-to-mermaid.ts:132
	const content = readFileSync(filePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #11b49b2abfbb82d1 Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/scripts/workflow-to-mermaid.ts:204
		writeFileSync(outputFile, markdownContent);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9703c0342bd0fc12 Environment-variable access.
repo/packages/@n8n/ai-workflow-builder.ee/src/ai-workflow-builder-agent.service.ts:146
			const envConfig = { apiKey: process.env.N8N_AI_ANTHROPIC_KEY ?? '' };

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0d09c397f4a2df87 Environment-variable access.
repo/packages/@n8n/ai-workflow-builder.ee/src/tools/add-node.tool.ts:165
				if (process.env.E2E_TESTS) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #11a0c14a6b7fd5be Environment-variable access.
repo/packages/@n8n/api-types/src/schemas/password.schema.ts:6
const envMinLength = parseInt(process.env.N8N_PASSWORD_MIN_LENGTH ?? '', 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8fe7c6b945f5b88e Environment-variable access.
repo/packages/@n8n/backend-common/src/logging/__tests__/logger.test.ts:528
			delete process.env.NO_COLOR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c6fd39ea1b3823cc Environment-variable access.
repo/packages/@n8n/backend-common/src/logging/__tests__/logger.test.ts:564
			process.env.NO_COLOR = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bff812b56b20ba62 Environment-variable access.
repo/packages/@n8n/backend-common/src/logging/__tests__/logger.test.ts:590
			delete process.env.NO_COLOR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2d5213a451706fdb Environment-variable access.
repo/packages/@n8n/backend-common/src/logging/logger.ts:35
	private readonly noColor = process.env.NO_COLOR !== undefined && process.env.NO_COLOR !== '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8e80c2f6389f0bb2 Environment-variable access.
repo/packages/@n8n/backend-common/src/logging/logger.ts:39
		process.env.NO_COLOR !== 'false' && process.env.NO_COLOR !== '0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #94e7c1ce1fc9ca7b Environment-variable access.
repo/packages/@n8n/backend-common/src/modules/__tests__/module-registry.test.ts:22
		process.env.N8N_DISABLED_MODULES = 'insights';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #32bc382a9b6785d1 Environment-variable access.
repo/packages/@n8n/backend-common/src/modules/__tests__/module-registry.test.ts:55
		process.env.N8N_ENABLED_MODULES = 'instance-ai';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a8b7430508304bd5 Environment-variable access.
repo/packages/@n8n/backend-common/src/modules/__tests__/module-registry.test.ts:90
		process.env.N8N_ENABLED_MODULES = 'insights';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0f2937990bca9aab Environment-variable access.
repo/packages/@n8n/backend-common/src/modules/__tests__/module-registry.test.ts:91
		process.env.N8N_DISABLED_MODULES = 'insights';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #da7fa1fda047bffd Environment-variable access.
repo/packages/@n8n/backend-common/src/modules/__tests__/modules.config.test.ts:13
	process.env.N8N_ENABLED_MODULES = 'insights,invalidModule';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3f14acec6f590325 Environment-variable access.
repo/packages/@n8n/backend-common/src/modules/__tests__/modules.config.test.ts:18
	process.env.N8N_DISABLED_MODULES = 'insights,invalidModule';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5d2e83d3db96032a Filesystem access.
repo/packages/@n8n/backend-common/src/modules/module-registry.ts:5
import { existsSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4971f82c4e01acad Environment-variable access.
repo/packages/@n8n/backend-common/src/modules/module-registry.ts:96
			const dir = process.env.NODE_ENV === 'test' && srcDirExists ? 'src' : 'dist';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6cc30d41f5a2d5dd Environment-variable access.
repo/packages/@n8n/backend-network/src/http/__tests__/http-proxy.test.ts:98
		delete process.env.HTTP_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c6992c9537c3bc0e Environment-variable access.
repo/packages/@n8n/backend-network/src/http/__tests__/http-proxy.test.ts:99
		delete process.env.HTTPS_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #727ec11b78eb96e5 Environment-variable access.
repo/packages/@n8n/backend-network/src/http/__tests__/http-proxy.test.ts:100
		delete process.env.NO_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #71595b3a1458be46 Environment-variable access.
repo/packages/@n8n/backend-network/src/http/__tests__/http-proxy.test.ts:101
		delete process.env.ALL_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4d79a8b5bbe3246c Environment-variable access.
repo/packages/@n8n/backend-network/src/http/__tests__/http-proxy.test.ts:216
		if (env.HTTP_PROXY) process.env.HTTP_PROXY = proxyServer.url;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #781c587e1f386d75 Environment-variable access.
repo/packages/@n8n/backend-network/src/http/__tests__/http-proxy.test.ts:217
		if (env.HTTPS_PROXY) process.env.HTTPS_PROXY = proxyServer.url;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b57b24f21c1cc7fc Environment-variable access.
repo/packages/@n8n/backend-network/src/http/__tests__/http-proxy.test.ts:218
		if (env.ALL_PROXY === true) process.env.ALL_PROXY = proxyServer.url;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1b6e31c3f2be19b9 Environment-variable access.
repo/packages/@n8n/backend-network/src/http/__tests__/http-proxy.test.ts:219
		if (env.ALL_PROXY && env.ALL_PROXY !== true) process.env.ALL_PROXY = env.ALL_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3d2cadb3b76665b7 Environment-variable access.
repo/packages/@n8n/backend-network/src/http/__tests__/http-proxy.test.ts:220
		if (env.NO_PROXY) process.env.NO_PROXY = env.NO_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #938770a1ac3cbdd7 Environment-variable access.
repo/packages/@n8n/backend-network/src/http/__tests__/http-proxy.test.ts:240
			process.env.HTTP_PROXY = proxyServer.url;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f7c0fab5c6a2d8fc Environment-variable access.
repo/packages/@n8n/backend-network/src/http/__tests__/http-proxy.test.ts:256
			process.env.HTTP_PROXY = proxyServer.url;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only #f8a1674bbe162c8c Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/@n8n/backend-network/src/http/__tests__/legacy-request.test.ts:227
			expect(validateUrl).toHaveBeenCalledWith(new URL(`${baseUrl}/ok`));

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only #88eb9e7f5a89db73 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/@n8n/backend-network/src/http/__tests__/outbound-http.test.ts:71
		const url = new URL('https://api.example.com/data');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only #8a81c2028be63abf Environment-variable access.
repo/packages/@n8n/backend-network/src/http/__tests__/transport-integration.test.ts:61
		delete process.env.HTTP_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4697e0e30a1a8334 Environment-variable access.
repo/packages/@n8n/backend-network/src/http/__tests__/transport-integration.test.ts:62
		delete process.env.HTTPS_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d453b7b50c21844e Environment-variable access.
repo/packages/@n8n/backend-network/src/http/__tests__/transport-integration.test.ts:63
		delete process.env.NO_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c4e09be5547d49c9 Environment-variable access.
repo/packages/@n8n/backend-network/src/http/__tests__/transport-integration.test.ts:64
		delete process.env.ALL_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3105cfadd064de8b Environment-variable access.
repo/packages/@n8n/backend-network/src/http/__tests__/transport-integration.test.ts:86
			process.env.HTTP_PROXY = proxy.url;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d3d414c1dfe46fb0 Environment-variable access.
repo/packages/@n8n/backend-network/src/http/__tests__/transport-integration.test.ts:111
			process.env.HTTP_PROXY = proxy.url;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a19a3462ff0ae0d7 Environment-variable access.
repo/packages/@n8n/backend-network/src/http/__tests__/transport-integration.test.ts:112
			process.env.NO_PROXY = '127.0.0.1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7362286257ca3cee Environment-variable access.
repo/packages/@n8n/backend-network/src/http/__tests__/transport-integration.test.ts:146
			process.env.HTTP_PROXY = proxy.url;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #aeaf4d0b34efb346 Environment-variable access.
repo/packages/@n8n/backend-network/src/http/__tests__/transport-integration.test.ts:172
			process.env.HTTP_PROXY = proxy.url;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cad037b7d03bbf22 Filesystem access.
repo/packages/@n8n/backend-network/src/http/__tests__/transport-subpath-purity.test.ts:69
		const source = readFileSync(file, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d136bba09e331cf4 Environment-variable access.
repo/packages/@n8n/backend-network/src/http/axios/__tests__/ssrf-redirect.test.ts:75
			savedEnv[key] = process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #34013eb91769981b Environment-variable access.
repo/packages/@n8n/backend-network/src/http/axios/__tests__/ssrf-redirect.test.ts:79
		process.env.HTTP_PROXY = 'http://127.0.0.1:1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #428056841d146155 Environment-variable access.
repo/packages/@n8n/backend-network/src/http/axios/__tests__/ssrf-redirect.test.ts:80
		process.env.HTTPS_PROXY = 'http://127.0.0.1:1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2887a7335dda161f Environment-variable access.
repo/packages/@n8n/backend-network/src/http/axios/__tests__/ssrf-redirect.test.ts:81
		process.env.NO_PROXY = '127.0.0.1,localhost';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #afdcb60e41ce971b Environment-variable access.
repo/packages/@n8n/backend-network/src/http/axios/__tests__/ssrf-redirect.test.ts:89
				delete process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #919887457d446f32 Environment-variable access.
repo/packages/@n8n/backend-network/src/http/axios/__tests__/ssrf-redirect.test.ts:91
				process.env[key] = savedEnv[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ac06572883797342 Environment-variable access.
repo/packages/@n8n/backend-network/src/http/axios/__tests__/utils.test.ts:577
			if (isProxyVar(key)) delete process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d7222dc33cf055e7 Environment-variable access.
repo/packages/@n8n/backend-network/src/http/axios/__tests__/utils.test.ts:598
		process.env.HTTPS_PROXY = 'http://env-proxy:3128';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1ac0f55f7daf9616 Environment-variable access.
repo/packages/@n8n/backend-network/src/http/axios/__tests__/utils.test.ts:603
		process.env.HTTP_PROXY = 'http://env-proxy:3128';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1f24995b1cf59deb Environment-variable access.
repo/packages/@n8n/backend-network/src/http/axios/__tests__/utils.test.ts:608
		process.env.HTTP_PROXY = '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #99aad1bef8c1d9c2 Environment-variable access.
repo/packages/@n8n/backend-network/src/http/axios/__tests__/utils.test.ts:613
		process.env.HTTP_PROXY = '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #05626acdcaf2d282 Environment-variable access.
repo/packages/@n8n/backend-network/src/http/axios/__tests__/utils.test.ts:614
		process.env.HTTPS_PROXY = 'http://env-proxy:3128';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #beaa873a10955921 Environment-variable access.
repo/packages/@n8n/backend-network/src/http/http-proxy.ts:12
			HTTP_PROXY: process.env.HTTP_PROXY ?? process.env.http_proxy,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a41d1685287677ff Environment-variable access.
repo/packages/@n8n/backend-network/src/http/http-proxy.ts:13
			HTTPS_PROXY: process.env.HTTPS_PROXY ?? process.env.https_proxy,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8d956f8c82553c5d Environment-variable access.
repo/packages/@n8n/backend-network/src/http/http-proxy.ts:14
			NO_PROXY: process.env.NO_PROXY ?? process.env.no_proxy,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5941d8c3d7b5b4f9 Environment-variable access.
repo/packages/@n8n/backend-network/src/http/http-proxy.ts:15
			ALL_PROXY: process.env.ALL_PROXY ?? process.env.all_proxy,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c02c376f72598ab4 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:6
	const originalNoProxy = process.env.NO_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c35a24e10e9f4c0c Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:7
	const originalNoProxyLower = process.env.no_proxy;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #235d850847311086 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:11
			delete process.env[name];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #853ac10bc7338513 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:13
			process.env[name] = value;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #987c24351a2f8d68 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:20
		delete process.env.no_proxy;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4cb4226b1d43e46f Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:33
		delete process.env.NO_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #82c9cb92ec4ef800 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:37
		expect(process.env.NO_PROXY).toBe('127.0.0.1,localhost');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2003a0c868f574ab Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:40
		expect(process.env.NO_PROXY).toBeUndefined();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #71a95d5ccad422d0 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:44
		process.env.NO_PROXY = '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d809a1f8f5c9adfc Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:48
		expect(process.env.NO_PROXY).toBe('127.0.0.1,localhost');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #148318d60e0674eb Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:51
		expect(process.env.NO_PROXY).toBe('');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e737c5e6f20b4b2b Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:55
		process.env.NO_PROXY = 'example.com,internal.net';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a8395575c80b526d Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:59
		expect(process.env.NO_PROXY).toBe('127.0.0.1,localhost,example.com,internal.net');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c2371f9b4a7892fc Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:62
		expect(process.env.NO_PROXY).toBe('example.com,internal.net');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d7d7494b866f305a Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:66
		process.env.NO_PROXY = '127.0.0.1, localhost, example.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bbae5f583174d2fa Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:70
		expect(process.env.NO_PROXY).toBe('127.0.0.1, localhost, example.com');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #537dcb16e0459abe Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:73
		expect(process.env.NO_PROXY).toBe('127.0.0.1, localhost, example.com');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2e32bbd0e77234cb Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:77
		process.env.NO_PROXY = '127.0.0.1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a108b59ed7ce3f7f Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:81
		expect(process.env.NO_PROXY).toBe('localhost,127.0.0.1');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fbecc09e15a9dd0e Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:84
		expect(process.env.NO_PROXY).toBe('127.0.0.1');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1be53a4943aa6611 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:88
		delete process.env.NO_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5ad43a663acd2471 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:93
		expect(process.env.NO_PROXY).toBe('127.0.0.1,localhost');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b520af52f0af8070 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:94
		expect(process.env.no_proxy).toBe('127.0.0.1,localhost');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a58de4cf399d1e62 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:97
		expect(process.env.NO_PROXY).toBeUndefined();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2e55257f4d5a916b Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:98
		expect(process.env.no_proxy).toBeUndefined();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f422db02b69c863f Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:102
		delete process.env.NO_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #545fba8b54b606e9 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:103
		process.env.no_proxy = 'internal.lan';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4c401e98aeb08517 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:108
		expect(process.env.no_proxy).toBe('127.0.0.1,localhost,internal.lan');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fab5c406b87df515 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:109
		expect(process.env.NO_PROXY).toBe('127.0.0.1,localhost,internal.lan');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #aaf24cd2ca24ad4f Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:112
		expect(process.env.no_proxy).toBe('internal.lan');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #19d821dead42b706 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:113
		expect(process.env.NO_PROXY).toBeUndefined();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #abd6e75bb0a4a0da Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:117
		delete process.env.NO_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #22212aec686534c1 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:127
			process.env.NO_PROXY = 'example.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d9bd3821842d0eae Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:130
			expect(process.env.NO_PROXY).toBe('127.0.0.1,localhost,example.com');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #be98fb47e6f60a88 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:135
			expect(process.env.NO_PROXY).toBe('127.0.0.1,localhost,example.com');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6e896699dedc534a Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:139
			expect(process.env.NO_PROXY).toBe('127.0.0.1,localhost,example.com');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #62e54c5d6a3ab205 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:143
			expect(process.env.NO_PROXY).toBe('example.com');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #da6b19bd4f97cf0c Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:147
			process.env.NO_PROXY = 'example.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a30ebdbb8de6caed Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:154
			expect(process.env.NO_PROXY).toBe('127.0.0.1,localhost,example.com');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e5f250ba1666b797 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:157
			expect(process.env.NO_PROXY).toBe('example.com');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #767c768f2278d57b Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:161
			delete process.env.NO_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #51e9122dfbed1df9 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:164
			expect(process.env.NO_PROXY).toBe('127.0.0.1');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cbf07f503805971d Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:167
			expect(process.env.NO_PROXY).toBe('example.internal,127.0.0.1');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b05d01bb457dc9af Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:171
			expect(process.env.NO_PROXY).toBe('example.internal,127.0.0.1');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #88e1befa18507012 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:178
			delete process.env.NO_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1bbfbbc65cb17415 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:182
			expect(process.env.NO_PROXY).toBe('127.0.0.1,localhost');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #98820c3a563257b9 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:185
			expect(process.env.NO_PROXY).toBe('127.0.0.1,localhost');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #22e598259ff85d63 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:192
			process.env.NO_PROXY = 'first.example.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9a2e3cfb9a04a395 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:195
			expect(process.env.NO_PROXY).toBe('first.example.com');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #35e0f3452599acfa Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:199
			process.env.NO_PROXY = 'second.example.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1c113bde78a60269 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:201
			expect(process.env.NO_PROXY).toBe('127.0.0.1,localhost,second.example.com');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f37e88f627016332 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:204
			expect(process.env.NO_PROXY).toBe('second.example.com');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #098b37d90d71ed0c Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/proxy-resolution.test.ts:7
		delete process.env.HTTP_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8b5b8c922957cf88 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/proxy-resolution.test.ts:8
		delete process.env.HTTPS_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fdcc7f26b6470c02 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/proxy-resolution.test.ts:9
		delete process.env.NO_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9fdad8d718180687 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/proxy-resolution.test.ts:10
		delete process.env.ALL_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #807d4664fc2b9ed0 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/proxy-resolution.test.ts:14
		process.env.HTTP_PROXY = PROXY_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #927e74b4a4978909 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/proxy-resolution.test.ts:24
		process.env.HTTP_PROXY = PROXY_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #523748dc60ea16c5 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/proxy-resolution.test.ts:25
		process.env.NO_PROXY = 'api.example.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #af87848592e3f724 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/proxy-resolution.test.ts:31
		process.env.ALL_PROXY = PROXY_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f28063b683e2e47a Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/proxy-resolution.test.ts:37
		process.env.HTTPS_PROXY = PROXY_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7db46a25f3a586bb Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/proxy-resolution.test.ts:43
		process.env.HTTP_PROXY = PROXY_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0a267edfcd2f6700 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/proxy-resolution.test.ts:44
		process.env.NO_PROXY = 'api.example.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5bfafb2d39fabf09 Filesystem access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/proxy-subpath-purity.test.ts:73
		const source = readFileSync(file, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a5723c89a92e5445 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/no-proxy-patch.ts:38
		value: process.env[name],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9520c1f855f80e8f Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/no-proxy-patch.ts:44
		delete process.env[name];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3f17cc1768bc0197 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/no-proxy-patch.ts:46
		process.env[name] = captured.value;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f0333538a4e92205 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/no-proxy-patch.ts:55
	const lower = process.env.no_proxy;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f0a35cfaab8f9bd0 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/no-proxy-patch.ts:57
	const upper = process.env.NO_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d1f4b3b0472f7641 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/no-proxy-patch.ts:101
		process.env.NO_PROXY = merged;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #17277436df2f4fbf Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/no-proxy-patch.ts:102
		process.env.no_proxy = merged;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8d1acce1563ad612 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/proxy-resolution.ts:74
		process.env.HTTP_PROXY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a4823e7b33146dc7 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/proxy-resolution.ts:75
		process.env.http_proxy,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e6234eac961567c1 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/proxy-resolution.ts:76
		process.env.HTTPS_PROXY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ce02071096b32ac7 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/proxy-resolution.ts:77
		process.env.https_proxy,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #330388d9ba58bda2 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/proxy-resolution.ts:78
		process.env.ALL_PROXY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f25bfbc6a3c7c1cd Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/proxy-resolution.ts:79
		process.env.all_proxy,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6b52930c32ba8031 Environment-variable access.
repo/packages/@n8n/backend-test-utils/src/test-db.ts:45
	const templateDb = dbType === 'postgresdb' ? process.env.N8N_TEST_TEMPLATE_DB : undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #82fe9a68bd52afa6 Environment-variable access.
repo/packages/@n8n/benchmark/scripts/run-for-n8n-setup.mjs:37
	const n8nTag = argv.n8nDockerTag || process.env.N8N_DOCKER_TAG || 'latest';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8943a657839b3201 Environment-variable access.
repo/packages/@n8n/benchmark/scripts/run-for-n8n-setup.mjs:38
	const benchmarkTag = argv.benchmarkDockerTag || process.env.BENCHMARK_DOCKER_TAG || 'latest';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fee2748f6dfb12b7 Environment-variable access.
repo/packages/@n8n/benchmark/scripts/run-for-n8n-setup.mjs:39
	const k6ApiToken = argv.k6ApiToken || process.env.K6_API_TOKEN || undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fdf456e33c72fc2b Environment-variable access.
repo/packages/@n8n/benchmark/scripts/run-for-n8n-setup.mjs:41
		argv.resultWebhookUrl || process.env.BENCHMARK_RESULT_WEBHOOK_URL || undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #32a1f571b8d655d8 Environment-variable access.
repo/packages/@n8n/benchmark/scripts/run-for-n8n-setup.mjs:43
		argv.resultWebhookAuthHeader || process.env.BENCHMARK_RESULT_WEBHOOK_AUTH_HEADER || undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3cd4678b7b51e39b Environment-variable access.
repo/packages/@n8n/benchmark/scripts/run-for-n8n-setup.mjs:44
	const baseRunDir = argv.runDir || process.env.RUN_DIR || '/n8n';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #236453b4f5529405 Environment-variable access.
repo/packages/@n8n/benchmark/scripts/run-for-n8n-setup.mjs:45
	const n8nLicenseCert = argv.n8nLicenseCert || process.env.N8N_LICENSE_CERT || undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e5d974558a680836 Environment-variable access.
repo/packages/@n8n/benchmark/scripts/run-for-n8n-setup.mjs:46
	const n8nLicenseActivationKey = process.env.N8N_LICENSE_ACTIVATION_KEY || undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ac8c113116dbf163 Environment-variable access.
repo/packages/@n8n/benchmark/scripts/run-for-n8n-setup.mjs:47
	const n8nLicenseTenantId = argv.n8nLicenseTenantId || process.env.N8N_LICENSE_TENANT_ID || '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0a3da753a65d01c1 Environment-variable access.
repo/packages/@n8n/benchmark/scripts/run-for-n8n-setup.mjs:76
				PATH: process.env.PATH,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bb6ec4cd48214537 Filesystem access.
repo/packages/@n8n/benchmark/scripts/run.mjs:9
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b42f06d7582bfcc0 Environment-variable access.
repo/packages/@n8n/benchmark/scripts/run.mjs:103
	const n8nTag = args.n8nTag || process.env.N8N_DOCKER_TAG || 'latest';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6e04e57e9e242611 Environment-variable access.
repo/packages/@n8n/benchmark/scripts/run.mjs:104
	const benchmarkTag = args.benchmarkTag || process.env.BENCHMARK_DOCKER_TAG || 'latest';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #55d4d7a427229eaf Environment-variable access.
repo/packages/@n8n/benchmark/scripts/run.mjs:105
	const k6ApiToken = args.k6ApiToken || process.env.K6_API_TOKEN || undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #45f18ea6ac9e2e31 Environment-variable access.
repo/packages/@n8n/benchmark/scripts/run.mjs:107
		args.resultWebhookUrl || process.env.BENCHMARK_RESULT_WEBHOOK_URL || undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #de381d6b4d90a30f Environment-variable access.
repo/packages/@n8n/benchmark/scripts/run.mjs:109
		args.resultWebhookAuthHeader || process.env.BENCHMARK_RESULT_WEBHOOK_AUTH_HEADER || undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2edec915d32933c8 Environment-variable access.
repo/packages/@n8n/benchmark/scripts/run.mjs:110
	const n8nLicenseCert = args.n8nLicenseCert || process.env.N8N_LICENSE_CERT || undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #147bc85cdfe5a121 Filesystem access.
repo/packages/@n8n/benchmark/src/scenario/scenario-data-loader.ts:44
		const fileContent = fs.readFileSync(credentialFilePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2635e1581cb412e2 Filesystem access.
repo/packages/@n8n/benchmark/src/scenario/scenario-data-loader.ts:55
		const fileContent = fs.readFileSync(workflowFilePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #93d6c3884f31779e Filesystem access.
repo/packages/@n8n/benchmark/src/scenario/scenario-data-loader.ts:66
		const fileContent = fs.readFileSync(dataTableFilePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d4ef0c202acd0a29 Filesystem access.
repo/packages/@n8n/benchmark/src/scenario/scenario-loader.ts:77
				fs.readFileSync(scenarioManifestPath, 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #50b21ddf5ae5be7f Filesystem access.
repo/packages/@n8n/benchmark/src/test-execution/k6-executor.ts:1
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #81b06cd9cd4e0bfc Filesystem access.
repo/packages/@n8n/benchmark/src/test-execution/k6-executor.ts:158
		const testScript = fs.readFileSync(fullTestScriptPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #926bb9dbd44b972c Filesystem access.
repo/packages/@n8n/benchmark/src/test-execution/k6-executor.ts:170
		const summaryReport = fs.readFileSync(summaryReportPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #565ff2586d69d483 Environment-variable access.
repo/packages/@n8n/cli/src/__tests__/config.test.ts:25
		delete process.env.N8N_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #484c9970cd6d77cc Environment-variable access.
repo/packages/@n8n/cli/src/__tests__/config.test.ts:26
		delete process.env.N8N_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7fcf4e756ccbf17f Environment-variable access.
repo/packages/@n8n/cli/src/__tests__/config.test.ts:36
		process.env.N8N_URL = 'https://env.example.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #80e3e47b3219f660 Environment-variable access.
repo/packages/@n8n/cli/src/__tests__/config.test.ts:37
		process.env.N8N_API_KEY = 'env_key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d87907dcb1bb348c Environment-variable access.
repo/packages/@n8n/cli/src/__tests__/config.test.ts:49
		process.env.N8N_URL = 'https://env.example.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b493e5ef453bf685 Environment-variable access.
repo/packages/@n8n/cli/src/__tests__/config.test.ts:50
		process.env.N8N_API_KEY = 'env_key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3fcd9ac89c431e8a Environment-variable access.
repo/packages/@n8n/cli/src/__tests__/config.test.ts:88
		process.env.N8N_API_KEY = 'env_key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9dce4729ab591949 Filesystem access.
repo/packages/@n8n/cli/src/base-command.ts:156
			return fs.readFileSync(0, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9de388c238d96791 Filesystem access.
repo/packages/@n8n/cli/src/base-command.ts:159
			return fs.readFileSync(flags.file, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3031b7fe9c554b59 Filesystem access.
repo/packages/@n8n/cli/src/commands/package/export.ts:69
			fs.writeFileSync(flags.output, archive);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #71068a2daa7a6388 Filesystem access.
repo/packages/@n8n/cli/src/commands/package/import.ts:63
			const buffer = fs.readFileSync(flags.file);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4ea3e8fa2adf995d Filesystem access.
repo/packages/@n8n/cli/src/commands/skill/install.ts:39
		const content = fs.readFileSync(skillSource, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b42cf3544c56fa44 Filesystem access.
repo/packages/@n8n/cli/src/commands/skill/install.ts:61
		fs.writeFileSync(targetFile, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9a26e6e1a3d6e115 Filesystem access.
repo/packages/@n8n/cli/src/commands/skill/install.ts:77
			const existing = fs.readFileSync(targetFile, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #089012ec14e5d45f Filesystem access.
repo/packages/@n8n/cli/src/commands/skill/install.ts:82
			fs.writeFileSync(targetFile, `${existing}\n\n${stripped}`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a904606d61d7eaa4 Filesystem access.
repo/packages/@n8n/cli/src/commands/skill/install.ts:85
			fs.writeFileSync(targetFile, stripped);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d91eb60eda687380 Filesystem access.
repo/packages/@n8n/cli/src/commands/skill/install.ts:95
			const existing = fs.readFileSync(targetFile, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #47939a590e566624 Filesystem access.
repo/packages/@n8n/cli/src/commands/skill/install.ts:100
			fs.writeFileSync(targetFile, `${existing}\n\n${stripped}`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aa14be830f379585 Filesystem access.
repo/packages/@n8n/cli/src/commands/skill/install.ts:103
			fs.writeFileSync(targetFile, stripped);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2572862ecad6793d Filesystem access.
repo/packages/@n8n/cli/src/config.ts:21
		const raw = fs.readFileSync(CONFIG_FILE, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d07864ddb3c06fcb Filesystem access.
repo/packages/@n8n/cli/src/config.ts:30
	fs.writeFileSync(CONFIG_FILE, JSON.stringify(config, null, 2) + '\n', {
		mode: 0o600,
	});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d07d17cb44488838 Environment-variable access.
repo/packages/@n8n/cli/src/config.ts:52
		url: flags.url ?? process.env.N8N_URL ?? config.url,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b8324eac57b678d8 Environment-variable access.
repo/packages/@n8n/cli/src/config.ts:53
		apiKey: flags.apiKey ?? process.env.N8N_API_KEY ?? config.apiKey,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8caa7a6fe09a21f3 Environment-variable access.
repo/packages/@n8n/computer-use/src/config.test.ts:102
		process.env.N8N_GATEWAY_ALLOWED_ORIGINS = 'https://from-env.example.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #39e48e151ef8dd99 Environment-variable access.
repo/packages/@n8n/computer-use/src/config.ts:78
	return process.env[`${ENV_PREFIX}${name}`];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #982fcb003bee6b44 Environment-variable access.
repo/packages/@n8n/computer-use/src/config.ts:167
	const logLevel = envString('LOG_LEVEL') ?? process.env.LOG_LEVEL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d9714e8f0abd28c5 Filesystem access.
repo/packages/@n8n/computer-use/src/settings-store.test.ts:44
		await fs.writeFile(path.join(dir, 'settings.json'), JSON.stringify(initial), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d1763c5ac2cb1a7c Filesystem access.
repo/packages/@n8n/computer-use/src/settings-store.test.ts:87
		await fs.writeFile(filePath, 'not-json', 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8c774de1097d2d6e Filesystem access.
repo/packages/@n8n/computer-use/src/settings-store.test.ts:102
		const raw = await fs.readFile(path.join(tmpDir, '.n8n-gateway', 'settings.json'), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b4f7b665bd61f8af Filesystem access.
repo/packages/@n8n/computer-use/src/settings-store.test.ts:121
		await fs.writeFile(file, existing, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4ea68fa032965474 Filesystem access.
repo/packages/@n8n/computer-use/src/settings-store.test.ts:124
		const raw = await fs.readFile(file, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3b421f10ff8b9348 Filesystem access.
repo/packages/@n8n/computer-use/src/settings-store.test.ts:243
		const raw = await fs.readFile(path.join(tmpDir, '.n8n-gateway', 'settings.json'), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0fcf8042aa0964ea Filesystem access.
repo/packages/@n8n/computer-use/src/settings-store.ts:107
		await fs.writeFile(filePath, JSON.stringify(initialSettings, null, 2), {
			encoding: 'utf-8',
			mode: 0o600,
		});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ea1bcef6ab17a2a2 Filesystem access.
repo/packages/@n8n/computer-use/src/settings-store.ts:264
		await fs.writeFile(this.filePath, JSON.stringify(this.persistent, null, 2), {
			encoding: 'utf-8',
			mode: 0o600,
		});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #20fc9f8fd5d53dae Filesystem access.
repo/packages/@n8n/computer-use/src/settings-store.ts:277
		const raw = await fs.readFile(filePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6292c2c2252fc9be Filesystem access.
repo/packages/@n8n/computer-use/src/startup-config-cli.test.ts:102
		const raw = await fs.readFile(nodePath.join(tmpDir, '.n8n-gateway', 'settings.json'), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d3b12fb66c1f0bf2 Filesystem access.
repo/packages/@n8n/computer-use/src/startup-config-cli.test.ts:123
		const raw = await fs.readFile(nodePath.join(tmpDir, '.n8n-gateway', 'settings.json'), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fff098bbf442a3c8 Filesystem access.
repo/packages/@n8n/computer-use/src/startup-config-cli.test.ts:137
		await fs.writeFile(file, existing, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #371c7e725106d88f Filesystem access.
repo/packages/@n8n/computer-use/src/startup-config-cli.test.ts:141
		const raw = await fs.readFile(file, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e64268b68abd5d1e Filesystem access.
repo/packages/@n8n/computer-use/src/startup-config-cli.test.ts:150
		const raw = await fs.readFile(nodePath.join(tmpDir, '.n8n-gateway', 'settings.json'), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b4654196ee63a3ce Filesystem access.
repo/packages/@n8n/computer-use/src/tools/filesystem/edit-file.ts:38
		const content = await fs.readFile(resolvedReadablePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cae6d46fc51c171e Filesystem access.
repo/packages/@n8n/computer-use/src/tools/filesystem/edit-file.ts:44
		await fs.writeFile(resolvedWritablePath, content.replace(oldString, newString), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5abbc8bf4ab44cb1 Filesystem access.
repo/packages/@n8n/computer-use/src/tools/filesystem/read-file.ts:47
		const fileContent = await fs.readFile(resolvedPath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bdefefcbccbc9ccb Filesystem access.
repo/packages/@n8n/computer-use/src/tools/filesystem/search-files.test.ts:29
	await fs.writeFile(fullPath, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a9501ad513232999 Filesystem access.
repo/packages/@n8n/computer-use/src/tools/filesystem/search-files.test.ts:231
			await fs.writeFile(path.join(baseDir, 'binary.dat'), Buffer.from([0xff, 0xfe, 0xfd, 0xfc]));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9828f232acb14dbe Filesystem access.
repo/packages/@n8n/computer-use/src/tools/filesystem/search-files.ts:95
				const fileContent = await fs.readFile(fullPath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3eeebc30041bdd71 Filesystem access.
repo/packages/@n8n/computer-use/src/tools/filesystem/write-file.ts:35
		await fs.writeFile(resolvedPath, content, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b3d678c55e936cca Environment-variable access.
repo/packages/@n8n/computer-use/src/tools/mouse-keyboard/index.ts:18
		if (process.env.WAYLAND_DISPLAY && !process.env.DISPLAY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #22dde78e7c918212 Environment-variable access.
repo/packages/@n8n/computer-use/src/tools/mouse-keyboard/mouse-keyboard.test.ts:259
	const originalWaylandDisplay = process.env.WAYLAND_DISPLAY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #355d6048d47bf426 Environment-variable access.
repo/packages/@n8n/computer-use/src/tools/mouse-keyboard/mouse-keyboard.test.ts:260
	const originalDisplay = process.env.DISPLAY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #76e8cc6d8cc8c4a8 Environment-variable access.
repo/packages/@n8n/computer-use/src/tools/mouse-keyboard/mouse-keyboard.test.ts:265
			delete process.env.WAYLAND_DISPLAY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f8a189f8a74437e9 Environment-variable access.
repo/packages/@n8n/computer-use/src/tools/mouse-keyboard/mouse-keyboard.test.ts:267
			process.env.WAYLAND_DISPLAY = originalWaylandDisplay;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #df8618ca04e95b5e Environment-variable access.
repo/packages/@n8n/computer-use/src/tools/mouse-keyboard/mouse-keyboard.test.ts:270
			delete process.env.DISPLAY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #38a472eaa449760c Environment-variable access.
repo/packages/@n8n/computer-use/src/tools/mouse-keyboard/mouse-keyboard.test.ts:272
			process.env.DISPLAY = originalDisplay;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5c868ec9da19bd5e Environment-variable access.
repo/packages/@n8n/computer-use/src/tools/mouse-keyboard/mouse-keyboard.test.ts:278
		process.env.WAYLAND_DISPLAY = 'wayland-0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f44f83017aa1e67c Environment-variable access.
repo/packages/@n8n/computer-use/src/tools/mouse-keyboard/mouse-keyboard.test.ts:279
		delete process.env.DISPLAY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e3593adcb0ced6d9 Environment-variable access.
repo/packages/@n8n/computer-use/src/tools/mouse-keyboard/mouse-keyboard.test.ts:287
		delete process.env.WAYLAND_DISPLAY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9cef3f93bc19f972 Environment-variable access.
repo/packages/@n8n/computer-use/src/tools/mouse-keyboard/mouse-keyboard.test.ts:288
		process.env.DISPLAY = ':0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #08b6146c8051f707 Environment-variable access.
repo/packages/@n8n/computer-use/src/tools/mouse-keyboard/mouse-keyboard.test.ts:297
		delete process.env.WAYLAND_DISPLAY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #43f642eed3adaab7 Environment-variable access.
repo/packages/@n8n/computer-use/src/tools/mouse-keyboard/mouse-keyboard.test.ts:298
		process.env.DISPLAY = ':0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e4c6fbae7d351391 Environment-variable access.
repo/packages/@n8n/config/src/configs/database.config.ts:146
	const raw = process.env.N8N_DB_PING_TIMEOUT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1bc5d5c0a85756ed Filesystem access.
repo/packages/@n8n/config/src/decorators.ts:3
import { readFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9c69da13bbaadd96 Environment-variable access.
repo/packages/@n8n/config/src/decorators.ts:20
	if (envName in process.env) return process.env[envName];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d62683858b5f824c Environment-variable access.
repo/packages/@n8n/config/src/decorators.ts:23
	const filePath = process.env[`${envName}_FILE`];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #719bf4c34d1a4ef4 Filesystem access.
repo/packages/@n8n/config/src/decorators.ts:25
		const value = readFileSync(filePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ff352ac8a1a4e300 Environment-variable access.
repo/packages/@n8n/config/src/utils/utils.ts:9
	const userHome = process.env.N8N_USER_FOLDER ?? process.env[homeVarName] ?? process.cwd();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9cc3149f708b0bcf Filesystem access.
repo/packages/@n8n/db/scripts/new-migration.mjs:74
	const original = readFileSync(indexPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9dfb91f4119bd0cd Filesystem access.
repo/packages/@n8n/db/scripts/new-migration.mjs:100
	writeFileSync(indexPath, lines.join('\n'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #30526fb493b86925 Filesystem access.
repo/packages/@n8n/db/scripts/new-migration.mjs:129
	writeFileSync(targetFile, migrationTemplate(className));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6150d95a42025e42 Environment-variable access.
repo/packages/@n8n/db/scripts/schema-docs.mjs:55
	const args = { command: null, dbType: null, docker: !!process.env.CI };

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f8c646880d074aa4 Environment-variable access.
repo/packages/@n8n/db/scripts/schema-docs.mjs:115
		process.env.DB_TYPE = 'sqlite';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c1d07d1ece19a60a Environment-variable access.
repo/packages/@n8n/db/scripts/schema-docs.mjs:116
		process.env.DB_SQLITE_DATABASE = file;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #444f4b7af0a53685 Environment-variable access.
repo/packages/@n8n/db/scripts/schema-docs.mjs:117
		process.env.DB_TABLE_PREFIX = '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #29059218c245fb17 Environment-variable access.
repo/packages/@n8n/db/scripts/schema-docs.mjs:137
	process.env.DB_TYPE = 'postgresdb';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #63b5e467519b7fc8 Environment-variable access.
repo/packages/@n8n/db/scripts/schema-docs.mjs:138
	process.env.DB_POSTGRESDB_HOST = conn.host;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f0a13c0353a13267 Environment-variable access.
repo/packages/@n8n/db/scripts/schema-docs.mjs:139
	process.env.DB_POSTGRESDB_PORT = String(conn.port);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #05305b1f86e34555 Environment-variable access.
repo/packages/@n8n/db/scripts/schema-docs.mjs:140
	process.env.DB_POSTGRESDB_DATABASE = conn.database;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7b7a0d3e10e17cf0 Environment-variable access.
repo/packages/@n8n/db/scripts/schema-docs.mjs:141
	process.env.DB_POSTGRESDB_USER = conn.username;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5469022a3384116d Environment-variable access.
repo/packages/@n8n/db/scripts/schema-docs.mjs:142
	process.env.DB_POSTGRESDB_PASSWORD = conn.password;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #19d5cbd9457ef856 Environment-variable access.
repo/packages/@n8n/db/scripts/schema-docs.mjs:143
	process.env.DB_POSTGRESDB_SCHEMA = conn.schema;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9acf473bd8c7e320 Environment-variable access.
repo/packages/@n8n/db/scripts/schema-docs.mjs:144
	process.env.DB_TABLE_PREFIX = '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5ada62987e0d9363 Environment-variable access.
repo/packages/@n8n/db/src/connection/__tests__/db-connection-monitor.recovery.postgres.test.ts:106
const externalHost = process.env.DB_POSTGRESDB_HOST ?? '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c045f0b93d7f578a Environment-variable access.
repo/packages/@n8n/db/src/connection/__tests__/db-connection-monitor.recovery.postgres.test.ts:169
				port: Number(process.env.DB_POSTGRESDB_PORT ?? '5432'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #88674aa962bb8728 Environment-variable access.
repo/packages/@n8n/db/src/connection/__tests__/db-connection-monitor.recovery.postgres.test.ts:170
				username: process.env.DB_POSTGRESDB_USER ?? 'postgres',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f32674ff77fabca3 Environment-variable access.
repo/packages/@n8n/db/src/connection/__tests__/db-connection-monitor.recovery.postgres.test.ts:171
				password: process.env.DB_POSTGRESDB_PASSWORD ?? 'postgres',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e0025c831af26fb7 Environment-variable access.
repo/packages/@n8n/db/src/connection/__tests__/db-connection-monitor.recovery.postgres.test.ts:172
				database: process.env.DB_POSTGRESDB_DATABASE ?? 'postgres',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4db78c27fdb3dc79 Environment-variable access.
repo/packages/@n8n/db/src/connection/db-connection.ts:60
		if (process.env.N8N_DB_PING_TIMEOUT) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b6c017349f1dec36 Filesystem access.
repo/packages/@n8n/db/src/migrations/common/1711390882123-MoveSshKeysToDatabase.ts:31
				readFile(this.privateKeyPath, { encoding: 'utf8' }),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8893efc9a7e2512f Filesystem access.
repo/packages/@n8n/db/src/migrations/common/1711390882123-MoveSshKeysToDatabase.ts:32
				readFile(this.publicKeyPath, { encoding: 'utf8' }),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #de836ae3e7081df3 Filesystem access.
repo/packages/@n8n/db/src/migrations/common/1711390882123-MoveSshKeysToDatabase.ts:111
				writeFile(this.privateKeyPath, privateKey, { encoding: 'utf8', mode: 0o600 }),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #07a92ec3cde484bb Filesystem access.
repo/packages/@n8n/db/src/migrations/common/1711390882123-MoveSshKeysToDatabase.ts:112
				writeFile(this.publicKeyPath, publicKey, { encoding: 'utf8', mode: 0o600 }),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0aa1d4d8432a3555 Filesystem access.
repo/packages/@n8n/db/src/migrations/migration-helpers.ts:6
import { readFileSync, rmSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b52cfbac98f1d1d6 Filesystem access.
repo/packages/@n8n/db/src/migrations/migration-helpers.ts:20
		const surveyFile = readFileSync(filename, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #06ed83c82bba0b31 Environment-variable access.
repo/packages/@n8n/db/src/migrations/migration-helpers.ts:46
	if (process.env.NODE_ENV === 'test') return;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ac2980bdb929a2cc Environment-variable access.
repo/packages/@n8n/db/src/migrations/migration-helpers.ts:58
	if (process.env.NODE_ENV === 'test') return;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a3c12fbff25c8d34 Filesystem access.
repo/packages/@n8n/db/src/migrations/sqlite/1690000000002-MigrateIntegerKeysToString.ts:3
import { statSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7f6ebafd120842c6 Environment-variable access.
repo/packages/@n8n/db/src/migrations/sqlite/1690000000002-MigrateIntegerKeysToString.ts:191
const migrationsPruningEnabled = process.env.MIGRATIONS_PRUNING_ENABLED === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #62b1d4fa9d7ec082 Filesystem access.
repo/packages/@n8n/db/vite.config.ts:75
			const next = fs.existsSync(norm) ? fs.readFileSync(norm, 'utf-8') : undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ec9ab14106b8a4b3 Filesystem access.
repo/packages/@n8n/db/vite.config.ts:93
				const text = cached ?? (fs.existsSync(f) ? fs.readFileSync(f, 'utf-8') : undefined);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8717fdfb5883ad35 Environment-variable access.
repo/packages/@n8n/eslint-config/src/configs/base.ts:418
			'unused-imports/no-unused-imports': process.env.NODE_ENV === 'development' ? 'warn' : 'error',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9339deeb29b48003 Environment-variable access.
repo/packages/@n8n/eslint-config/src/configs/base.ts:436
			'n8n-local-rules/no-skipped-tests': process.env.NODE_ENV === 'development' ? 'warn' : 'error',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #30b7d90401d544bd Environment-variable access.
repo/packages/@n8n/eslint-config/src/configs/frontend.ts:8
const isCI = process.env.CI === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cd9efb49cdee7eb2 Filesystem access.
repo/packages/@n8n/eslint-plugin-community-nodes/src/utils/file-utils.ts:78
		const content = readFileSync(packageJsonPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c7d1feb670aebbe9 Filesystem access.
repo/packages/@n8n/eslint-plugin-community-nodes/src/utils/file-utils.ts:127
		const sourceCode = readFileSync(credentialFilePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8d3dfac702f40129 Filesystem access.
repo/packages/@n8n/eslint-plugin-community-nodes/src/utils/file-utils.ts:250
		const sourceCode = readFileSync(nodeFile, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4a4e08c9f9b2e20a Filesystem access.
repo/packages/@n8n/expression-runtime/src/bridge/isolated-vm-bridge.ts:70
			return await readFile(path.join(dir, BUNDLE_RELATIVE_PATH), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5d422d3588dddfd6 Filesystem access.
repo/packages/@n8n/extension-sdk/scripts/create-json-schema.ts:3
import { writeFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #41dc6b85f98ea588 Filesystem access.
repo/packages/@n8n/extension-sdk/scripts/create-json-schema.ts:21
	await writeFile(resolve(rootDir, filepath), formattedSchema);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bdf0c93a71c36f26 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/case-files-schema.test.ts:19
		const raw = jsonParse<unknown>(readFileSync(join(WORKFLOWS_DIR, file), 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fa05d15abdb62512 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:18
			originalEnv[key] = process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d8bca97deeabfa58 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:19
			delete process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #45eae11b4cae8fb7 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:26
				delete process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ac7a68f43fe84d31 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:28
				process.env[key] = originalEnv[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #808dc7f22ba9c303 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:35
			process.env.GITHUB_ACTIONS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7e428493dad55d14 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:36
			process.env.GITHUB_SHA = '357e949547671e2cd1c017eb4e7c809cd55bd121';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5f531657d4bc7790 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:40
			process.env.LANGSMITH_BRANCH = 'feature-branch';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #076d3189f32e6fd5 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:41
			process.env.GITHUB_HEAD_REF = 'should-not-be-used';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ff377e3167449b90 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:42
			process.env.GITHUB_REF_NAME = '30711/merge';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9bb70aaa7045a583 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:48
			process.env.GITHUB_HEAD_REF = 'feature-x';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4376ea7cf538b70d Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:49
			process.env.GITHUB_REF_NAME = '30711/merge';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9ffefe4a7ef17865 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:55
			process.env.GITHUB_REF_NAME = 'master';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c65f4dc4e30c50b1 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:61
			process.env.LANGSMITH_BRANCH = '30711/merge';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #283eb6f86c3a7e03 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:67
			process.env.LANGSMITH_BRANCH = 'feature//thing';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b2ce269068507919 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:73
			delete process.env.GITHUB_SHA;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #047f0b5d962d6057 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:74
			process.env.LANGSMITH_BRANCH = 'feature-x';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ea67681db027db9c Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:86
			process.env.LANGSMITH_BRANCH = 'should-not-be-used';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c0e8b3d1a9e71a94 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:109
			originalEnv[key] = process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0414b4aa87c04986 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:110
			delete process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c1d845420cca51b2 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:117
				delete process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #baaec0de386244b8 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:119
				process.env[key] = originalEnv[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5cb6420127ce86de Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:129
		process.env.GITHUB_ACTIONS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #21192746137d7dd5 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:130
		process.env.GITHUB_EVENT_NAME = 'pull_request_review';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2b107de724e77c0e Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:131
		process.env.GITHUB_RUN_ID = '12345';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2486a11d62947654 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:141
		process.env.GITHUB_ACTIONS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #346a6d35b6ab9694 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:142
		process.env.LANGSMITH_BRANCH = 'feature-x';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #74a507b2ab1b53d5 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:143
		process.env.LANGSMITH_REVISION_ID = '357e949547671e2cd1c017eb4e7c809cd55bd121';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5885ff73bd7f3df5 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:144
		process.env.GITHUB_REF = 'refs/pull/30711/merge';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8dacc16711612aff Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/conversation-seed.test.ts:53
		writeFileSync(path, JSON.stringify(makeSeed()));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d502c2d36dfd0f1b Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/conversation-seed.test.ts:62
		writeFileSync(path, JSON.stringify({ messages: [{ id: 'm1' }] }));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #780fe902e47b7fa6 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/conversation-seed.test.ts:69
		writeFileSync(path, JSON.stringify({ messages: [] }));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #14d6136f25168567 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/data-workflows-schema.test.ts:9
import { readdirSync, readFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b050750d09e35d55 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/data-workflows.test.ts:9
import { readdirSync, readFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e5747da1a0c9b219 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/mcp-builder-timeout.test.ts:3
import { mkdtempSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fbad1b96344e384d Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/mcp-builder.test.ts:3
import { mkdtempSync, readFileSync, rmSync, statSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #afa8e52fcfd26c2e Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/mcp-builder.test.ts:221
		const logged = readFileSync(String(result.logFile), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #19dca41ee5f511af Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/mcp-builder.test.ts:271
			const parsed: unknown = JSON.parse(readFileSync(path, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #357a8aca22bb40a2 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/prebuilt-workflows.test.ts:1
import { mkdtempSync, rmSync, writeFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e8a87e6977502f01 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/prebuilt-workflows.test.ts:30
		writeFileSync(path, JSON.stringify(content));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #31d90d09129058aa Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/prebuilt-workflows.test.ts:56
		writeFileSync(path, '{ this is not json');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #63d9d9d061225119 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/stub-services.test.ts:15
	await fs.writeFile(file, JSON.stringify(entries), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5d2dafe7b03dc81e Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/checklist/verifier.ts:38
const VERIFIER_DEBUG = process.env.N8N_EVAL_VERIFIER_DEBUG === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5cf5435bb8e29793 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/cli/args.ts:190
	if (validated.buildViaMcp && !process.env.LANGSMITH_API_KEY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d74024a95014dbfa Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/build-mcp-manifest.ts:8
import { existsSync, mkdirSync, readFileSync, readdirSync, unlinkSync, writeFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f22f58c79f5d524d Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/build-mcp-manifest.ts:248
	const content = readFileSync(path, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6dab2887be6d0e08 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/build-mcp-manifest.ts:373
	writeFileSync(args.manifestPath, JSON.stringify(manifest, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #667c5dfb050e8313 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/build-mcp-manifest.ts:402
	writeFileSync(args.statsPath, JSON.stringify(stats, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c68317912618d5a5 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/build-mcp-manifest.ts:572
	console.log(readFileSync(args.manifestPath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cdf4e9935516b4c2 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/cli/ci-metadata.ts:31
	const isCI = process.env.GITHUB_ACTIONS === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fb5fb68a64b8dfc3 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/cli/ci-metadata.ts:39
		trigger: process.env.GITHUB_EVENT_NAME,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c743ff2dcbbc16f5 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/cli/ci-metadata.ts:40
		runId: process.env.GITHUB_RUN_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #80c1de8caf96bc3a Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/cli/ci-metadata.ts:42
			process.env.LANGSMITH_BRANCH ?? process.env.GITHUB_HEAD_REF ?? process.env.GITHUB_REF_NAME,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #833d9261a611c6e4 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/cli/ci-metadata.ts:43
		commitSha: process.env.LANGSMITH_REVISION_ID ?? process.env.GITHUB_SHA,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #981a9d41629af257 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/cli/ci-metadata.ts:45
		prNumber: process.env.GITHUB_REF?.match(/refs\/pull\/(\d+)\//)?.[1],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #358d69915bd531b1 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/cli/ci-metadata.ts:70
	if (process.env.GITHUB_ACTIONS !== 'true') return undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5c1e7df9f3c8e692 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/cli/ci-metadata.ts:73
		process.env.LANGSMITH_BRANCH ?? process.env.GITHUB_HEAD_REF ?? process.env.GITHUB_REF_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4088262a2ab73073 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/cli/ci-metadata.ts:74
	const sha = process.env.GITHUB_SHA;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #36037d842b195034 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/compare-pairwise.ts:163
		fs.readFile(summaryPath, 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f8ad2c69e2bf820 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/compare-pairwise.ts:164
		fs.readFile(resultsPath, 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f4d44838ab46a089 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/compare-pairwise.ts:421
		return await fs.readFile(filePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c99a548bce015bf9 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/compare-pairwise.ts:1256
	await fs.writeFile(args.out, html, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7ff1bf1e22fee552 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/index.ts:11
import { mkdirSync, unlinkSync, writeFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #757769b002eef02a Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/cli/index.ts:390
		const hasLangSmith = Boolean(process.env.LANGSMITH_API_KEY);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fb370b4ef1fcd775 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/cli/index.ts:433
		const commitSha = process.env.LANGSMITH_REVISION_ID ?? process.env.GITHUB_SHA;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dee4a9e95ae92960 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/index.ts:1605
	writeFileSync(jsonPath, JSON.stringify(report, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #70be8c0b75e973be Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/index.ts:1611
	writeFileSync(
		prCommentPath,
		formatComparisonMarkdown(evaluation, outcome, {
			commitSha,
			slugByTestCase,
			rerun,
			gate,
			passMetrics: { passAtK: metrics.passAtK, passHatK: metrics.passHatK },
			experimentUrl,
		}),
	);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3bbab683f33775cb Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/mcp-builder.ts:18
import { existsSync, readFileSync, writeFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #078c131f39e87eaf Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/mcp-builder.ts:39
	const content = readFileSync(path, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #51b7550807568382 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/mcp-builder.ts:69
	writeFileSync(tmpPath, JSON.stringify({ mcpServers: { [serverName]: block } }), { mode: 0o600 });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d1c0859fff94bb13 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/mcp-builder.ts:314
			writeFileSync(logFile, stdout || stderr || fallback);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1069f6303e05d560 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/pairwise.ts:81
		const content = readFileSync(exampleIdsFile, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0a6b1b83864892bf Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/cli/pairwise.ts:105
		baseUrl: get('--base-url') ?? process.env.N8N_EVAL_BASE_URL ?? 'http://localhost:5678',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c96151fdbc3ca61c Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/pairwise.ts:189
	const content = readFileSync(absolute, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3f740252ff038c64 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/pairwise.ts:456
				await fs.writeFile(workflowPath, JSON.stringify(record.workflow, null, 2), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2dd38e966e6a7565 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/pairwise.ts:460
	await fs.writeFile(jsonlPath, lines.join('\n') + '\n', 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0f3ed65e5a26ebc2 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/pairwise.ts:501
	await fs.writeFile(csvPath, [csvHeader, ...csvRows].join('\n') + '\n', 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5f85319423d99e62 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/pairwise.ts:592
	await fs.writeFile(
		path.join(outputDir, 'summary.json'),
		JSON.stringify(summary, null, 2),
		'utf8',
	);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6d7dd13c89171120 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/pairwise.ts:617
		await fs.writeFile(reportFile, html, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cd3ce41b7b8e7043 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/cli/pairwise.ts:637
	const apiKey = process.env.N8N_AI_ANTHROPIC_KEY ?? process.env.ANTHROPIC_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #95bc7f076443add0 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/report.ts:124
				fs.readFile(summaryPath, 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9bfc5fd78320d435 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/report.ts:125
				fs.readFile(resultsPath, 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b31a1327bcfaafc1 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/report.ts:674
	await fs.writeFile(args.reportFile, html, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cbafab21bc613dd9 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/clients/n8n-client.ts:142
		const loginEmail = email ?? process.env.N8N_EVAL_EMAIL ?? '[email protected]';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #447aa39f50895b45 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/clients/n8n-client.ts:143
		const loginPassword = password ?? process.env.N8N_EVAL_PASSWORD ?? 'PlaywrightTest123';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9b6b054b8d58b0ef Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/computer-use/__tests__/graders-fs.test.ts:19
		await writeFile(join(dir, 'README.md'), '# hello');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #55903ea59036b15c Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/computer-use/__tests__/graders-fs.test.ts:26
		await writeFile(join(dir, 'docs', 'workflow.md'), '...');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bb254a1600d92fa0 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/computer-use/__tests__/graders-fs.test.ts:32
		await writeFile(join(dir, 'readme.txt'), '...');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8d7b4c0e36c480b9 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/computer-use/__tests__/graders-fs.test.ts:40
			await writeFile(join(outside, 'secret.md'), 'should not be readable');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1e7ffdafb47df8e5 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/computer-use/__tests__/graders-fs.test.ts:54
			await writeFile(join(parent, 'sibling.md'), '# sibling');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3945eb6a41575785 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/computer-use/__tests__/graders-fs.test.ts:83
		await writeFile(join(dir, 'leftover.md'), '# still here');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e32513c8299ec2e0 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/computer-use/__tests__/graders-fs.test.ts:93
		await writeFile(join(dir, 'project', 'briefing.md'), '# moved');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5c1512f7a4f47abc Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/computer-use/__tests__/graders-fs.test.ts:114
		await writeFile(join(dir, 'doc.md'), '# Architecture\n\nThis describes the workflow.');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b494e0be16c36737 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/computer-use/__tests__/graders-fs.test.ts:124
		await writeFile(join(dir, 'doc.md'), 'random unrelated content');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #caeac340e6c8e099 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/computer-use/__tests__/graders-fs.test.ts:134
		await writeFile(join(dir, 'doc.md'), '# Architecture only');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #849914cbe7625076 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/computer-use/cli.ts:137
		const raw = await readFile(join(dataDir, file), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7154012959f14a99 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/computer-use/cli.ts:213
		const raw = await readFile(packageJsonPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a5dbacc57f51d185 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/computer-use/cli.ts:295
	await writeFile(reportPath, JSON.stringify(report, null, 2), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8f35f47dd22cdb6b Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/computer-use/cli.ts:302
		await writeFile(htmlPath, renderHtml(report), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1bc3542454be0a3b Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/computer-use/graders/fs.ts:75
			content = await readFile(absPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c45d8d4d0dd9da12 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/computer-use/render-existing.ts:15
const report = jsonParse<RunReport>(readFileSync(inputPath, 'utf-8'), {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2d8a693ab6333081 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/computer-use/render-existing.ts:18
writeFileSync(outputPath, renderHtml(report), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74d547b654aa01c4 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/computer-use/runner.ts:205
	const raw = await readFile(fixturePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9b557892e6e5851d Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/credentials/seeder.ts:115
		const envToken = template.envVar ? process.env[template.envVar] : undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d0dba7ea56c8756f Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/data/discovery/index.ts:1
import { readFileSync, readdirSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eb4399b65e039e91 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/data/discovery/index.ts:13
	const content = readFileSync(filePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a4abfa1f25bd8914 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/discovery/cli.ts:37
const DEFAULT_MODEL = process.env.N8N_INSTANCE_AI_EVAL_MODEL ?? 'anthropic/claude-sonnet-4-6';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f6f36bc5afd7b601 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/discovery/cli.ts:266
	if (!process.env.ANTHROPIC_API_KEY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1c6d5e2bcbcebb11 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/export-latest-verifier-request.ts:292
	return jsonParse<T>(readFileSync(filePath, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d8deee55d21492cf Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/export-latest-verifier-request.ts:354
		model: (process.env.N8N_INSTANCE_AI_MODEL ?? 'openai/gpt-5.5').split('/').at(-1) ?? 'gpt-5.5',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #82dcd1c7629ec772 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/export-latest-verifier-request.ts:404
	writeFileSync(outputPath, JSON.stringify(requestBody, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #321a023e53b4010e Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/harness/conversation-seed.ts:63
		raw = JSON.parse(readFileSync(filePath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #68ad1a4fdcebcfde Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/harness/langsmith-seed.ts:90
		process.env.LANGSMITH_ENDPOINT ?? process.env.LANGCHAIN_ENDPOINT ?? US_DEFAULT_ENDPOINT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74a98475836c9343 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/harness/langsmith-seed.ts:92
	const homeKey = process.env.LANGSMITH_API_KEY ?? process.env.LANGCHAIN_API_KEY ?? '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #55e9049d3cb46f55 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/harness/langsmith-seed.ts:98
	const usHost = bareHost(process.env.LANGSMITH_ENDPOINT_US ?? US_DEFAULT_ENDPOINT);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dc704b2321490366 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/harness/langsmith-seed.ts:100
		const usKey = process.env.LANGSMITH_API_KEY_US ?? '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #61e0b4760ce4451b Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/harness/prebuilt-workflows.ts:20
import { readFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e3d0e48e1352187e Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/harness/prebuilt-workflows.ts:36
		raw = JSON.parse(readFileSync(path, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #af645a9ecd8c7dfd Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/harness/runner.ts:96
	const raw = process.env.N8N_EVAL_MAX_CONCURRENT_SCENARIOS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d794fb0525a7519e Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/harness/runner.ts:190
		await writeFile(
			filePath,
			JSON.stringify(
				{
					timestamp,
					workflowId: input.workflowId,
					testCaseName: input.testCaseName,
					scenarioName: input.scenarioName,
					passed: input.passed,
					result: input.result ?? null,
					verificationResults: input.verificationResults,
					verifierAttempts: input.verifierAttempts,
					buildTrace: input.buildTrace ?? null,
				},
				null,
				2,
			),
			'utf8',
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0e6fc3d61f2b097b Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/harness/runner.ts:1451
		process.env.N8N_INSTANCE_AI_MODEL_API_KEY ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #601c1456a3e3e988 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/harness/runner.ts:1452
			process.env.N8N_AI_ANTHROPIC_KEY ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #765b827dfb9d72bb Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/harness/runner.ts:1453
			process.env.ANTHROPIC_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9642d6f7edb10c9b Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/harness/stub-services.ts:402
		content = await fs.readFile(jsonPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2b14ff5387a04fc8 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/report/run-debug-report.ts:25
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #872b679a43bf11be Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/report/run-debug-report.ts:426
	fs.writeFileSync(reportPath, html);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #283766222566d0db Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/report/run-debug-report.ts:427
	fs.writeFileSync(path.join(reportDir, 'workflow-eval-llm-debug.html'), html);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0e04bfc11ac0d28e Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/report/workflow-report.ts:10
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ffc28231de9a8837 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/report/workflow-report.ts:1641
	fs.writeFileSync(reportPath, html);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5f0e96b2a0e095b0 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/report/workflow-report.ts:1644
	fs.writeFileSync(path.join(reportDir, 'workflow-eval-report.html'), html);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b01628fdfa804174 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/subagent/cli.ts:56
		modelId: process.env.N8N_INSTANCE_AI_EVAL_MODEL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c1d49b966a03ead0 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/subagent/cli.ts:58
		baseUrl: process.env.N8N_EVAL_BASE_URL ?? 'http://localhost:5678',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1deefe97d8b17fbb Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/subagent/cli.ts:125
		const raw = readFileSync(join(DATA_DIR, file), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #526356ac5087d9b2 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/subagent/cli.ts:218
	const apiKey = process.env.LANGSMITH_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8cdfa92f3ce493fe Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/utils/get-json-files.ts:1
import { readdirSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #049f1e20e6771aeb Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/utils/load-eval-cases.ts:1
import { readFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ef98d45b618786c0 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/utils/load-eval-cases.ts:16
	const content = readFileSync(filePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f2131602a0094f84 Environment-variable access.
repo/packages/@n8n/instance-ai/scripts/build-snapshot.cjs:38
	return process.env.N8N_VERSION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ba4a13e6b402b731 Environment-variable access.
repo/packages/@n8n/instance-ai/scripts/build-snapshot.cjs:55
	const apiKey = process.env.DAYTONA_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1b1a139454444e60 Environment-variable access.
repo/packages/@n8n/instance-ai/scripts/build-snapshot.cjs:60
	const apiUrl = process.env.DAYTONA_API_URL || undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #684c825ae597bdcc Environment-variable access.
repo/packages/@n8n/instance-ai/scripts/build-snapshot.cjs:63
	const baseImage = process.env.SANDBOX_IMAGE || undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d48c6f366fde51cb Filesystem access.
repo/packages/@n8n/instance-ai/scripts/print-prompts.ts:12
import { mkdirSync, writeFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #85d1abff296abcf9 Filesystem access.
repo/packages/@n8n/instance-ai/scripts/print-prompts.ts:146
			writeFileSync(target, renderFile(agent, variant), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bcd0b6dc94d30752 Filesystem access.
repo/packages/@n8n/instance-ai/src/knowledge-base/materialize-knowledge-base.ts:177
			entry.content ?? (await readFile(join(referenceSourceDir, entry.fileName), 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #33ca65cf3aa97bad Environment-variable access.
repo/packages/@n8n/instance-ai/src/skills/__tests__/runtime-skills.test.ts:7
const ORIGINAL_ENABLED_MODULES = process.env.N8N_ENABLED_MODULES;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #42bf6b7df2e6a854 Environment-variable access.
repo/packages/@n8n/instance-ai/src/skills/__tests__/runtime-skills.test.ts:12
			delete process.env.N8N_ENABLED_MODULES;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3b96a92107cd02de Environment-variable access.
repo/packages/@n8n/instance-ai/src/skills/__tests__/runtime-skills.test.ts:14
			process.env.N8N_ENABLED_MODULES = ORIGINAL_ENABLED_MODULES;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e173c811eaf45747 Filesystem access.
repo/packages/@n8n/instance-ai/src/skills/__tests__/runtime-skills.test.ts:19
		const skill = readFileSync(
			join(INSTANCE_AI_SKILLS_DIR, 'workflow-builder', 'SKILL.md'),
			'utf-8',
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2705a27cdd8016da Environment-variable access.
repo/packages/@n8n/instance-ai/src/skills/__tests__/runtime-skills.test.ts:360
		delete process.env.N8N_ENABLED_MODULES;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #be36b03db5c67573 Environment-variable access.
repo/packages/@n8n/instance-ai/src/skills/__tests__/runtime-skills.test.ts:362
		process.env.N8N_ENABLED_MODULES = enabledModules;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ad6a84518296b66b Environment-variable access.
repo/packages/@n8n/instance-ai/src/tools/__tests__/executions.tool.test.ts:527
				const originalE2ETests = process.env.E2E_TESTS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #29db7210828827d0 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tools/__tests__/executions.tool.test.ts:528
				process.env.E2E_TESTS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c8e2982ab7b3e092 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tools/__tests__/executions.tool.test.ts:563
						delete process.env.E2E_TESTS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #912f5c03184b1f3f Environment-variable access.
repo/packages/@n8n/instance-ai/src/tools/__tests__/executions.tool.test.ts:565
						process.env.E2E_TESTS = originalE2ETests;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only #2feb42731f9bb361 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/@n8n/instance-ai/src/tools/__tests__/n8n-docs.tool.test.ts:127
		expect(registry.byUrl.get(GOOGLE_OAUTH_URL)?.title).toBe('Google: OAuth2 single service');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only #4ac27da916dad37d Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/@n8n/instance-ai/src/tools/__tests__/n8n-docs.tool.test.ts:128
		expect(registry.byUrl.get(FIGMA_CREDENTIALS_URL)?.title).toBe('Figma credentials');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #795f6b252d89c858 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tools/executions.tool.ts:189
	if (process.env.E2E_TESTS !== 'true' || allowList === undefined) return undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ddb77a7b9deb42ce Filesystem access.
repo/packages/@n8n/instance-ai/src/tools/workflows/build-workflow.tool.ts:226
		const raw = readFileSync(
			join(INSTANCE_AI_SKILLS_DIR, POST_BUILD_FLOW_SKILL_ID, 'SKILL.md'),
			'utf-8',
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1907914d813d096f Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:346
	const originalLangSmithApiKey = process.env.LANGSMITH_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c2212a73520900ac Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:347
	const originalLangSmithTracing = process.env.LANGSMITH_TRACING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4a2bd295529baaf6 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:348
	const originalLangChainTracingV2 = process.env.LANGCHAIN_TRACING_V2;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #67b36947c66b9b1e Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:349
	const originalLangSmithProject = process.env.LANGSMITH_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #87bc2005506c2841 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:350
	const originalLangChainProject = process.env.LANGCHAIN_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d9d6692972c4e82f Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:351
	const originalTraceInternal = process.env.N8N_INSTANCE_AI_TRACE_INTERNAL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #002833958414f6e9 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:352
	const originalDiagnosticsEnabled = process.env.N8N_DIAGNOSTICS_ENABLED;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c86c880976569f2f Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:357
		process.env.LANGSMITH_API_KEY = 'test-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4688c214675518ff Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:358
		delete process.env.LANGSMITH_TRACING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e6069bfc4f484490 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:359
		delete process.env.LANGCHAIN_TRACING_V2;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #56ee83c5fda7257e Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:360
		delete process.env.LANGSMITH_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5987549bc7f563aa Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:361
		delete process.env.LANGCHAIN_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f8c977f7f50d50a6 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:362
		delete process.env.N8N_INSTANCE_AI_TRACE_INTERNAL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ae4fccab99f53ab1 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:363
		delete process.env.N8N_DIAGNOSTICS_ENABLED;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fa7f2929be6fb728 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:367
		process.env.LANGSMITH_API_KEY = originalLangSmithApiKey;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2d3dfa6b7798fd93 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:369
			delete process.env.LANGSMITH_TRACING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8d7f5f48a8494a98 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:371
			process.env.LANGSMITH_TRACING = originalLangSmithTracing;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ee84f70b53306036 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:374
			delete process.env.LANGCHAIN_TRACING_V2;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a48c6e31dcf13c76 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:376
			process.env.LANGCHAIN_TRACING_V2 = originalLangChainTracingV2;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a34f2b58a9d81c94 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:379
			delete process.env.LANGSMITH_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0cf4f1d2d775a7cb Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:381
			process.env.LANGSMITH_PROJECT = originalLangSmithProject;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7b01bee84e65abfb Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:384
			delete process.env.LANGCHAIN_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f5cac93f90d602d7 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:386
			process.env.LANGCHAIN_PROJECT = originalLangChainProject;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e1740dbf2d659d46 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:389
			delete process.env.N8N_INSTANCE_AI_TRACE_INTERNAL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #889804199db7623e Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:391
			process.env.N8N_INSTANCE_AI_TRACE_INTERNAL = originalTraceInternal;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b7e8ec5f562fbbd2 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:394
			delete process.env.N8N_DIAGNOSTICS_ENABLED;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #26e36e0166e6be0f Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:396
			process.env.N8N_DIAGNOSTICS_ENABLED = originalDiagnosticsEnabled;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #779c57d67bf957b2 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:478
		delete process.env.LANGSMITH_TRACING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0e503f2bae7cd5e1 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:479
		delete process.env.LANGCHAIN_TRACING_V2;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1b8bfc58f90b2bc1 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:489
		expect(process.env.LANGSMITH_TRACING).toBeUndefined();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ca21c38e074eeba7 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:490
		expect(process.env.LANGCHAIN_TRACING_V2).toBeUndefined();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1384f3e05a545986 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:506
		process.env.LANGSMITH_PROJECT = 'instance-ai-evals';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #440bc6531e6e514a Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:1152
		process.env.N8N_INSTANCE_AI_TRACE_INTERNAL = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ba50b0b03a0c8cc2 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:1962
		delete process.env.LANGSMITH_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #14948e54085d9c72 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:1963
		delete process.env.LANGCHAIN_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5cf6d30c0b233c94 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:1964
		delete process.env.LANGSMITH_ENDPOINT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #61318fad1109fd94 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:1965
		delete process.env.LANGCHAIN_ENDPOINT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8709c0ee0281df6b Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:1966
		delete process.env.LANGSMITH_TRACING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #73cee262730492b2 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:1967
		delete process.env.LANGCHAIN_TRACING_V2;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7d5d9fd94b6bd3bb Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:1988
		process.env.N8N_DIAGNOSTICS_ENABLED = 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ffde20bd997ab579 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:2134
		process.env.LANGCHAIN_TRACING_V2 = 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #716a3a486b57c223 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:2154
	const originalLangSmithApiKey = process.env.LANGSMITH_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3fda1b0357b2e4a9 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:2155
	const originalLangSmithTracing = process.env.LANGSMITH_TRACING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #090e4f569ed97450 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:2156
	const originalLangChainTracingV2 = process.env.LANGCHAIN_TRACING_V2;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #176ac3004d618466 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:2157
	const originalDiagnosticsEnabled = process.env.N8N_DIAGNOSTICS_ENABLED;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #77cc0216b5c7d1ad Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:2162
		process.env.LANGSMITH_API_KEY = 'test-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a6c0aec1ed81d29d Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:2163
		delete process.env.LANGSMITH_TRACING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #63063cb2da989d2f Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:2164
		delete process.env.LANGCHAIN_TRACING_V2;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #99c4d77457bd8482 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:2165
		delete process.env.N8N_DIAGNOSTICS_ENABLED;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #264b9a12961e4370 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:2169
		process.env.LANGSMITH_API_KEY = originalLangSmithApiKey;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1fef0dbb3b6dbb94 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:2171
			delete process.env.LANGSMITH_TRACING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #55f842181f078350 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:2173
			process.env.LANGSMITH_TRACING = originalLangSmithTracing;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a87bc4a17b534ca8 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:2176
			delete process.env.LANGCHAIN_TRACING_V2;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #90d9606c14197bed Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:2178
			process.env.LANGCHAIN_TRACING_V2 = originalLangChainTracingV2;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a2d155042c5bd8d2 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:2181
			delete process.env.N8N_DIAGNOSTICS_ENABLED;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #45f3e15b116de9d3 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:2183
			process.env.N8N_DIAGNOSTICS_ENABLED = originalDiagnosticsEnabled;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b95943c7b35db98d Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:2217
		delete process.env.LANGSMITH_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #172488be756680d7 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:2218
		process.env.LANGCHAIN_TRACING_V2 = 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a9b0432dfa62acb0 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/langsmith-tracing.ts:671
	return process.env.LANGSMITH_PROJECT ?? process.env.LANGCHAIN_PROJECT ?? DEFAULT_PROJECT_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #11ab5fcd0be3ee86 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/langsmith-tracing.ts:675
	if (readBooleanEnvFlag(process.env.N8N_DIAGNOSTICS_ENABLED) === false) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8c2fa10ce89e6364 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/langsmith-tracing.ts:680
		process.env.LANGCHAIN_TRACING_V2 ?? process.env.LANGSMITH_TRACING,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3a68a9f0c54f12c0 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/langsmith-tracing.ts:690
		process.env.LANGSMITH_API_KEY ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6725a4e0849d0a64 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/langsmith-tracing.ts:691
			process.env.LANGCHAIN_API_KEY ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1f426f561036e995 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/langsmith-tracing.ts:692
			process.env.LANGSMITH_ENDPOINT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4fc6628339c09941 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/langsmith-tracing.ts:693
			process.env.LANGCHAIN_ENDPOINT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6d951d68cbe43ac9 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/langsmith-tracing.ts:700
		process.env.N8N_INSTANCE_AI_TRACE_INTERNAL === 'true' ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e845fb378beb5fa4 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/langsmith-tracing.ts:701
		process.env.N8N_INSTANCE_AI_TRACE_INCLUDE_INTERNAL === 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fc24b64394ca9534 Filesystem access.
repo/packages/@n8n/instance-ai/src/tracing/langsmith-tracing.ts:1496
				return extractPackageVersion(JSON.parse(await readFile(packageJsonPath, 'utf8')));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #835aacc50e8e8675 Environment-variable access.
repo/packages/@n8n/instance-ai/src/utils/__tests__/agent-feature-enabled.test.ts:3
const ORIGINAL_ENABLED_MODULES = process.env.N8N_ENABLED_MODULES;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #93e2f4b8f0c8b9cf Environment-variable access.
repo/packages/@n8n/instance-ai/src/utils/__tests__/agent-feature-enabled.test.ts:8
			delete process.env.N8N_ENABLED_MODULES;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #529a7ae1a84ce876 Environment-variable access.
repo/packages/@n8n/instance-ai/src/utils/__tests__/agent-feature-enabled.test.ts:10
			process.env.N8N_ENABLED_MODULES = ORIGINAL_ENABLED_MODULES;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1fd9119139a78302 Environment-variable access.
repo/packages/@n8n/instance-ai/src/utils/__tests__/agent-feature-enabled.test.ts:15
		delete process.env.N8N_ENABLED_MODULES;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #41f2b1d1ee61d849 Environment-variable access.
repo/packages/@n8n/instance-ai/src/utils/__tests__/agent-feature-enabled.test.ts:21
		process.env.N8N_ENABLED_MODULES = 'instance-ai';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #974473fa3480ba0c Environment-variable access.
repo/packages/@n8n/instance-ai/src/utils/__tests__/agent-feature-enabled.test.ts:27
		process.env.N8N_ENABLED_MODULES = 'instance-ai,agents';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6fcb5b94909fc1df Environment-variable access.
repo/packages/@n8n/instance-ai/src/utils/__tests__/agent-feature-enabled.test.ts:33
		process.env.N8N_ENABLED_MODULES = ' instance-ai, agents ';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4324a04c9cf2ee33 Environment-variable access.
repo/packages/@n8n/instance-ai/src/utils/__tests__/eval-agents.test.ts:38
		delete process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b87b9cbfd8890c37 Environment-variable access.
repo/packages/@n8n/instance-ai/src/utils/__tests__/eval-agents.test.ts:54
		process.env.N8N_AI_ANTHROPIC_KEY = 'legacy-anthropic-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2d3c7589e148ad7f Environment-variable access.
repo/packages/@n8n/instance-ai/src/utils/__tests__/eval-agents.test.ts:63
		process.env.N8N_INSTANCE_AI_MODEL_API_KEY = 'generic-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1442ed4006deb6ae Environment-variable access.
repo/packages/@n8n/instance-ai/src/utils/__tests__/eval-agents.test.ts:64
		process.env.N8N_AI_ANTHROPIC_KEY = 'legacy-anthropic-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4b52e10a579d9776 Environment-variable access.
repo/packages/@n8n/instance-ai/src/utils/__tests__/eval-agents.test.ts:65
		process.env.ANTHROPIC_API_KEY = 'provider-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f47fdf9fbc14bb27 Environment-variable access.
repo/packages/@n8n/instance-ai/src/utils/__tests__/eval-agents.test.ts:73
		process.env.OPENAI_API_KEY = 'openai-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e8bedcb4f932b7af Environment-variable access.
repo/packages/@n8n/instance-ai/src/utils/agent-feature-enabled.ts:5
		(process.env.N8N_ENABLED_MODULES ?? '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0790a47471cf6e55 Environment-variable access.
repo/packages/@n8n/instance-ai/src/utils/eval-agents.ts:38
		process.env.N8N_INSTANCE_AI_EVAL_MODEL ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9f87d9492190bb54 Environment-variable access.
repo/packages/@n8n/instance-ai/src/utils/eval-agents.ts:39
		process.env.N8N_INSTANCE_AI_MODEL ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5429af68ba00889c Environment-variable access.
repo/packages/@n8n/instance-ai/src/utils/eval-agents.ts:47
	const providerKey = providerKeyEnv ? process.env[providerKeyEnv] : undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74ea3ba1775b5552 Environment-variable access.
repo/packages/@n8n/instance-ai/src/utils/eval-agents.ts:49
		process.env.N8N_INSTANCE_AI_MODEL_API_KEY ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ad12abe6270a47c5 Environment-variable access.
repo/packages/@n8n/instance-ai/src/utils/eval-agents.ts:50
		(provider === 'anthropic' ? process.env.N8N_AI_ANTHROPIC_KEY : undefined) ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #30fbda16ae2a8616 Environment-variable access.
repo/packages/@n8n/instance-ai/src/utils/eval-agents.ts:68
	const url = process.env.N8N_INSTANCE_AI_MODEL_URL?.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b0ec33edda39dd98 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:155
		const cachedArchive = await fsp.readFile(path.join(cacheDir, 'templates.tar.gz'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e36bb86bb9ec77fb Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:157
		const cachedEtag = await fsp.readFile(path.join(cacheDir, 'etag.txt'), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2dd881eea1fba220 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:159
		const cachedSha = await fsp.readFile(path.join(cacheDir, 'templates.tar.gz.sha256'), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #26d069cde44ac9d4 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:272
		await fsp.writeFile(path.join(cacheDir, 'templates.tar.gz'), archive);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #752c92c576d9ed70 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:273
		await fsp.writeFile(path.join(cacheDir, 'etag.txt'), '"pre-existing"');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #909ab83e20de4e2e Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:274
		await fsp.writeFile(path.join(cacheDir, 'channel.txt'), 'exact');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e7ea1cfe896f625b Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:316
		await fsp.writeFile(path.join(cacheDir, 'etag.txt'), '"orphan"');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ed2162ba8f54067d Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:332
		await fsp.writeFile(path.join(cacheDir, 'etag.txt'), '"stale"');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c3cf31e4d9d45a99 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:354
		await fsp.writeFile(path.join(blockedArchivePath, 'block'), '');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #696b2d684095e6ae Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:362
		const etagOnDisk = await fsp.readFile(path.join(cacheDir, 'etag.txt'), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #453e7a9a5a164d2d Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:442
		await fsp.writeFile(path.join(cacheDir, 'templates.tar.gz'), corruptArchive);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c5a9a4164551d543 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:443
		await fsp.writeFile(path.join(cacheDir, 'etag.txt'), '"stale"');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3533b284391d8776 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:444
		await fsp.writeFile(path.join(cacheDir, 'channel.txt'), 'exact');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #66302f6ef02003bf Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:446
		await fsp.writeFile(path.join(cacheDir, 'templates.tar.gz.sha256'), 'deadbeef'.repeat(8));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #127661c0d29f1e31 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:523
			await fsp.writeFile(path.join(cacheDir, 'templates.tar.gz'), legacyArchive);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1be07d450f3cd519 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:524
			await fsp.writeFile(path.join(cacheDir, 'etag.txt'), '"legacy-etag"');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ca50f47c2dc90e91 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:525
			await fsp.writeFile(path.join(cacheDir, 'templates.tar.gz.sha256'), sha256Hex(legacyArchive));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cf859d49823885f6 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:539
			const channelOnDisk = await fsp.readFile(path.join(cacheDir, 'channel.txt'), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1758eb31fa908960 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:547
			await fsp.writeFile(path.join(cacheDir, 'templates.tar.gz'), archive);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #82bb59086841ca6a Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:548
			await fsp.writeFile(path.join(cacheDir, 'etag.txt'), '"latest-etag"');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c78d37a226d33fc6 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:549
			await fsp.writeFile(path.join(cacheDir, 'templates.tar.gz.sha256'), sha256Hex(archive));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #00c4152a1145bab9 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:550
			await fsp.writeFile(path.join(cacheDir, 'channel.txt'), 'latest');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #00a3ee1d0ba04b2e Environment-variable access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:609
		delete process.env.N8N_INSTANCE_AI_TEMPLATES_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7cdd03f65df8b8b2 Environment-variable access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:610
		delete process.env.N8N_INSTANCE_AI_TEMPLATES_REFRESH_HOURS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #28dec9a6cbf13f55 Environment-variable access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:611
		delete process.env.N8N_INSTANCE_AI_TEMPLATES_DISABLED;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #365c065b2992d4d4 Environment-variable access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:616
		process.env.N8N_INSTANCE_AI_TEMPLATES_REFRESH_HOURS = '6';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6be99e67c4fe8447 Environment-variable access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:623
		process.env.N8N_INSTANCE_AI_TEMPLATES_REFRESH_HOURS = 'banana';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e0d469587bd8490f Environment-variable access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:635
		process.env.N8N_INSTANCE_AI_TEMPLATES_REFRESH_HOURS = '0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3b089902dd926f42 Environment-variable access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:638
		process.env.N8N_INSTANCE_AI_TEMPLATES_REFRESH_HOURS = '-4';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b11776d8b1ae1ec7 Environment-variable access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:644
		process.env.N8N_INSTANCE_AI_TEMPLATES_DISABLED = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9b57f51c5048aeaf Environment-variable access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:645
		process.env.N8N_INSTANCE_AI_TEMPLATES_URL = 'https://example.com/v2';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6be8fc327d16361f Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/lazy-runtime-workspace.test.ts:165
		await lazyWorkspace.filesystem?.readFile('/workspace/report.md');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c92f9df95e03d709 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/lazy-runtime-workspace.test.ts:188
		await lazyWorkspace.filesystem?.readFile('/workspace/report.md');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c834b1044f561732 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/lazy-runtime-workspace.test.ts:204
		await lazyWorkspace.filesystem?.readFile('/workspace/report.md');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e3add6311f7b8509 Environment-variable access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/sandbox-setup.test.ts:90
		delete process.env[LINK_WORKSPACE_SDK_ENV];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #07b86e5d2a55a7b0 Environment-variable access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/sandbox-setup.test.ts:92
		process.env[LINK_WORKSPACE_SDK_ENV] = value;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6858ce277dcc8c05 Environment-variable access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/sandbox-setup.test.ts:227
		process.env.N8N_INSTANCE_AI_SANDBOX_LINK_SDK = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d0a098cd4ad479b7 Environment-variable access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/sandbox-setup.test.ts:229
		delete process.env.N8N_INSTANCE_AI_SANDBOX_LINK_SDK;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #498214164db04772 Environment-variable access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/sandbox-setup.test.ts:242
	const originalLinkSdk = process.env.N8N_INSTANCE_AI_SANDBOX_LINK_SDK;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #66edbaf4a16aa452 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/scoped-workspace.test.ts:87
		await workspace.filesystem?.writeFile('src/workflow.ts', 'code', { recursive: true });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5f00eac4bec6f45d Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/scoped-workspace.test.ts:101
			workspace.filesystem?.readFile('/workspace/builders/agent-2/src/workflow.ts'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e9786a8ebb362588 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/snapshot-image-context.test.ts:33
		await expect(readFile(join(stagingDir, 'skills/demo/SKILL.md'), 'utf-8')).resolves.toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3cac5ce0c33e47b6 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/snapshot-image-context.test.ts:37
			readFile(join(stagingDir, 'knowledge-base/best-practices/scheduling.md'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #65865c1a138c2aee Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/snapshot-image-context.test.ts:52
		await expect(readFile(join(first.stagingDir, 'package.json'), 'utf-8')).resolves.toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #184b64a3615e1e86 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/snapshot-image-context.test.ts:78
			readFile(join(results[0].stagingDir, 'skills/post-build-flow/SKILL.md'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #12714d7847a1e67c Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/snapshot-image-context.test.ts:81
			readFile(join(results[0].stagingDir, 'knowledge-base/templates/example.ts'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #98a2707f35f7841d Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/snapshot-manager.test.ts:162
			readFile(join(stagingDir, 'skills/data-table-manager/SKILL.md'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1c9cceae3b640650 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/snapshot-manager.test.ts:165
			readFile(
				join(stagingDir, 'skills/data-table-manager/references/data-table-playbook.md'),
				'utf-8',
			),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #545afef9b6c93a8a Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/snapshot-manager.test.ts:171
			readFile(join(stagingDir, 'skills/registry.json'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #be8d4d644608a9f1 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/snapshot-manager.test.ts:174
			readFile(join(stagingDir, 'skills/.manifest.json'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1e44e03dcfe6a1a6 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/snapshot-manager.test.ts:177
			readFile(join(stagingDir, 'knowledge-base/best-practices/scheduling.md'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dde8af3ea5c681c9 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/snapshot-manager.test.ts:180
			readFile(join(stagingDir, 'knowledge-base/best-practices/index.json'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bae122658f29e063 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/snapshot-manager.test.ts:183
			readFile(join(stagingDir, 'knowledge-base/.manifest.json'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a5f3a4fbc498c0f5 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/builder-templates-service.ts:238
			const buffer = await fsp.readFile(archivePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd2c50dfda045af4 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/builder-templates-service.ts:281
			const raw = await fsp.readFile(path.join(this.cacheDir, ETAG_FILENAME), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d683681857edf8ee Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/builder-templates-service.ts:290
			const raw = await fsp.readFile(path.join(this.cacheDir, SHA256_FILENAME), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #54855b09d4ac9b5d Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/builder-templates-service.ts:299
			const raw = (await fsp.readFile(path.join(this.cacheDir, CHANNEL_FILENAME), 'utf-8')).trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fc0c6c631956d9f1 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/builder-templates-service.ts:552
		await fsp.writeFile(tmp, contents);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e5779c15cc23122f Environment-variable access.
repo/packages/@n8n/instance-ai/src/workspace/builder-templates-service.ts:592
	const url = process.env.N8N_INSTANCE_AI_TEMPLATES_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ad1e63976cfcc297 Environment-variable access.
repo/packages/@n8n/instance-ai/src/workspace/builder-templates-service.ts:593
	const hoursRaw = process.env.N8N_INSTANCE_AI_TEMPLATES_REFRESH_HOURS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7364dfcc0aa832be Environment-variable access.
repo/packages/@n8n/instance-ai/src/workspace/builder-templates-service.ts:594
	const disabled = process.env.N8N_INSTANCE_AI_TEMPLATES_DISABLED;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fbc680188a1069f3 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/lazy-runtime-workspace.ts:210
		return await (await this.getFilesystem()).readFile(path, options);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #36bc62290c076cb0 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/lazy-runtime-workspace.ts:214
		await (await this.getFilesystem()).writeFile(path, content, options);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #85bfb8d2474c5072 Environment-variable access.
repo/packages/@n8n/instance-ai/src/workspace/pack-workspace-sdk.ts:45
	const v = process.env[ENV_FLAG];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #be73c9dc9141fa0b Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/pack-workspace-sdk.ts:94
		const tarball = await readFile(tarballPath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8e10036c06d23500 Environment-variable access.
repo/packages/@n8n/instance-ai/src/workspace/sandbox-setup.ts:125
	const linkFlag = process.env.N8N_INSTANCE_AI_SANDBOX_LINK_SDK;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #964c38c650f85327 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/sandbox-setup.ts:361
		await filesystem.writeFile(path, content, { recursive: true });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f50ca6e6d00f9550 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/sandbox-setup.ts:380
			const content = await filesystem.readFile(path, { encoding: 'utf-8' });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0be529d84b10b4d1 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/scoped-workspace.ts:75
		return await this.filesystem.readFile(resolvePath(this.root, path), options);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6401e22bf0b31494 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/scoped-workspace.ts:79
		await this.filesystem.writeFile(resolvePath(this.root, path), content, options);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d6d1d205f3dfef29 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/snapshot-image-context.ts:39
		await writeFile(targetPath, content, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #263dac3dbc1b5945 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/workspace-files.ts:43
			return decodeWorkspaceFileContent(await filesystem.readFile(filePath, { encoding: 'utf-8' }));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #636e269249d89ec1 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/workspace-files.ts:80
			await workspace.filesystem.writeFile(filePath, content, { recursive: true });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1ecc82d4bd87c418 Filesystem access.
repo/packages/@n8n/json-schema-to-zod/postcjs.cjs:1
require('fs').writeFileSync('./dist/cjs/package.json', '{"type":"commonjs"}', 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #25ac9a95aefb1d8f Filesystem access.
repo/packages/@n8n/json-schema-to-zod/postesm.cjs:1
require('fs').writeFileSync('./dist/esm/package.json', '{"type":"module"}', 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a94d25dd61972db0 Filesystem access.
repo/packages/@n8n/local-gateway/scripts/copy-assets.js:1
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aef7392db858b1db Filesystem access.
repo/packages/@n8n/local-gateway/scripts/copy-renderer.js:1
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fe02c44786cc2d25 Filesystem access.
repo/packages/@n8n/local-gateway/src/main/tray.ts:33
	img.addRepresentation({ scaleFactor: 1.0, buffer: fs.readFileSync(path1x) });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7603980c8b8d46f5 Filesystem access.
repo/packages/@n8n/local-gateway/src/main/tray.ts:35
		img.addRepresentation({ scaleFactor: 2.0, buffer: fs.readFileSync(path2x) });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #872fad9b30a2b1a8 Filesystem access.
repo/packages/@n8n/mcp-apps/src/server/resource-loader.ts:35
	const html = await readFile(join(getPackageRoot(), 'dist', 'apps', fileName), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #357d3d5705159972 Filesystem access.
repo/packages/@n8n/mcp-apps/src/server/sdk-version.test.ts:31
			const pkg = JSON.parse(readFileSync(pkgJsonPath, 'utf8')) as PackageJson;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #699865a78aa2fc5d Environment-variable access.
repo/packages/@n8n/mcp-browser/src/__tests__/server-config.test.ts:9
				delete process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7856cad1f5b8e61c Environment-variable access.
repo/packages/@n8n/mcp-browser/src/__tests__/server-config.test.ts:81
			process.env.N8N_MCP_BROWSER_DEFAULT_BROWSER = 'edge';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #23fd691a6482e4de Environment-variable access.
repo/packages/@n8n/mcp-browser/src/__tests__/server-config.test.ts:89
			process.env.N8N_MCP_BROWSER_TRANSPORT = 'stdio';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #eb3029045de35151 Environment-variable access.
repo/packages/@n8n/mcp-browser/src/__tests__/server-config.test.ts:90
			process.env.N8N_MCP_BROWSER_PORT = '4000';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cd7dae861a8f4fdc Environment-variable access.
repo/packages/@n8n/mcp-browser/src/__tests__/server-config.test.ts:99
			process.env.N8N_MCP_BROWSER_HOST = '0.0.0.0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #10d276ecdfde488c Environment-variable access.
repo/packages/@n8n/mcp-browser/src/__tests__/server-config.test.ts:100
			process.env.N8N_MCP_BROWSER_AUTH_TOKEN = 'env-token';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f75e58e70d4fae28 Environment-variable access.
repo/packages/@n8n/mcp-browser/src/__tests__/server-config.test.ts:112
			process.env.N8N_MCP_BROWSER_DEFAULT_BROWSER = 'firefox';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #48e9beeac45a20fc Environment-variable access.
repo/packages/@n8n/mcp-browser/src/__tests__/server-config.test.ts:113
			process.env.N8N_MCP_BROWSER_PORT = '5000';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a7418951fea36def Environment-variable access.
repo/packages/@n8n/mcp-browser/src/__tests__/server-config.test.ts:114
			process.env.N8N_MCP_BROWSER_HOST = '0.0.0.0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #deb892886067424a Environment-variable access.
repo/packages/@n8n/mcp-browser/src/__tests__/server-config.test.ts:115
			process.env.N8N_MCP_BROWSER_AUTH_TOKEN = 'env-token';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #324496c5c79d83e1 Environment-variable access.
repo/packages/@n8n/mcp-browser/src/adapters/agent-browser.ts:200
			const autoConnect = process.env.N8N_EVAL_AUTO_BROWSER_CONNECT === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7c54ef513dc594eb Filesystem access.
repo/packages/@n8n/mcp-browser/src/adapters/agent-browser.ts:471
			return readFileSync(path).toString('base64');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6a692f84cfaeb85f Environment-variable access.
repo/packages/@n8n/mcp-browser/src/adapters/playwright.ts:135
		const autoConnect = process.env.N8N_EVAL_AUTO_BROWSER_CONNECT === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c2bc35a6d2cb012c Environment-variable access.
repo/packages/@n8n/mcp-browser/src/browser-discovery.ts:160
		const programFiles = process.env.ProgramFiles ?? 'C:\\Program Files';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b2132d547d41b85d Environment-variable access.
repo/packages/@n8n/mcp-browser/src/browser-discovery.ts:161
		const programFilesX86 = process.env['ProgramFiles(x86)'] ?? 'C:\\Program Files (x86)';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #127f2ea5e5d77e72 Environment-variable access.
repo/packages/@n8n/mcp-browser/src/browser-discovery.ts:162
		const localAppData = process.env.LOCALAPPDATA ?? path.join(os.homedir(), 'AppData\\Local');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b5b4c6a7778be8aa Environment-variable access.
repo/packages/@n8n/mcp-browser/src/server-config.ts:20
	return process.env[`${ENV_PREFIX}${envKey}`];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7c45f9d5bcdc28f9 Filesystem access.
repo/packages/@n8n/node-cli/src/commands/build.test.ts:21
			await fs.writeFile(`${tmpdir}/src/icons/icon.png`, 'fake-png-content');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #715f7820ba609d66 Filesystem access.
repo/packages/@n8n/node-cli/src/commands/build.test.ts:22
			await fs.writeFile(`${tmpdir}/src/assets/logo.svg`, '<svg>fake-svg</svg>');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #99d7e8e545fdbdb7 Filesystem access.
repo/packages/@n8n/node-cli/src/commands/build.test.ts:23
			await fs.writeFile(`${tmpdir}/src/__schema__/node.json`, '{"fake": "schema"}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e6f277f578cbe4c4 Filesystem access.
repo/packages/@n8n/node-cli/src/commands/build.test.ts:66
		await fs.writeFile(
			`${tmpdir}/package.json`,
			JSON.stringify({
				name: 'regular-package',
				version: '1.0.0',
				// No n8n field - this makes it an invalid n8n package
			}),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f6daf83a3f3788a9 Filesystem access.
repo/packages/@n8n/node-cli/src/commands/build.test.ts:95
		await fs.writeFile(`${tmpdir}/src/nodes/icons/node1.png`, 'fake-node1-png');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cde4e52e047a217b Filesystem access.
repo/packages/@n8n/node-cli/src/commands/build.test.ts:96
		await fs.writeFile(`${tmpdir}/src/nodes/subdir/__schema__/schema.json`, '{"node": "schema"}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e17092ccae0c7240 Filesystem access.
repo/packages/@n8n/node-cli/src/commands/build.test.ts:97
		await fs.writeFile(`${tmpdir}/src/assets/images/logo.svg`, '<svg>logo</svg>');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6ed8ebd13a3df1b0 Filesystem access.
repo/packages/@n8n/node-cli/src/commands/build.test.ts:120
		await fs.writeFile(`${tmpdir}/dist/old-file.js`, 'old content');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c9e2750199a5f32b Filesystem access.
repo/packages/@n8n/node-cli/src/commands/cloud-support.ts:106
		await fs.writeFile(eslintConfigPath, newConfig, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #372fbd15916edec9 Filesystem access.
repo/packages/@n8n/node-cli/src/commands/cloud-support.ts:130
				const eslintConfig = await fs.readFile(eslintConfigPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ea12e7d5cee9c749 Filesystem access.
repo/packages/@n8n/node-cli/src/commands/dev/utils.ts:568
	return await fs
		.readFile('package.json', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #39f86fa9177b2e5b Filesystem access.
repo/packages/@n8n/node-cli/src/commands/lint.test.ts:98
		await fs.writeFile(
			`${tmpdir}/package.json`,
			JSON.stringify({
				name: 'regular-package',
				version: '1.0.0',
				// No n8n field - this makes it an invalid n8n package
			}),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4900efde84546c8f Filesystem access.
repo/packages/@n8n/node-cli/src/commands/lint.test.ts:171
		await fs.writeFile(`${tmpdir}/pnpm-lock.yaml`, 'lockfileVersion: 5.4\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b2cd971616dda590 Filesystem access.
repo/packages/@n8n/node-cli/src/commands/lint.test.ts:187
		await fs.writeFile(`${tmpdir}/pnpm-lock.yaml`, 'lockfileVersion: 5.4\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d93aa288de74407a Filesystem access.
repo/packages/@n8n/node-cli/src/commands/lint.ts:85
		const expectedConfig = await fs.readFile(templatePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #de23acfa80b7717a Filesystem access.
repo/packages/@n8n/node-cli/src/commands/lint.ts:88
			const currentConfig = await fs.readFile(eslintConfigPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #65f8972599332bdb Environment-variable access.
repo/packages/@n8n/node-cli/src/commands/prerelease.test.ts:10
		delete process.env.RELEASE_MODE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #53467bcae67df583 Environment-variable access.
repo/packages/@n8n/node-cli/src/commands/prerelease.test.ts:28
		process.env.RELEASE_MODE = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #669e691c3585f342 Environment-variable access.
repo/packages/@n8n/node-cli/src/commands/prerelease.ts:17
		if (!process.env.RELEASE_MODE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8a4b771ede9da5e4 Environment-variable access.
repo/packages/@n8n/node-cli/src/commands/release.test.ts:31
		delete process.env.npm_config_user_agent;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #004bb7c487a812f6 Environment-variable access.
repo/packages/@n8n/node-cli/src/commands/release.test.ts:32
		delete process.env.GITHUB_ACTIONS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #76528e80b763edb0 Filesystem access.
repo/packages/@n8n/node-cli/src/commands/release.test.ts:40
		await fs.writeFile(
			`${tmpdir}/package.json`,
			JSON.stringify({
				name: 'test-node',
				version: '1.0.0',
				n8n: {
					nodes: ['dist/nodes/TestNode.node.js'],
				},
			}),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #13dff1d9d689a301 Filesystem access.
repo/packages/@n8n/node-cli/src/commands/release.test.ts:50
		await fs.writeFile(`${tmpdir}/pnpm-lock.yaml`, '# pnpm lock file');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f27a95e15eaf2e36 Filesystem access.
repo/packages/@n8n/node-cli/src/commands/release.test.ts:60
		await fs.writeFile(
			`${tmpdir}/package.json`,
			JSON.stringify({
				name: 'test-node',
				version: '1.0.0',
				n8n: {
					nodes: ['dist/nodes/TestNode.node.js'],
				},
			}),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7da56159ee563e80 Filesystem access.
repo/packages/@n8n/node-cli/src/commands/release.test.ts:70
		await fs.writeFile(`${tmpdir}/pnpm-lock.yaml`, '# pnpm lock file');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b19f94e360e8f72a Filesystem access.
repo/packages/@n8n/node-cli/src/commands/release.test.ts:80
		await fs.writeFile(
			`${tmpdir}/package.json`,
			JSON.stringify({
				name: 'test-node',
				version: '1.0.0',
				n8n: {
					nodes: ['dist/nodes/TestNode.node.js'],
				},
			}),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f383c2cf771d0213 Environment-variable access.
repo/packages/@n8n/node-cli/src/commands/release.test.ts:100
		process.env.GITHUB_ACTIONS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a965e48be0e21f6 Filesystem access.
repo/packages/@n8n/node-cli/src/commands/release.test.ts:102
		await fs.writeFile(
			`${tmpdir}/package.json`,
			JSON.stringify({
				name: 'test-node',
				version: '1.0.0',
				n8n: {
					nodes: ['dist/nodes/TestNode.node.js'],
				},
			}),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4aa97db28728fc31 Filesystem access.
repo/packages/@n8n/node-cli/src/commands/release.test.ts:112
		await fs.writeFile(`${tmpdir}/pnpm-lock.yaml`, '# pnpm lock file');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e5f58f73b9a5fce6 Filesystem access.
repo/packages/@n8n/node-cli/src/commands/release.test.ts:126
		await fs.writeFile(`${tmpdir}/pnpm-lock.yaml`, '# pnpm lock file');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd4aaaabd39843c6 Filesystem access.
repo/packages/@n8n/node-cli/src/commands/release.test.ts:140
			await fs.writeFile(`${tmpdir}/pnpm-lock.yaml`, '# pnpm lock file');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #248d0aca2ca57273 Filesystem access.
repo/packages/@n8n/node-cli/src/commands/release.test.ts:145
			const content = await fs.readFile(workflowPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #90367f1fb83012a8 Filesystem access.
repo/packages/@n8n/node-cli/src/commands/release.test.ts:160
		await fs.writeFile(workflowPath, originalContent);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5c04a9ded4255c42 Filesystem access.
repo/packages/@n8n/node-cli/src/commands/release.test.ts:164
		const content = await fs.readFile(workflowPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a1205b6f8e0f385c Environment-variable access.
repo/packages/@n8n/node-cli/src/commands/release.test.ts:172
		process.env.GITHUB_ACTIONS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6b90749e1076cf98 Filesystem access.
repo/packages/@n8n/node-cli/src/commands/release.test.ts:174
		await fs.writeFile(
			`${tmpdir}/package.json`,
			JSON.stringify({
				name: 'test-node',
				version: '1.0.0',
				n8n: {
					nodes: ['dist/nodes/TestNode.node.js'],
				},
			}),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e554ebcf140581ad Filesystem access.
repo/packages/@n8n/node-cli/src/commands/release.test.ts:184
		await fs.writeFile(`${tmpdir}/pnpm-lock.yaml`, '# pnpm lock file');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c92dc1b38ac3f8db Environment-variable access.
repo/packages/@n8n/node-cli/src/commands/release.ts:56
		const isCI = Boolean(process.env.GITHUB_ACTIONS);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5d526a959391a063 Filesystem access.
repo/packages/@n8n/node-cli/src/commands/release.ts:156
		const templateContent = await fs.readFile(templatePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e68ef0c81255b1c8 Filesystem access.
repo/packages/@n8n/node-cli/src/commands/release.ts:163
		await fs.writeFile(dest, rendered);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e9ec9d5116c33df Filesystem access.
repo/packages/@n8n/node-cli/src/configs/eslint.test.ts:50
			await fs.writeFile(pkgPath, packageJsonWithOverrides);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #07116761c5d00013 Filesystem access.
repo/packages/@n8n/node-cli/src/configs/eslint.test.ts:61
		await fs.writeFile(pkgPath, packageJsonWithLifecycleScript);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a4c0d3e466fdc68f Filesystem access.
repo/packages/@n8n/node-cli/src/configs/eslint.test.ts:71
		await fs.writeFile(pkgPath, packageJsonWithOverrides);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2c254f62311328df Filesystem access.
repo/packages/@n8n/node-cli/src/template/core.ts:75
			const content = await fs.readFile(file, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #004869bba7a3cce1 Filesystem access.
repo/packages/@n8n/node-cli/src/template/core.ts:79
				await fs.writeFile(file, newContent);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0f364d8bea946bd Filesystem access.
repo/packages/@n8n/node-cli/src/test-utils/matchers.ts:53
			content = await fs.readFile(fullPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0a75e8b18dfdfe53 Filesystem access.
repo/packages/@n8n/node-cli/src/test-utils/matchers.ts:90
			content = await fs.readFile(fullPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #477b6b9bfdc2daea Filesystem access.
repo/packages/@n8n/node-cli/src/test-utils/matchers.ts:114
			content = await fs.readFile(fullPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #75234b1b14d82fe4 Filesystem access.
repo/packages/@n8n/node-cli/src/test-utils/package-setup.ts:34
	await fs.writeFile(`${tmpdir}/package.json`, JSON.stringify(packageConfig, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52407b225ae19847 Filesystem access.
repo/packages/@n8n/node-cli/src/test-utils/package-setup.ts:37
		await fs.writeFile(`${tmpdir}/eslint.config.mjs`, DEFAULT_ESLINT_CONFIG);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #85050d526c279fad Filesystem access.
repo/packages/@n8n/node-cli/src/test-utils/package-setup.ts:39
		await fs.writeFile(`${tmpdir}/eslint.config.mjs`, options.eslintConfig);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #83feb9303f430d9f Filesystem access.
repo/packages/@n8n/node-cli/src/utils/filesystem.ts:58
	await fs.writeFile(filePath, contents);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0a7fb879c9c7659c Environment-variable access.
repo/packages/@n8n/node-cli/src/utils/package-manager.test.ts:20
			process.env.npm_config_user_agent = 'pnpm/8.6.0 npm/? node/v18.16.0 darwin x64';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d95577157be32dc5 Environment-variable access.
repo/packages/@n8n/node-cli/src/utils/package-manager.test.ts:28
			process.env.npm_config_user_agent = 'yarn/1.22.19 npm/? node/v18.16.0 darwin x64';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bbe20dbce35949e0 Environment-variable access.
repo/packages/@n8n/node-cli/src/utils/package-manager.test.ts:36
			process.env.npm_config_user_agent = 'npm/9.5.1 node/v18.16.0 darwin x64 workspaces/false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9697646814a15d3a Environment-variable access.
repo/packages/@n8n/node-cli/src/utils/package-manager.test.ts:44
			process.env.npm_config_user_agent = 'pnpm/8.6.0 yarn/1.22.19 npm/9.5.1 node/v18.16.0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cba99de606c3fef4 Environment-variable access.
repo/packages/@n8n/node-cli/src/utils/package-manager.test.ts:52
			process.env.npm_config_user_agent = 'yarn/1.22.19 npm/9.5.1 node/v18.16.0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #66e86a20bc934a7d Environment-variable access.
repo/packages/@n8n/node-cli/src/utils/package-manager.test.ts:60
			delete process.env.npm_config_user_agent;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #49fb94433c0d41cd Environment-variable access.
repo/packages/@n8n/node-cli/src/utils/package-manager.test.ts:68
			process.env.npm_config_user_agent = 'node/v18.16.0 darwin x64';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f62dc68cba55bdeb Environment-variable access.
repo/packages/@n8n/node-cli/src/utils/package-manager.test.ts:76
			process.env.npm_config_user_agent = '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5dbde1349c3b475b Environment-variable access.
repo/packages/@n8n/node-cli/src/utils/package-manager.test.ts:86
			process.env.npm_config_user_agent = 'pnpm/8.6.0 npm/? node/v18.16.0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bc8cbf505110830a Environment-variable access.
repo/packages/@n8n/node-cli/src/utils/package-manager.test.ts:96
				delete process.env.npm_config_user_agent;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e6e22ec85a35f706 Filesystem access.
repo/packages/@n8n/node-cli/src/utils/package-manager.test.ts:98
				await fs.writeFile(`${tmpdir}/package-lock.json`, '{}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4ac69deb48ecfdb1 Environment-variable access.
repo/packages/@n8n/node-cli/src/utils/package-manager.test.ts:109
				delete process.env.npm_config_user_agent;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b1a515e8a5951fd6 Filesystem access.
repo/packages/@n8n/node-cli/src/utils/package-manager.test.ts:111
				await fs.writeFile(`${tmpdir}/yarn.lock`, '');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #86e677cfac7c63ed Environment-variable access.
repo/packages/@n8n/node-cli/src/utils/package-manager.test.ts:122
				delete process.env.npm_config_user_agent;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1d31fce97a8b11c3 Filesystem access.
repo/packages/@n8n/node-cli/src/utils/package-manager.test.ts:124
				await fs.writeFile(`${tmpdir}/pnpm-lock.yaml`, '');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #182f0317146f9574 Environment-variable access.
repo/packages/@n8n/node-cli/src/utils/package-manager.test.ts:133
			delete process.env.npm_config_user_agent;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d82179ad051d3bcb Filesystem access.
repo/packages/@n8n/node-cli/src/utils/package-manager.test.ts:135
			await fs.writeFile(`${tmpdir}/package-lock.json`, '{}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #24a0fa859cbdc676 Filesystem access.
repo/packages/@n8n/node-cli/src/utils/package-manager.test.ts:136
			await fs.writeFile(`${tmpdir}/yarn.lock`, '');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #20725c7e35fcd4f2 Filesystem access.
repo/packages/@n8n/node-cli/src/utils/package-manager.test.ts:137
			await fs.writeFile(`${tmpdir}/pnpm-lock.yaml`, '');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e754b96ffe7e36e8 Environment-variable access.
repo/packages/@n8n/node-cli/src/utils/package-manager.test.ts:145
			delete process.env.npm_config_user_agent;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6203345d758beab0 Environment-variable access.
repo/packages/@n8n/node-cli/src/utils/package-manager.test.ts:153
			delete process.env.npm_config_user_agent;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f9cbac3328a11d13 Environment-variable access.
repo/packages/@n8n/node-cli/src/utils/package-manager.ts:7
		const ua = process.env['npm_config_user_agent'] ?? '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #96ccc0c1ff8afac8 Filesystem access.
repo/packages/@n8n/node-cli/src/utils/package.ts:23
	const packageJson = jsonParse<N8nPackageJson>(await fs.readFile(packageJsonPath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c8363b6f4e98251d Filesystem access.
repo/packages/@n8n/node-cli/src/utils/package.ts:37
	const packageJson = jsonParse<N8nPackageJson>(await fs.readFile(packageJsonPath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fe391aad3336f6af Filesystem access.
repo/packages/@n8n/node-cli/src/utils/prompts.ts:42
		const content = await fs.readFile(packageJsonPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e4cefa172a28572 Environment-variable access.
repo/packages/@n8n/node-cli/vite.config.ts:8
		reporters: process.env.CI === 'true' ? ['default', 'junit'] : ['default'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f458cc3b7a1f05ee Environment-variable access.
repo/packages/@n8n/node-cli/vite.config.ts:10
		...(process.env.COVERAGE_ENABLED === 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #91eb42c5440cc243 Environment-variable access.
repo/packages/@n8n/node-cli/vite.config.ts:15
						reporter: process.env.CI === 'true' ? ['cobertura'] : ['text-summary'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3f532f5a3f4770cb Filesystem access.
repo/packages/@n8n/nodes-langchain/nodes/agents/Agent/agents/SqlAgent/other/handlers/sqlite.ts:2
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #be8326dc1496d476 Filesystem access.
repo/packages/@n8n/nodes-langchain/nodes/agents/Agent/agents/SqlAgent/other/handlers/sqlite.ts:35
	fs.writeFileSync(tempDbPath, bufferString);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #c20648bda9582b46 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/@n8n/nodes-langchain/nodes/mcp/McpClientTool/__test__/McpClientTool.node.test.ts:304
			const url = new URL('https://my-mcp-endpoint.ai/sse');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #11859096d84699e7 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/@n8n/nodes-langchain/nodes/mcp/McpClientTool/__test__/McpClientTool.node.test.ts:356
			const url = new URL('https://my-mcp-endpoint.ai/sse');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #c30c5ad822b42116 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/@n8n/nodes-langchain/nodes/mcp/McpClientTool/__test__/McpClientTool.node.test.ts:2036
			await expect(customFetch!(new URL('https://allowed.example/sse'), {} as any)).rejects.toThrow(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only #1f35ef25ce8a63fc Environment-variable access.
repo/packages/@n8n/nodes-langchain/nodes/vendors/Microsoft/__tests__/microsoft-utils.test.ts:558
			process.env.ENABLE_OBSERVABILITY = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6a6865f17073d2c0 Environment-variable access.
repo/packages/@n8n/nodes-langchain/nodes/vendors/Microsoft/__tests__/microsoft-utils.test.ts:559
			process.env.ENABLE_A365_OBSERVABILITY_EXPORTER = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f2fcd915448ab940 Environment-variable access.
repo/packages/@n8n/nodes-langchain/nodes/vendors/Microsoft/microsoft-utils.ts:137
		process.env.ENABLE_OBSERVABILITY === 'true' &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee0ec06c8fdc2789 Environment-variable access.
repo/packages/@n8n/nodes-langchain/nodes/vendors/Microsoft/microsoft-utils.ts:138
		process.env.ENABLE_A365_OBSERVABILITY_EXPORTER === 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a53da5074ae37ef4 Filesystem access.
repo/packages/@n8n/scan-community-package/scanner/scanner.mjs:3
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5dca120f00451719 Filesystem access.
repo/packages/@n8n/scan-community-package/scanner/scanner.test.mjs:1
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cb89f7efbca9d3a2 Filesystem access.
repo/packages/@n8n/scan-community-package/scanner/scanner.test.mjs:18
		fs.writeFileSync(
			fullPath,
			typeof contents === 'string' ? contents : JSON.stringify(contents, null, 2),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a27a10e811d2bc0c Environment-variable access.
repo/packages/@n8n/task-runner/src/js-task-runner/__tests__/js-task-runner.test.ts:508
				process.env.N8N_RUNNERS_TASK_BROKER_URI = 'http://127.0.0.1:5679';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2020fa5b9682b224 Filesystem access.
repo/packages/@n8n/task-runner/src/js-task-runner/__tests__/js-task-runner.test.ts:1098
		const packageJson = JSON.parse(fs.readFileSync('package.json', 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6be61d264c61dc9d Filesystem access.
repo/packages/@n8n/task-runner/src/js-task-runner/__tests__/require-resolver-global-modules.test.ts:39
		fs.writeFileSync(
			scriptPath,
			`const Module = require("module");
if (process.env.NODE_PATH) { Module._initPaths(); }
try {
  require("${packageName}");
  console.log(JSON.stringify({ success: true }));
} catch (e) {
  console.log(JSON.stringify({ success: false, error: e.message }));
}`,
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9bd5dd5730ebc3c6 Filesystem access.
repo/packages/@n8n/task-runner/src/js-task-runner/__tests__/require-resolver-global-modules.test.ts:51
		fs.writeFileSync(
			scriptNoInitPath,
			`process.env.NODE_PATH = "${nodeModulesPath}";
try {
  require("${packageName}");
  console.log(JSON.stringify({ success: true }));
} catch (e) {
  console.log(JSON.stringify({ success: false, error: e.message }));
}`,
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5a0015ad64b228c6 Environment-variable access.
repo/packages/@n8n/task-runner/src/js-task-runner/js-task-runner.ts:193
		if (process.env.NODE_ENV !== 'test') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a9024ee2d115ba18 Environment-variable access.
repo/packages/@n8n/task-runner/src/start.ts:14
if (process.env.NODE_PATH) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f3873cfd684e2405 Environment-variable access.
repo/packages/@n8n/typeorm/src/driver/postgres/PostgresDriver.ts:320
			process.env.PGTZ = 'UTC';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4d27317883b407ff Filesystem access.
repo/packages/@n8n/typeorm/src/platform/PlatformTools.ts:2
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a667d755d172f2fe Filesystem access.
repo/packages/@n8n/typeorm/src/platform/PlatformTools.ts:6
export { ReadStream } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fe4778c403f9d5a6 Filesystem access.
repo/packages/@n8n/typeorm/src/platform/PlatformTools.ts:43
		return fs.readFileSync(filename);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #21db4f88115f3e2f Filesystem access.
repo/packages/@n8n/typeorm/src/platform/PlatformTools.ts:52
			fs.writeFile(path, data, (err) => {
				if (err) fail(err);
				ok();
			});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bc978de4e2bd79ce Environment-variable access.
repo/packages/@n8n/typeorm/src/platform/PlatformTools.ts:72
		return process.env[name];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #27a5a02e39b14ddb Filesystem access.
repo/packages/@n8n/typeorm/src/util/ImportUtils.ts:1
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #84d10d5cf3e61114 Filesystem access.
repo/packages/@n8n/typeorm/src/util/ImportUtils.ts:57
						fs.readFile(potentialPackageJson, 'utf8', (err, data) => {
							if (err != null) accept(null);
							else {
								try {
									accept(JSON.parse(data));
								} catch (err) {
									accept(null);
								}
							}
						});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2aa01f6194e2683b Environment-variable access.
repo/packages/@n8n/vitest-config/frontend.ts:29
			reporters: process.env.CI === 'true' ? ['default', 'junit'] : ['default'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #af38c16347e7d412 Environment-variable access.
repo/packages/@n8n/vitest-config/frontend.ts:47
	if (process.env.COVERAGE_ENABLED === 'true' && vitestConfig.test?.coverage) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b5f51d27cd71c803 Environment-variable access.
repo/packages/@n8n/vitest-config/frontend.ts:50
		if (process.env.CI === 'true' && coverage.provider === 'v8') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c4b8046de8d0f899 Environment-variable access.
repo/packages/@n8n/vitest-config/node.ts:44
	if (process.env.CI !== 'true') return {};

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #92206ba54ee717ff Environment-variable access.
repo/packages/@n8n/vitest-config/node.ts:61
	reporters: process.env.CI === 'true' ? ['default', 'junit'] : ['default'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0df496929f53f66f Environment-variable access.
repo/packages/@n8n/vitest-config/node.ts:63
	...(process.env.COVERAGE_ENABLED === 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #748775fa03bc0632 Environment-variable access.
repo/packages/@n8n/vitest-config/node.ts:68
					reporter: process.env.CI === 'true' ? 'lcov' : 'text-summary',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0325d7f6a47c9f8 Filesystem access.
repo/packages/@n8n/workflow-sdk/scripts/create-workflows-zip.ts:11
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee0cd73abc8b770b Filesystem access.
repo/packages/@n8n/workflow-sdk/scripts/extract-workflows.ts:12
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #edc6798eca457851 Filesystem access.
repo/packages/@n8n/workflow-sdk/scripts/extract-workflows.ts:46
		fs.writeFileSync(outputPath, entry.getData());

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #560f66e725d32d05 Filesystem access.
repo/packages/@n8n/workflow-sdk/scripts/fetch-test-workflows.ts:18
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6ca1e0d379e0d3d5 Filesystem access.
repo/packages/@n8n/workflow-sdk/scripts/fetch-test-workflows.ts:87
		const manifest = JSON.parse(fs.readFileSync(manifestPath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #81738269ef92762e Filesystem access.
repo/packages/@n8n/workflow-sdk/scripts/fetch-test-workflows.ts:146
			fs.writeFileSync(outputPath, JSON.stringify(workflow, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f14b72e3bcf32567 Filesystem access.
repo/packages/@n8n/workflow-sdk/scripts/fetch-test-workflows.ts:162
		const manifest = JSON.parse(fs.readFileSync(manifestPath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #af560665fb3d4e10 Filesystem access.
repo/packages/@n8n/workflow-sdk/scripts/fetch-test-workflows.ts:179
	fs.writeFileSync(manifestPath, JSON.stringify(manifest, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9eeca22bd6033d1d Filesystem access.
repo/packages/@n8n/workflow-sdk/src/__tests__/fixtures-zip.ts:9
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e4da22c50f8ba8c1 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/__tests__/fixtures-zip.ts:48
	const manifest = JSON.parse(fs.readFileSync(MANIFEST_PATH, 'utf-8')) as Manifest;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d9b9ec8910041cce Filesystem access.
repo/packages/@n8n/workflow-sdk/src/__tests__/fixtures-zip.ts:105
	const manifest = JSON.parse(fs.readFileSync(MANIFEST_PATH, 'utf-8')) as Manifest;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #373ee4dc0959622c Filesystem access.
repo/packages/@n8n/workflow-sdk/src/cli/code-to-json.ts:1
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e5896609419ab010 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/cli/code-to-json.ts:26
		code = fs.readFileSync(filePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d040c3ed1285a04a Filesystem access.
repo/packages/@n8n/workflow-sdk/src/cli/code-to-json.ts:60
	fs.writeFileSync(outputPath, JSON.stringify(json, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7345558fcc1ae83d Filesystem access.
repo/packages/@n8n/workflow-sdk/src/cli/json-to-code.ts:1
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a3a90019ec1c2379 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/cli/json-to-code.ts:27
		const content = fs.readFileSync(filePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #509f902df910d5bc Filesystem access.
repo/packages/@n8n/workflow-sdk/src/cli/json-to-code.ts:75
	fs.writeFileSync(outputPath, code);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #24ac6e175de2cf3e Filesystem access.
repo/packages/@n8n/workflow-sdk/src/codegen/code-generator.test.ts:1
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e13f03d63a2817a5 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/codegen/code-generator.test.ts:2064
				const json = JSON.parse(fs.readFileSync(jsonPath, 'utf8')) as WorkflowJSON;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cb7ce1e4f48d6447 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/codegen/codegen-roundtrip.test.ts:1
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6465e5ed8c4bfec5 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/codegen/codegen-roundtrip.test.ts:51
	const manifest = JSON.parse(fs.readFileSync(manifestPath, 'utf-8')) as {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #158984d155a4d9f4 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/codegen/codegen-roundtrip.test.ts:71
			const json = JSON.parse(fs.readFileSync(filePath, 'utf-8')) as WorkflowJSON;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7c4edc7d5deffa82 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/generate-types/generate-node-defs-cli.test.ts:7
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a06ba88dab570ad4 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/generate-types/generate-node-defs-cli.test.ts:34
	await fs.promises.writeFile(nodesJsonPath, JSON.stringify(nodes));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8a19ffb2ba3520ce Filesystem access.
repo/packages/@n8n/workflow-sdk/src/generate-types/generate-node-defs-cli.test.ts:129
			const hashBefore = await fs.promises.readFile(path.join(outputDir, '.nodes-hash'), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fa2c3b41ee1f9906 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/generate-types/generate-node-defs-cli.test.ts:137
			await fs.promises.writeFile(nodesJsonPath, JSON.stringify([modifiedNode]));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #63ce89664d8818e2 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/generate-types/generate-node-defs-cli.test.ts:141
			const hashAfter = await fs.promises.readFile(path.join(outputDir, '.nodes-hash'), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #af9dc6f0639f6ff6 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/generate-types/generate-node-defs-cli.test.ts:218
				const tsContent = await fs.promises.readFile(path.join(nodeDir, 'v1.ts'), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7e43ced9fcd5168b Filesystem access.
repo/packages/@n8n/workflow-sdk/src/generate-types/generate-node-defs-cli.ts:17
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #14b5415d0fea8250 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/generate-types/generate-node-defs-cli.ts:47
		const pkg = JSON.parse(fs.readFileSync(sdkPackageJsonPath, 'utf-8')) as { version: string };

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b2d7af7c81fb3acd Filesystem access.
repo/packages/@n8n/workflow-sdk/src/generate-types/generate-node-defs-cli.ts:68
	const content = await fs.promises.readFile(nodesJsonPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3ef5544b9311b159 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/generate-types/generate-node-defs-cli.ts:76
		const existingHash = await fs.promises.readFile(hashFilePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4971efa2ffc0d39a Filesystem access.
repo/packages/@n8n/workflow-sdk/src/generate-types/generate-node-defs-cli.ts:99
	await fs.promises.writeFile(hashFilePath, inputHash);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b61ef43e7d093666 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/generate-types/generate-node-defs-cli.ts:111
	const packageJson = jsonParse<{ name: string }>(fs.readFileSync(packageJsonPath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f10614a0e3d8fa0a Filesystem access.
repo/packages/@n8n/workflow-sdk/src/generate-types/generate-types.test.ts:8
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ab94dcec73744c3b Filesystem access.
repo/packages/@n8n/workflow-sdk/src/generate-types/generate-types.test.ts:4993
				fs.writeFileSync(fullPath, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c90963ed6dfdbace Filesystem access.
repo/packages/@n8n/workflow-sdk/src/generate-types/generate-types.test.ts:5103
				fs.writeFileSync(fullPath, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e04a7e25ce9cbbb1 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/generate-types/generate-types.test.ts:5269
		const content = fs.readFileSync(indexFile, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #46ad282c1b47efca Filesystem access.
repo/packages/@n8n/workflow-sdk/src/generate-types/generate-types.ts:21
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e8dcbb13dee383de Filesystem access.
repo/packages/@n8n/workflow-sdk/src/generate-types/generate-types.ts:660
					const schemaContent = fs.readFileSync(filePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ad779bf62b1ae8ca Filesystem access.
repo/packages/@n8n/workflow-sdk/src/generate-types/generate-types.ts:686
					const schemaContent = fs.readFileSync(schemaPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9033d3be9dbef888 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/generate-types/generate-types.ts:4193
	const content = await fs.promises.readFile(jsonPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a6cd64b056ef31bc Filesystem access.
repo/packages/@n8n/workflow-sdk/src/generate-types/generate-types.ts:4323
		await Promise.all(batch.map((f) => fs.promises.writeFile(f.path, f.content)));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a3216c89d5d97599 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/generate-types/generate-types.ts:4490
		await fs.promises.writeFile(path.join(outputDir, 'index.ts'), indexContent);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b2bd0f0fce613745 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/generate-types/generate-types.ts:4544
		await fs.promises.writeFile(path.join(DEV_OUTPUT_PATH, 'index.ts'), placeholderContent);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1189c79c82d55c0b Filesystem access.
repo/packages/@n8n/workflow-sdk/src/real-workflow.test.ts:1
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ab3efa6d12029ce5 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/real-workflow.test.ts:28
		fs.writeFileSync(generatedPath, code, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7e0a79d5b325cd96 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/real-workflow.test.ts:48
	const manifest = JSON.parse(fs.readFileSync(manifestPath, 'utf-8')) as {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #62bededa7ef27221 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/real-workflow.test.ts:65
			const json = JSON.parse(fs.readFileSync(filePath, 'utf-8')) as WorkflowJSON;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #298a05689c15d8f6 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/validation/test-schema-setup.ts:10
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2791d13812a4f1c9 Environment-variable access.
repo/packages/@n8n/workflow-sdk/src/validation/test-schema-setup.ts:23
const WORKER_ID = process.env.VITEST_POOL_ID ?? '0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f96c2dbf40bff029 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/validation/test-schema-setup.ts:36
		const content = fs.readFileSync(generatorPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6ec6f858d40f34b4 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/validation/test-schema-setup.ts:51
		const storedHash = fs.readFileSync(STAMP_FILE, 'utf-8').trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #48ce515c2b8f3e33 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/validation/test-schema-setup.ts:103
			fs.writeFileSync(STAMP_FILE, hash);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a5552aefd388e970 Environment-variable access.
repo/packages/cli/bin/n8n:7
process.env.NODE_CONFIG_DIR = process.env.NODE_CONFIG_DIR || path.join(__dirname, 'config');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #269e154b6e84b4f0 Environment-variable access.
repo/packages/cli/bin/n8n:38
if (process.env.E2E_TESTS !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6c13ea6c03c190f7 Environment-variable access.
repo/packages/cli/bin/n8n:48
if (process.env.NODEJS_PREFER_IPV4 === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6519843effaa04a9 Filesystem access.
repo/packages/cli/scripts/agent-integration-recordings.mjs:1
import { mkdir, readFile, readdir, writeFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c285f548769e02fe Environment-variable access.
repo/packages/cli/scripts/agent-integration-recordings.mjs:28
		process.env.N8N_AGENT_INTEGRATION_RECORDING_DIR ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2dda12e35cb5afdf Filesystem access.
repo/packages/cli/scripts/agent-integration-recordings.mjs:51
				const contents = await readFile(join(dir, file), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fac52202a97c9c14 Filesystem access.
repo/packages/cli/scripts/agent-integration-recordings.mjs:63
	const contents = await readFile(file, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c76a67266d41c102 Filesystem access.
repo/packages/cli/scripts/agent-integration-recordings.mjs:73
	await writeFile(outputPath, `${JSON.stringify(records, null, 2)}\n`, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9001d674334ca9ca Filesystem access.
repo/packages/cli/scripts/build.mjs:2
import { writeFileSync, existsSync, mkdirSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #64b515dc210bf255 Environment-variable access.
repo/packages/cli/scripts/build.mjs:15
const publicApiEnabled = process.env.N8N_PUBLIC_API_DISABLED !== 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #89da2c0fd04f9c8a Filesystem access.
repo/packages/cli/scripts/build.mjs:110
	writeFileSync(path.resolve(ROOT_DIR, 'dist/timezones.json'), JSON.stringify({ data }));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1284f3e4ce81a1b1 Filesystem access.
repo/packages/cli/scripts/bundle-agent-library.mjs:16
import { writeFileSync, mkdirSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #187da0ec9abb189e Filesystem access.
repo/packages/cli/scripts/bundle-agent-library.mjs:71
	writeFileSync(OUTPUT_FILE, bundle, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e20ba0524db4df08 Filesystem access.
repo/packages/cli/src/__tests__/external-hooks.test.ts:21
	const { mkdtempSync, writeFileSync } = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8712eebf6297670c Filesystem access.
repo/packages/cli/src/__tests__/external-hooks.test.ts:28
	writeFileSync(
		p,
		'module.exports = { workflow: { create: [(...args) => globalThis.__extHookFn(...args)] } };',
	);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6f84be79e2a91cb0 Filesystem access.
repo/packages/cli/src/__tests__/load-nodes-and-credentials.test.ts:4
import fs from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2ebb858ec092395b Environment-variable access.
repo/packages/cli/src/__tests__/load-nodes-and-credentials.test.ts:47
	const originalNodePath = process.env.NODE_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a3ce851e15e99702 Environment-variable access.
repo/packages/cli/src/__tests__/load-nodes-and-credentials.test.ts:56
			delete process.env.NODE_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #28737a1455399315 Environment-variable access.
repo/packages/cli/src/__tests__/load-nodes-and-credentials.test.ts:58
			process.env.NODE_PATH = originalNodePath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #da8db05e874c76b7 Environment-variable access.
repo/packages/cli/src/__tests__/load-nodes-and-credentials.test.ts:64
		process.env.NODE_PATH = existingPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a0cd4d490ca72527 Environment-variable access.
repo/packages/cli/src/__tests__/load-nodes-and-credentials.test.ts:68
		process.env.NODE_PATH = [modulePaths.join(delimiter), process.env.NODE_PATH]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4e3b7a95c292bec1 Environment-variable access.
repo/packages/cli/src/__tests__/load-nodes-and-credentials.test.ts:72
		expect(process.env.NODE_PATH).toContain(existingPath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b565fd88340f7a6e Environment-variable access.
repo/packages/cli/src/__tests__/load-nodes-and-credentials.test.ts:73
		expect(process.env.NODE_PATH?.endsWith(existingPath)).toBe(true);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5a297e7004405451 Environment-variable access.
repo/packages/cli/src/__tests__/load-nodes-and-credentials.test.ts:77
		delete process.env.NODE_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #eb147d9164febfbf Environment-variable access.
repo/packages/cli/src/__tests__/load-nodes-and-credentials.test.ts:80
		process.env.NODE_PATH = [modulePaths.join(delimiter), process.env.NODE_PATH]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8b875ef4ff1b0102 Environment-variable access.
repo/packages/cli/src/__tests__/load-nodes-and-credentials.test.ts:84
		expect(process.env.NODE_PATH).toBe(modulePaths.join(delimiter));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ad57a3a7dfdd4909 Environment-variable access.
repo/packages/cli/src/__tests__/load-nodes-and-credentials.test.ts:85
		expect(process.env.NODE_PATH).not.toContain('undefined');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2ef30e89cea7ff0d Environment-variable access.
repo/packages/cli/src/__tests__/load-nodes-and-credentials.test.ts:215
			process.env.N8N_ENV_FEAT_DYNAMIC_CREDENTIALS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #120a87b1a66e6b12 Environment-variable access.
repo/packages/cli/src/__tests__/load-nodes-and-credentials.test.ts:235
			delete process.env.N8N_ENV_FEAT_DYNAMIC_CREDENTIALS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9882fbb997219a41 Environment-variable access.
repo/packages/cli/src/__tests__/load-nodes-and-credentials.test.ts:240
			delete process.env.N8N_ENV_FEAT_DYNAMIC_CREDENTIALS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #83952a640468a6db Environment-variable access.
repo/packages/cli/src/__tests__/load-nodes-and-credentials.test.ts:275
			process.env.N8N_ENV_FEAT_DYNAMIC_CREDENTIALS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #59040562d9959adf Environment-variable access.
repo/packages/cli/src/__tests__/utils.test.ts:258
		delete process.env.ENABLE_OBSERVABILITY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #50e66776a107a438 Environment-variable access.
repo/packages/cli/src/__tests__/utils.test.ts:262
		expect(process.env.ENABLE_OBSERVABILITY).toBe('true');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0f4397244bcdfd3a Environment-variable access.
repo/packages/cli/src/__tests__/utils.test.ts:266
		process.env.ENABLE_OBSERVABILITY = '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #eb83a6950cfcaec4 Environment-variable access.
repo/packages/cli/src/__tests__/utils.test.ts:270
		expect(process.env.ENABLE_OBSERVABILITY).toBe('true');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #351a5d4296bc0244 Environment-variable access.
repo/packages/cli/src/__tests__/utils.test.ts:274
		process.env.ENABLE_OBSERVABILITY = 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f9568ac8a4346d83 Environment-variable access.
repo/packages/cli/src/__tests__/utils.test.ts:278
		expect(process.env.ENABLE_OBSERVABILITY).toBe('false');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1b3fa907bf2c126f Environment-variable access.
repo/packages/cli/src/__tests__/utils.test.ts:282
		delete process.env.ENABLE_A365_OBSERVABILITY_EXPORTER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #03df23bb7b97f1f0 Environment-variable access.
repo/packages/cli/src/__tests__/utils.test.ts:286
		expect(process.env.ENABLE_A365_OBSERVABILITY_EXPORTER).toBe('true');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f9c2701848cf3175 Environment-variable access.
repo/packages/cli/src/__tests__/utils.test.ts:290
		process.env.ENABLE_A365_OBSERVABILITY_EXPORTER = '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #acb0ca7214a33fc0 Environment-variable access.
repo/packages/cli/src/__tests__/utils.test.ts:294
		expect(process.env.ENABLE_A365_OBSERVABILITY_EXPORTER).toBe('true');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #80f448491d4a142b Environment-variable access.
repo/packages/cli/src/__tests__/utils.test.ts:298
		process.env.ENABLE_A365_OBSERVABILITY_EXPORTER = 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #03de08782268502e Environment-variable access.
repo/packages/cli/src/__tests__/utils.test.ts:302
		expect(process.env.ENABLE_A365_OBSERVABILITY_EXPORTER).toBe('false');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #907a9cea537b70e5 Environment-variable access.
repo/packages/cli/src/__tests__/utils.test.ts:306
		delete process.env.ENABLE_OBSERVABILITY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5af32d5e2c12e538 Environment-variable access.
repo/packages/cli/src/__tests__/utils.test.ts:307
		delete process.env.ENABLE_A365_OBSERVABILITY_EXPORTER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7cdba869ed9919d8 Environment-variable access.
repo/packages/cli/src/__tests__/utils.test.ts:311
		expect(process.env.ENABLE_OBSERVABILITY).toBe('true');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #aee8bd5791bd069d Environment-variable access.
repo/packages/cli/src/__tests__/utils.test.ts:312
		expect(process.env.ENABLE_A365_OBSERVABILITY_EXPORTER).toBe('true');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2bc2684c32a569b5 Environment-variable access.
repo/packages/cli/src/__tests__/utils.test.ts:316
		process.env.ENABLE_OBSERVABILITY = '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #740736be9c9caa66 Environment-variable access.
repo/packages/cli/src/__tests__/utils.test.ts:317
		process.env.ENABLE_A365_OBSERVABILITY_EXPORTER = '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3914b1e112c84fdc Environment-variable access.
repo/packages/cli/src/__tests__/utils.test.ts:321
		expect(process.env.ENABLE_OBSERVABILITY).toBe('true');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #17ee2d54e0e65d80 Environment-variable access.
repo/packages/cli/src/__tests__/utils.test.ts:322
		expect(process.env.ENABLE_A365_OBSERVABILITY_EXPORTER).toBe('true');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #580bf517a467c2ee Environment-variable access.
repo/packages/cli/src/__tests__/utils.test.ts:326
		process.env.ENABLE_OBSERVABILITY = 'custom-value';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #af39f65f0213bef7 Environment-variable access.
repo/packages/cli/src/__tests__/utils.test.ts:327
		delete process.env.ENABLE_A365_OBSERVABILITY_EXPORTER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #015ba742f17b371a Environment-variable access.
repo/packages/cli/src/__tests__/utils.test.ts:331
		expect(process.env.ENABLE_OBSERVABILITY).toBe('custom-value');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #47fe59d9b1cacfe3 Environment-variable access.
repo/packages/cli/src/__tests__/utils.test.ts:332
		expect(process.env.ENABLE_A365_OBSERVABILITY_EXPORTER).toBe('true');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #39cb9feb64b087a6 Filesystem access.
repo/packages/cli/src/abstract-server.ts:8
import { readFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b5e3ad8a28de664c Filesystem access.
repo/packages/cli/src/abstract-server.ts:179
					key: await readFile(this.sslKey, 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c226665f1caefef9 Filesystem access.
repo/packages/cli/src/abstract-server.ts:180
					cert: await readFile(this.sslCert, 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #568c9ec9c869f36b Environment-variable access.
repo/packages/cli/src/auth/__tests__/auth.service.test.ts:212
				originalPreviewMode = process.env.N8N_PREVIEW_MODE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3eaeb0f25a32f178 Environment-variable access.
repo/packages/cli/src/auth/__tests__/auth.service.test.ts:221
					delete process.env.N8N_PREVIEW_MODE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #465a86c24825a6d7 Environment-variable access.
repo/packages/cli/src/auth/__tests__/auth.service.test.ts:223
					process.env.N8N_PREVIEW_MODE = originalPreviewMode;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a559157be48bb96c Environment-variable access.
repo/packages/cli/src/auth/__tests__/auth.service.test.ts:228
				process.env.N8N_PREVIEW_MODE = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #29457c152af1903a Environment-variable access.
repo/packages/cli/src/auth/__tests__/auth.service.test.ts:246
				process.env.N8N_PREVIEW_MODE = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #55e1a28e3b75d932 Environment-variable access.
repo/packages/cli/src/auth/__tests__/auth.service.test.ts:264
				process.env.N8N_PREVIEW_MODE = 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fc84d40f8d7b6193 Environment-variable access.
repo/packages/cli/src/auth/__tests__/auth.service.test.ts:282
				delete process.env.N8N_PREVIEW_MODE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6a74241e2a2ae528 Environment-variable access.
repo/packages/cli/src/auth/__tests__/auth.service.test.ts:300
				process.env.N8N_PREVIEW_MODE = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8b8becb6a03d4a9d Environment-variable access.
repo/packages/cli/src/auth/__tests__/auth.service.test.ts:321
				process.env.N8N_PREVIEW_MODE = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #829e8257e9691967 Environment-variable access.
repo/packages/cli/src/auth/__tests__/auth.service.test.ts:485
				const originalPreviewMode = process.env.N8N_PREVIEW_MODE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #22c2d951d0e77db6 Environment-variable access.
repo/packages/cli/src/auth/__tests__/auth.service.test.ts:486
				process.env.N8N_PREVIEW_MODE = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0389c0e80031c9c8 Environment-variable access.
repo/packages/cli/src/auth/__tests__/auth.service.test.ts:507
					delete process.env.N8N_PREVIEW_MODE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #313e6fc61c3b7d20 Environment-variable access.
repo/packages/cli/src/auth/__tests__/auth.service.test.ts:509
					process.env.N8N_PREVIEW_MODE = originalPreviewMode;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #336e33b2313502d8 Environment-variable access.
repo/packages/cli/src/auth/auth.service.ts:155
			const isPreviewMode = process.env.N8N_PREVIEW_MODE === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3fad6d4e2bded3a5 Filesystem access.
repo/packages/cli/src/binary-data/__tests__/database.manager.integration.test.ts:294
		await writeFile(tempFilePath, buffer);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #62f50e924b26fbcd Filesystem access.
repo/packages/cli/src/binary-data/__tests__/database.manager.integration.test.ts:324
		await writeFile(tempFilePath, oversizedBuffer);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #98bcfb1bbc78aa9d Filesystem access.
repo/packages/cli/src/binary-data/database.manager.ts:135
		const buffer = await readFile(sourcePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3799661f5186cee6 Filesystem access.
repo/packages/cli/src/blob-storage/__tests__/fs-byte-store.integration.test.ts:58
		const onDisk = await fs.readFile(join(storagePath, 'a/b/c/blob.json'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fef9cdee7de5b268 Filesystem access.
repo/packages/cli/src/blob-storage/fs-byte-store.ts:30
			await fs.writeFile(tempPath, body);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #776da89b8b3c2f26 Filesystem access.
repo/packages/cli/src/blob-storage/fs-byte-store.ts:44
			return await fs.readFile(readPath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #75cbcd0c5ac36bdb Environment-variable access.
repo/packages/cli/src/commands/base-command.ts:170
		if (process.env.EXECUTIONS_PROCESS === 'own') process.exit(-1);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #46898c523f296eb6 Filesystem access.
repo/packages/cli/src/commands/execute-batch.ts:5
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #869a9d396c9e9bed Filesystem access.
repo/packages/cli/src/commands/execute-batch.ts:246
				const contents = fs.readFileSync(flags.ids, { encoding: 'utf-8' });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0e108e0c9c7413b5 Filesystem access.
repo/packages/cli/src/commands/execute-batch.ts:270
				const contents = fs.readFileSync(flags.skipList, { encoding: 'utf-8' });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #24fa5519680cd3e8 Filesystem access.
repo/packages/cli/src/commands/execute-batch.ts:337
			fs.writeFileSync(flags.output, this.formatJsonOutput(results));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #369ffd21cfdb0d46 Environment-variable access.
repo/packages/cli/src/commands/execute-batch.ts:534
		const output = process.env.GITHUB_OUTPUT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #29e2db0ccad537c5 Filesystem access.
repo/packages/cli/src/commands/execute-batch.ts:811
								const contents = fs.readFileSync(fileName, { encoding: 'utf-8' });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1295aa721d012821 Filesystem access.
repo/packages/cli/src/commands/execute-batch.ts:854
							fs.writeFileSync(fileName, serializedData);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #99db97c8aec33d2e Filesystem access.
repo/packages/cli/src/commands/export/credentials.ts:5
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e6aa8c53b03e7f08 Filesystem access.
repo/packages/cli/src/commands/export/credentials.ts:148
				fs.writeFileSync(filename, fileContents);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b5e50de638c062dc Filesystem access.
repo/packages/cli/src/commands/export/credentials.ts:154
				fs.writeFileSync(flags.output, fileContents);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a634bdaccc009705 Filesystem access.
repo/packages/cli/src/commands/export/nodes.ts:3
import { createWriteStream } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e8749bcd239dd193 Filesystem access.
repo/packages/cli/src/commands/export/nodes.ts:4
import { mkdir } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ddd22a70f1da407f Filesystem access.
repo/packages/cli/src/commands/export/workflow.ts:5
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #de13983318629ca7 Filesystem access.
repo/packages/cli/src/commands/export/workflow.ts:158
				fs.writeFileSync(filename, fileContents);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c2063358b1a753dc Filesystem access.
repo/packages/cli/src/commands/export/workflow.ts:164
				fs.writeFileSync(flags.output, fileContents);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #983672758257f533 Filesystem access.
repo/packages/cli/src/commands/import/credentials.ts:15
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d646e657c3519e2d Filesystem access.
repo/packages/cli/src/commands/import/credentials.ts:248
				jsonParse<Partial<CredentialsEntity>>(fs.readFileSync(file, { encoding: 'utf8' })),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5b15d822554fba49 Filesystem access.
repo/packages/cli/src/commands/import/credentials.ts:252
				fs.readFileSync(inputPath, { encoding: 'utf8' }),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b75af18e4f838946 Filesystem access.
repo/packages/cli/src/commands/import/workflow.ts:13
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fcec8ea855499202 Filesystem access.
repo/packages/cli/src/commands/import/workflow.ts:253
				fs.readFileSync(path, { encoding: 'utf8' }),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b988cd314fcaccb1 Filesystem access.
repo/packages/cli/src/commands/import/workflow.ts:269
			const workflow = jsonParse<IWorkflowToImport>(fs.readFileSync(file, { encoding: 'utf8' }));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a2cc49883b6bceaf Filesystem access.
repo/packages/cli/src/commands/start.ts:14
import { createReadStream, createWriteStream, existsSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b8b78f272b41836a Filesystem access.
repo/packages/cli/src/commands/start.ts:15
import { mkdir } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #85d919393816c5aa Environment-variable access.
repo/packages/cli/src/commands/start.ts:136
			environment: process.env.ENVIRONMENT || 'development',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #209db87ee658ff4c Environment-variable access.
repo/packages/cli/src/commands/start.ts:137
			serverName: process.env.DEPLOYMENT_NAME,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3f077711c7817a0b Environment-variable access.
repo/packages/cli/src/commands/start.ts:208
			if (process.env.OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #df3f7ce814455a3c Environment-variable access.
repo/packages/cli/src/concurrency/__tests__/concurrency-control.service.test.ts:51
	const originalEvalEnv = process.env.N8N_CONCURRENCY_EVALUATION_LIMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #14bdda473ef1e05f Environment-variable access.
repo/packages/cli/src/concurrency/__tests__/concurrency-control.service.test.ts:53
		process.env.N8N_CONCURRENCY_EVALUATION_LIMIT = '-1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0e24ae5a233dba0b Environment-variable access.
repo/packages/cli/src/concurrency/__tests__/concurrency-control.service.test.ts:56
		if (originalEvalEnv === undefined) delete process.env.N8N_CONCURRENCY_EVALUATION_LIMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9a53a2669296352c Environment-variable access.
repo/packages/cli/src/concurrency/__tests__/concurrency-control.service.test.ts:57
		else process.env.N8N_CONCURRENCY_EVALUATION_LIMIT = originalEvalEnv;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #53f75f24991def8e Environment-variable access.
repo/packages/cli/src/concurrency/__tests__/concurrency-control.service.test.ts:221
			delete process.env.N8N_CONCURRENCY_EVALUATION_LIMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8676208c256c48f6 Environment-variable access.
repo/packages/cli/src/concurrency/__tests__/concurrency-control.service.test.ts:226
			process.env.N8N_CONCURRENCY_EVALUATION_LIMIT = '-1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e510bf72d984817f Environment-variable access.
repo/packages/cli/src/concurrency/__tests__/concurrency-control.service.test.ts:297
			process.env.N8N_CONCURRENCY_EVALUATION_LIMIT = '-1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0db8b82644233d0c Filesystem access.
repo/packages/cli/src/config/index.ts:5
import { readFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #449362bb3326cc5c Environment-variable access.
repo/packages/cli/src/config/index.ts:17
	process.env.EXTERNAL_FRONTEND_HOOKS_URLS = '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e11774cd935548b6 Environment-variable access.
repo/packages/cli/src/config/index.ts:18
	process.env.N8N_PERSONALIZATION_ENABLED = 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9c438fb67d14165a Environment-variable access.
repo/packages/cli/src/config/index.ts:19
	process.env.N8N_AI_ENABLED = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b13eb7dd6e1211e0 Environment-variable access.
repo/packages/cli/src/config/index.ts:23
	process.env.SKIP_STATISTICS_EVENTS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fa47a6a52dcc868c Environment-variable access.
repo/packages/cli/src/config/index.ts:25
	process.env.N8N_SKIP_AUTH_ON_OAUTH_CALLBACK = 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d0ad0d0a34beb656 Filesystem access.
repo/packages/cli/src/config/index.ts:47
					value = readFileSync(fileName, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #92208600358e856b Filesystem access.
repo/packages/cli/src/constants.ts:2
import { readFileSync, statSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #609dfb28d728a2c9 Filesystem access.
repo/packages/cli/src/constants.ts:28
const n8nPackageJson = jsonParse<n8n.PackageJson>(readFileSync(packageJsonPath, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0088ff002a4fb363 Filesystem access.
repo/packages/cli/src/constants.ts:30
	readFileSync(aiAssistantPackageJsonPath, 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8911c72bdc9023fc Filesystem access.
repo/packages/cli/src/constants.ts:33
	readFileSync(workflowSdkPackageJsonPath, 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #050b2ed0a15aa23c Environment-variable access.
repo/packages/cli/src/constants/workflow-reviews.ts:6
	return process.env[WORKFLOW_REVIEWS_ENV_FEATURE_FLAG] === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4ec246fe197410e4 Filesystem access.
repo/packages/cli/src/controllers/__tests__/translation.controller.test.ts:15
	const { mkdtempSync, writeFileSync } = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #adb33270033c526f Filesystem access.
repo/packages/cli/src/controllers/__tests__/translation.controller.test.ts:22
	writeFileSync(p, JSON.stringify({ translation: 'string' }));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3de3eb4339bb473f Filesystem access.
repo/packages/cli/src/controllers/instance-ai-examples.controller.ts:101
		const raw = readFileSync(filePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0b69405a35d85835 Filesystem access.
repo/packages/cli/src/controllers/third-party-licenses.controller.ts:3
import { readFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #80fbf05592de9d95 Filesystem access.
repo/packages/cli/src/controllers/third-party-licenses.controller.ts:19
			const content = await readFile(licenseFile, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9cf7e09b5e810f13 Filesystem access.
repo/packages/cli/src/controllers/translation.controller.ts:5
import { access } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #66886b97145ca62a Filesystem access.
repo/packages/cli/src/crash-journal.ts:3
import { existsSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #35fef71dbbe92608 Filesystem access.
repo/packages/cli/src/crash-journal.ts:4
import { mkdir, utimes, open, rm } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #66ca441fd733b4d5 Environment-variable access.
repo/packages/cli/src/databases/repositories/__tests__/workflow-statistics.integration.test.ts:10
const runOnSqlite = (process.env.DB_TYPE ?? 'sqlite') === 'sqlite';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c82ec51d415b720a Environment-variable access.
repo/packages/cli/src/deprecation/__tests__/deprecation.service.test.ts:31
		const originalEnv = process.env[envVar];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7ffdea98b40f6c2c Environment-variable access.
repo/packages/cli/src/deprecation/__tests__/deprecation.service.test.ts:35
				process.env[envVar] = value;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #393e052e8c6dab04 Environment-variable access.
repo/packages/cli/src/deprecation/__tests__/deprecation.service.test.ts:37
				delete process.env[envVar];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7b4eaa575fa675d3 Environment-variable access.
repo/packages/cli/src/deprecation/__tests__/deprecation.service.test.ts:53
				process.env[envVar] = originalEnv;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e466352b829ae6ac Environment-variable access.
repo/packages/cli/src/deprecation/__tests__/deprecation.service.test.ts:55
				delete process.env[envVar];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1cd7e5ee96ff8c86 Environment-variable access.
repo/packages/cli/src/deprecation/__tests__/deprecation.service.test.ts:85
					process.env[envVar] = 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7f70990618810ec9 Environment-variable access.
repo/packages/cli/src/deprecation/__tests__/deprecation.service.test.ts:108
					process.env[envVar] = envValue;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #605497d171ee935c Environment-variable access.
repo/packages/cli/src/deprecation/__tests__/deprecation.service.test.ts:124
					process.env[envVar] = envValue;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d105f8b9e56b9380 Environment-variable access.
repo/packages/cli/src/deprecation/__tests__/deprecation.service.test.ts:140
					process.env[envVar] = envValue;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b24c89b9ef5b1d82 Environment-variable access.
repo/packages/cli/src/deprecation/__tests__/deprecation.service.test.ts:147
					process.env[envVar] = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #234a459b2c2a52f1 Environment-variable access.
repo/packages/cli/src/deprecation/__tests__/deprecation.service.test.ts:156
					delete process.env[envVar];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7cd74d301acab2c4 Environment-variable access.
repo/packages/cli/src/deprecation/__tests__/deprecation.service.test.ts:176
			delete process.env[envVar];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0e5811990f2770e5 Environment-variable access.
repo/packages/cli/src/deprecation/__tests__/deprecation.service.test.ts:187
			process.env[envVar] = value;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8383bd6df9c70eb5 Environment-variable access.
repo/packages/cli/src/deprecation/deprecation.service.ts:129
			const envValue = process.env[d.envVar];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #05b6a2e5a2bda7db Environment-variable access.
repo/packages/cli/src/evaluation.ee/__tests__/evaluation-concurrency.helper.test.ts:28
	const originalEnv = process.env[ENV_VAR];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #febcc931c0564e70 Environment-variable access.
repo/packages/cli/src/evaluation.ee/__tests__/evaluation-concurrency.helper.test.ts:31
		if (originalEnv === undefined) delete process.env[ENV_VAR];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #03a58bec33fe4123 Environment-variable access.
repo/packages/cli/src/evaluation.ee/__tests__/evaluation-concurrency.helper.test.ts:32
		else process.env[ENV_VAR] = originalEnv;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #67cbecefd88a21ea Environment-variable access.
repo/packages/cli/src/evaluation.ee/__tests__/evaluation-concurrency.helper.test.ts:41
			process.env[ENV_VAR] = envValue;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4e77b1667f0360ea Environment-variable access.
repo/packages/cli/src/evaluation.ee/__tests__/evaluation-concurrency.helper.test.ts:52
			process.env[ENV_VAR] = '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #aa0e7cbc11ae1a9d Environment-variable access.
repo/packages/cli/src/evaluation.ee/__tests__/evaluation-concurrency.helper.test.ts:66
			delete process.env[ENV_VAR];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #283eec49b050c740 Environment-variable access.
repo/packages/cli/src/evaluation.ee/__tests__/evaluation-concurrency.helper.test.ts:96
			delete process.env[ENV_VAR];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dafe637493c16648 Environment-variable access.
repo/packages/cli/src/evaluation.ee/__tests__/evaluation-concurrency.helper.test.ts:135
	const originalEnv = process.env[ENV_VAR];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #32a68dc6e82ff04a Environment-variable access.
repo/packages/cli/src/evaluation.ee/__tests__/evaluation-concurrency.helper.test.ts:138
		if (originalEnv === undefined) delete process.env[ENV_VAR];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b9053b38e3b88b78 Environment-variable access.
repo/packages/cli/src/evaluation.ee/__tests__/evaluation-concurrency.helper.test.ts:139
		else process.env[ENV_VAR] = originalEnv;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #084ce66d710dd11a Environment-variable access.
repo/packages/cli/src/evaluation.ee/__tests__/evaluation-concurrency.helper.test.ts:143
		process.env[ENV_VAR] = '3';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3faf575ba1345b63 Environment-variable access.
repo/packages/cli/src/evaluation.ee/__tests__/evaluation-concurrency.helper.test.ts:148
		delete process.env[ENV_VAR];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e6d4ecf06fda753c Environment-variable access.
repo/packages/cli/src/evaluation.ee/__tests__/evaluation-concurrency.helper.test.ts:153
		delete process.env[ENV_VAR];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #92608de75b5e43fc Environment-variable access.
repo/packages/cli/src/evaluation.ee/__tests__/evaluation-concurrency.helper.test.ts:158
		delete process.env[ENV_VAR];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3cdaf1f9d7a2b48e Environment-variable access.
repo/packages/cli/src/evaluation.ee/evaluation-concurrency.helper.ts:68
	if (process.env[EVALUATION_CONCURRENCY_ENV_VAR] !== undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #121709aefc2462da Environment-variable access.
repo/packages/cli/src/evaluation.ee/evaluation-concurrency.helper.ts:87
	if (process.env[EVALUATION_CONCURRENCY_ENV_VAR] !== undefined) return 'env';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3dc99c233bd479d5 Filesystem access.
repo/packages/cli/src/evaluation.ee/test-runner/__tests__/test-runner.service.ee.test.ts:12
import { readFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5e54671564c7c232 Filesystem access.
repo/packages/cli/src/evaluation.ee/test-runner/__tests__/test-runner.service.ee.test.ts:54
	readFileSync(path.join(__dirname, './mock-data/workflow.under-test.json'), { encoding: 'utf-8' }),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a100c94e20538c65 Environment-variable access.
repo/packages/cli/src/evaluation.ee/test-runner/__tests__/test-runner.service.ee.test.ts:550
			process.env.OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c4ae7d3261449c1d Environment-variable access.
repo/packages/cli/src/evaluation.ee/test-runner/__tests__/test-runner.service.ee.test.ts:621
			delete process.env.OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #225200a45123b30c Environment-variable access.
repo/packages/cli/src/evaluation.ee/test-runner/__tests__/test-runner.service.ee.test.ts:2340
			const originalEnv = process.env.N8N_CONCURRENCY_EVALUATION_LIMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7b1252356e14ea25 Environment-variable access.
repo/packages/cli/src/evaluation.ee/test-runner/__tests__/test-runner.service.ee.test.ts:2341
			process.env.N8N_CONCURRENCY_EVALUATION_LIMIT = '5';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7d6a37d794786b5e Environment-variable access.
repo/packages/cli/src/evaluation.ee/test-runner/__tests__/test-runner.service.ee.test.ts:2349
				if (originalEnv === undefined) delete process.env.N8N_CONCURRENCY_EVALUATION_LIMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #46665cfd82249da9 Environment-variable access.
repo/packages/cli/src/evaluation.ee/test-runner/__tests__/test-runner.service.ee.test.ts:2350
				else process.env.N8N_CONCURRENCY_EVALUATION_LIMIT = originalEnv;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9d00e36d3cd56e8c Environment-variable access.
repo/packages/cli/src/evaluation.ee/test-runner/__tests__/test-runner.service.ee.test.ts:2379
			const originalEnv = process.env.N8N_CONCURRENCY_EVALUATION_LIMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #31a4d73903f6c980 Environment-variable access.
repo/packages/cli/src/evaluation.ee/test-runner/__tests__/test-runner.service.ee.test.ts:2380
			delete process.env.N8N_CONCURRENCY_EVALUATION_LIMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ce99c30f71274a17 Environment-variable access.
repo/packages/cli/src/evaluation.ee/test-runner/__tests__/test-runner.service.ee.test.ts:2392
				if (originalEnv === undefined) delete process.env.N8N_CONCURRENCY_EVALUATION_LIMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5c827672394e50d0 Environment-variable access.
repo/packages/cli/src/evaluation.ee/test-runner/__tests__/test-runner.service.ee.test.ts:2393
				else process.env.N8N_CONCURRENCY_EVALUATION_LIMIT = originalEnv;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7f6b271051b25924 Environment-variable access.
repo/packages/cli/src/evaluation.ee/test-runner/__tests__/test-runner.service.ee.test.ts:2462
			const originalEnv = process.env.N8N_CONCURRENCY_EVALUATION_LIMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f66f41d1014c3958 Environment-variable access.
repo/packages/cli/src/evaluation.ee/test-runner/__tests__/test-runner.service.ee.test.ts:2463
			process.env.N8N_CONCURRENCY_EVALUATION_LIMIT = '2';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cbcef5580961a7b3 Environment-variable access.
repo/packages/cli/src/evaluation.ee/test-runner/__tests__/test-runner.service.ee.test.ts:2480
				if (originalEnv === undefined) delete process.env.N8N_CONCURRENCY_EVALUATION_LIMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8767e6839f5f4986 Environment-variable access.
repo/packages/cli/src/evaluation.ee/test-runner/__tests__/test-runner.service.ee.test.ts:2481
				else process.env.N8N_CONCURRENCY_EVALUATION_LIMIT = originalEnv;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #efcd2fd464264c52 Environment-variable access.
repo/packages/cli/src/evaluation.ee/test-runner/test-runner.service.ee.ts:404
			process.env.OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #833b6cc3f4ca2c9e Filesystem access.
repo/packages/cli/src/eventbus/message-event-bus-writer/__tests__/message-event-bus-log-writer.test.ts:43
		writeFileSync(path, lines.join('\n') + '\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #acdf99184f0bd8d2 Filesystem access.
repo/packages/cli/src/eventbus/message-event-bus-writer/message-event-bus-log-writer-worker.ts:1
import { appendFileSync, existsSync, rmSync, renameSync, openSync, closeSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #54dfa4191c1432f9 Filesystem access.
repo/packages/cli/src/eventbus/message-event-bus-writer/message-event-bus-log-writer-worker.ts:2
import { stat } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #db730a18bceecf8b Filesystem access.
repo/packages/cli/src/eventbus/message-event-bus-writer/message-event-bus-log-writer.ts:5
import { createReadStream, existsSync, rmSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c0fd574ba7880c7c Filesystem access.
repo/packages/cli/src/eventbus/message-event-bus/__tests__/message-event-bus.test.ts:112
		writeFileSync(stalePath, '');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #515f3b21fcc85b64 Filesystem access.
repo/packages/cli/src/executions/execution-data/__tests__/fs-store.integration.test.ts:78
		const content = await fs.readFile(filePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #16a474ddefd455d5 Filesystem access.
repo/packages/cli/src/executions/execution-data/__tests__/fs-store.integration.test.ts:96
		const onDisk = await fs.readFile(filePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c45811a305edb856 Filesystem access.
repo/packages/cli/src/executions/execution-data/__tests__/fs-store.integration.test.ts:165
		await fs.writeFile(bundlePath, 'invalid json{{{', 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #407d06317a601db0 Filesystem access.
repo/packages/cli/src/executions/execution-data/__tests__/fs-store.integration.test.ts:204
		await fs.writeFile(badPath, 'invalid json{{{', 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b4095c40dd3284b4 Filesystem access.
repo/packages/cli/src/executions/execution-data/fs-store.ts:43
			await fs.writeFile(tempPath, serialized, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8b023c88d835277e Filesystem access.
repo/packages/cli/src/executions/execution-data/fs-store.ts:61
			content = await fs.readFile(bundlePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #edf94255036135db Filesystem access.
repo/packages/cli/src/load-nodes-and-credentials.ts:7
import fsPromises from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f960067521b4c39f Environment-variable access.
repo/packages/cli/src/load-nodes-and-credentials.ts:76
		process.env.NODE_PATH = [module.paths.join(delimiter), process.env.NODE_PATH]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8e51d6dfad45e778 Environment-variable access.
repo/packages/cli/src/load-nodes-and-credentials.ts:89
		if (process.env.N8N_ENV_FEAT_DYNAMIC_CREDENTIALS !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ce7362e1d52c509e Environment-variable access.
repo/packages/cli/src/load-nodes-and-credentials.ts:281
		if (process.env[CUSTOM_EXTENSION_ENV] !== undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #51dba684a956171e Environment-variable access.
repo/packages/cli/src/load-nodes-and-credentials.ts:282
			const customExtensionFolders = process.env[CUSTOM_EXTENSION_ENV].split(';');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9708f7277a32c220 Environment-variable access.
repo/packages/cli/src/load-nodes-and-credentials.ts:366
		return process.env.N8N_ENV_FEAT_DYNAMIC_CREDENTIALS === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #37ae868223a58599 Filesystem access.
repo/packages/cli/src/metrics/prometheus/pss-metrics.service.ts:29
					const content = readFileSync('/proc/self/smaps_rollup', 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c7bbec96595ab46a Filesystem access.
repo/packages/cli/src/metrics/prometheus/pss-metrics.service.ts:43
			readFileSync('/proc/self/smaps_rollup', 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #caf6ac856ca9bec7 Filesystem access.
repo/packages/cli/src/modules/agents/__tests__/agent-knowledge.service.test.ts:174
		await writeFile(textFilePath, 'hello world');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #54b1619631f6374a Filesystem access.
repo/packages/cli/src/modules/agents/__tests__/agent-knowledge.service.test.ts:175
		await writeFile(pdfFilePath, '%PDF-1.4');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #294c6e1cfb0afd9d Filesystem access.
repo/packages/cli/src/modules/agents/__tests__/agent-knowledge.service.test.ts:252
		await writeFile(firstPath, 'hello');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b06b507fbee6503f Filesystem access.
repo/packages/cli/src/modules/agents/__tests__/agent-knowledge.service.test.ts:253
		await writeFile(secondPath, 'world');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1195499fb9a13a23 Filesystem access.
repo/packages/cli/src/modules/agents/__tests__/agent-knowledge.service.test.ts:287
		await writeFile(filePath, 'hello');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f9c7f97d39026594 Filesystem access.
repo/packages/cli/src/modules/agents/__tests__/agent-knowledge.service.test.ts:331
		await writeFile(tempFilePath, 'x');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fc7b87cb8cd89c8b Filesystem access.
repo/packages/cli/src/modules/agents/__tests__/agent-knowledge.service.test.ts:512
		await writeFile(tempFilePath, 'hello world');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #22feceff10ea35c0 Filesystem access.
repo/packages/cli/src/modules/agents/__tests__/agent-secure-runtime.test.ts:2
import { existsSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #18cc56cf55a7d8b7 Environment-variable access.
repo/packages/cli/src/modules/agents/builder/__tests__/agents-builder-settings.service.test.ts:23
	for (const key of ENV_KEYS) delete process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d1c4626810046f9e Environment-variable access.
repo/packages/cli/src/modules/agents/builder/__tests__/agents-builder-settings.service.test.ts:114
			process.env.N8N_AI_ANTHROPIC_KEY = 'sk-env';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c808966be1708fe6 Environment-variable access.
repo/packages/cli/src/modules/agents/builder/__tests__/agents-builder-settings.service.test.ts:224
			process.env.N8N_AI_ANTHROPIC_KEY = 'sk-env';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6982a589a17226ba Environment-variable access.
repo/packages/cli/src/modules/agents/builder/__tests__/agents-builder-settings.service.test.ts:244
			process.env.N8N_AI_ANTHROPIC_KEY = 'sk-env';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4094cda41ed26adc Environment-variable access.
repo/packages/cli/src/modules/agents/builder/__tests__/agents-builder-settings.service.test.ts:293
			process.env.N8N_AI_ANTHROPIC_KEY = 'sk-env';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #051ee86b5fde59bd Environment-variable access.
repo/packages/cli/src/modules/agents/builder/__tests__/agents-builder-settings.service.test.ts:301
			process.env.ANTHROPIC_API_KEY = 'sk-env';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ec54de30c26e11d6 Environment-variable access.
repo/packages/cli/src/modules/agents/builder/agents-builder-settings.service.ts:40
	const key = process.env.N8N_AI_ANTHROPIC_KEY ?? process.env.ANTHROPIC_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #529125c867868400 Filesystem access.
repo/packages/cli/src/modules/agents/integrations/__tests__/channel-integration-contract.test.ts:1
import { readFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ee8dd5097e1134cf Filesystem access.
repo/packages/cli/src/modules/agents/integrations/__tests__/channel-integration-contract.test.ts:16
	readFileSync(join(__dirname, 'fixtures/slack/basic.json'), 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a78a9e2cc10694d7 Filesystem access.
repo/packages/cli/src/modules/agents/integrations/__tests__/channel-integration-contract.test.ts:19
	readFileSync(join(__dirname, 'fixtures/telegram/basic.json'), 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #841de64373a6408a Filesystem access.
repo/packages/cli/src/modules/agents/integrations/__tests__/channel-integration-recorder.test.ts:1
import { mkdtemp, rm, writeFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only #54cc50e9ba472df3 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/modules/agents/integrations/__tests__/channel-integration-recorder.test.ts:76
			await fetch('https://api.telegram.org/bot123456:secret/sendMessage', {
				method: 'POST',
				headers: requestHeaders,
				body: '{}',
			});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only #20f814ab991e3c29 Filesystem access.
repo/packages/cli/src/modules/agents/integrations/__tests__/channel-integration-recorder.test.ts:136
		await writeFile(filePath, 'x', 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8e6aa42dcc5cc176 Filesystem access.
repo/packages/cli/src/modules/agents/integrations/platforms/__tests__/linear/recorded-integration.test.ts:1
import { readFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #268c8a167f81afed Filesystem access.
repo/packages/cli/src/modules/agents/integrations/platforms/__tests__/linear/recorded-integration.test.ts:13
	readFileSync(join(__dirname, '../../../__tests__/fixtures/linear/recorded-session.json'), 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7727c77214ad5b8e Filesystem access.
repo/packages/cli/src/modules/agents/integrations/platforms/__tests__/slack/recorded-integration.test.ts:1
import { readFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b4b39bfa4b8fbddf Filesystem access.
repo/packages/cli/src/modules/agents/integrations/platforms/__tests__/slack/recorded-integration.test.ts:12
	readFileSync(join(__dirname, '../../../__tests__/fixtures/slack/recorded-session.json'), 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #176d06a12d408542 Filesystem access.
repo/packages/cli/src/modules/agents/integrations/platforms/__tests__/telegram/recorded-integration.test.ts:1
import { readFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #667810bde645f9b4 Filesystem access.
repo/packages/cli/src/modules/agents/integrations/platforms/__tests__/telegram/recorded-integration.test.ts:25
	readFileSync(join(__dirname, '../../../__tests__/fixtures/telegram/basic.json'), 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1d1af22ef31b45ef Filesystem access.
repo/packages/cli/src/modules/agents/integrations/platforms/__tests__/telegram/recorded-integration.test.ts:28
	readFileSync(
		join(__dirname, '../../../__tests__/fixtures/telegram/recorded-session.json'),
		'utf8',
	),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d53c1aa5c68c4a26 Filesystem access.
repo/packages/cli/src/modules/agents/integrations/recording/channel-integration-recorder.ts:1
import { mkdir, readFile, readdir, rm } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #34e96d26c3f6a4ba Environment-variable access.
repo/packages/cli/src/modules/agents/integrations/recording/channel-integration-recorder.ts:161
	const ref = process.env.N8N_AGENT_INTEGRATION_RECORDING_REF ?? 'local';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #29f668d5d9e144d6 Environment-variable access.
repo/packages/cli/src/modules/agents/integrations/recording/channel-integration-recorder.ts:247
			options.enabled ?? process.env.N8N_AGENT_INTEGRATION_RECORDING_ENABLED === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #31ee910982860494 Environment-variable access.
repo/packages/cli/src/modules/agents/integrations/recording/channel-integration-recorder.ts:250
				process.env.N8N_AGENT_INTEGRATION_RECORDING_SESSION_ID ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a53f092278331c30 Environment-variable access.
repo/packages/cli/src/modules/agents/integrations/recording/channel-integration-recorder.ts:255
			process.env.N8N_AGENT_INTEGRATION_RECORDING_DIR ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c659349a9cd72432 Filesystem access.
repo/packages/cli/src/modules/agents/integrations/recording/channel-integration-recorder.ts:385
					const contents = await readFile(join(this.recordingDir, file), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #68eb78c0cb049ee4 Filesystem access.
repo/packages/cli/src/modules/agents/integrations/recording/channel-integration-recorder.ts:398
		const contents = await readFile(filePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #40991715ea207294 Filesystem access.
repo/packages/cli/src/modules/agents/runtime/agent-secure-runtime.ts:4
import { readFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #396e7a304270161f Filesystem access.
repo/packages/cli/src/modules/agents/runtime/agent-secure-runtime.ts:139
			this.libraryBundle = readFileSync(LIBRARY_BUNDLE_PATH, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #95e2938b5af2afb9 Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v2/__tests__/dotenv-upgrade.rule.test.ts:33
			delete process.env.DOTENV_CONFIG_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #792552436536e93e Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v2/__tests__/oauth-callback-auth.rule.test.ts:18
			delete process.env.N8N_SKIP_AUTH_ON_OAUTH_CALLBACK;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b5580109672744b4 Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v2/__tests__/oauth-callback-auth.rule.test.ts:30
				process.env.N8N_SKIP_AUTH_ON_OAUTH_CALLBACK = value;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ce1b4d8e807b232e Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v2/__tests__/process-env-access.rule.test.ts:49
			const originalValue = process.env.N8N_BLOCK_ENV_ACCESS_IN_NODE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7bc5bad13670457e Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v2/__tests__/process-env-access.rule.test.ts:51
				process.env.N8N_BLOCK_ENV_ACCESS_IN_NODE = 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6fd1bb1dbc6f4fed Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v2/__tests__/process-env-access.rule.test.ts:67
					delete process.env.N8N_BLOCK_ENV_ACCESS_IN_NODE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #24405d84f3cb9a42 Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v2/__tests__/process-env-access.rule.test.ts:69
					process.env.N8N_BLOCK_ENV_ACCESS_IN_NODE = originalValue;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0502ecd461704a3d Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v2/__tests__/queue-worker-max-stalled-count.rule.test.ts:12
			delete process.env.QUEUE_WORKER_MAX_STALLED_COUNT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2fd99c062aade597 Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v2/__tests__/queue-worker-max-stalled-count.rule.test.ts:21
			process.env.QUEUE_WORKER_MAX_STALLED_COUNT = '10';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5351a0972249671a Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v2/__tests__/settings-file-permissions.rule.test.ts:15
		originalEnvValue = process.env.N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2091354ea05de8c7 Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v2/__tests__/settings-file-permissions.rule.test.ts:17
		delete process.env.N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #02de475a99e5935e Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v2/__tests__/settings-file-permissions.rule.test.ts:22
			delete process.env.N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #90136237b0f29fcf Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v2/__tests__/settings-file-permissions.rule.test.ts:24
			process.env.N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS = originalEnvValue;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bb56cffb349aa622 Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v2/__tests__/settings-file-permissions.rule.test.ts:43
			process.env.N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS = 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #65eef12fa5554336 Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v2/__tests__/settings-file-permissions.rule.test.ts:53
			process.env.N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c822feb5a73cbce0 Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v2/disabled-nodes.rule.ts:56
		if (process.env.NODES_EXCLUDE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #825c1503c6f6d006 Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v2/oauth-callback-auth.rule.ts:30
		if (process.env.N8N_SKIP_AUTH_ON_OAUTH_CALLBACK) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #97f93bedda5842c8 Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v2/process-env-access.rule.ts:34
		if (process.env.N8N_BLOCK_ENV_ACCESS_IN_NODE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #60368aa837db8271 Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v2/queue-worker-max-stalled-count.rule.ts:36
		if (!process.env.QUEUE_WORKER_MAX_STALLED_COUNT) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4fd40738023759f7 Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v2/settings-file-permissions.rule.ts:42
		if (process.env.N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #50a38fc132ce5dfe Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v3/__tests__/compression-node-limits.rule.test.ts:9
		delete process.env.N8N_COMPRESSION_NODE_MAX_DECOMPRESSED_SIZE_BYTES;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0de7af9e62f46994 Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v3/__tests__/compression-node-limits.rule.test.ts:10
		delete process.env.N8N_COMPRESSION_NODE_MAX_ZIP_ENTRIES;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5deeac92f9470a27 Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v3/__tests__/compression-node-limits.rule.test.ts:28
			process.env.N8N_COMPRESSION_NODE_MAX_DECOMPRESSED_SIZE_BYTES = '2147483648';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #601a94597e0cef6c Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v3/__tests__/compression-node-limits.rule.test.ts:38
			process.env.N8N_COMPRESSION_NODE_MAX_ZIP_ENTRIES = '5000';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e79037a70766d86c Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v3/__tests__/compression-node-limits.rule.test.ts:48
			process.env.N8N_COMPRESSION_NODE_MAX_DECOMPRESSED_SIZE_BYTES = '2147483648';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2ee7a5b1648abe3b Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v3/__tests__/compression-node-limits.rule.test.ts:49
			process.env.N8N_COMPRESSION_NODE_MAX_ZIP_ENTRIES = '5000';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dbc5b3325809ec93 Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v3/__tests__/offload-manual-executions.rule.test.ts:13
		delete process.env.OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #aaa93f1701430776 Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v3/__tests__/offload-manual-executions.rule.test.ts:33
			process.env.OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a0f12c43f72b8bb2 Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v3/__tests__/offload-manual-executions.rule.test.ts:53
			process.env.OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS = 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ccee4f64e81b20fe Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v3/__tests__/task-runner-task-timeout.rule.test.ts:9
		delete process.env.N8N_RUNNERS_TASK_TIMEOUT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #36449fc54f7e0e80 Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v3/__tests__/task-runner-task-timeout.rule.test.ts:28
			process.env.N8N_RUNNERS_TASK_TIMEOUT = '300';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a4677d0805ff5084 Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v3/__tests__/unverified-packages.rule.test.ts:13
		delete process.env.N8N_UNVERIFIED_PACKAGES_ENABLED;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #246faf660331bc6a Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v3/__tests__/unverified-packages.rule.test.ts:33
			process.env.N8N_UNVERIFIED_PACKAGES_ENABLED = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #da4ba6f5d9802373 Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v3/__tests__/unverified-packages.rule.test.ts:41
			process.env.N8N_UNVERIFIED_PACKAGES_ENABLED = 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4ceb9449d456b3ca Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v3/compression-node-limits.rule.ts:28
		if (process.env.N8N_COMPRESSION_NODE_MAX_DECOMPRESSED_SIZE_BYTES === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b3653b60229814e2 Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v3/compression-node-limits.rule.ts:37
		if (process.env.N8N_COMPRESSION_NODE_MAX_ZIP_ENTRIES === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d7507f2a196343a3 Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v3/offload-manual-executions.rule.ts:31
			process.env.OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS !== 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ab42400e3f300aff Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v3/task-runner-task-timeout.rule.ts:26
		if (process.env.N8N_RUNNERS_TASK_TIMEOUT !== undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #078d2c9587d46a9d Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v3/unverified-packages.rule.ts:31
			process.env.N8N_UNVERIFIED_PACKAGES_ENABLED === undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bda3fd8945bf8035 Filesystem access.
repo/packages/cli/src/modules/chat-hub/chat-hub-agent.service.ts:12
import { readFile, unlink } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f3d0a02da30b7822 Filesystem access.
repo/packages/cli/src/modules/chat-hub/chat-hub-agent.service.ts:449
			const buffer = file.buffer ?? (await readFile(file.path));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7fdd018ecd9909e1 Environment-variable access.
repo/packages/cli/src/modules/chat-hub/chat-hub-workflow.service.ts:101
		if (process.env.N8N_SKIP_CHAT_WORKFLOW_CLEANUP !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e8b48c86ab63a4bf Environment-variable access.
repo/packages/cli/src/modules/community-packages/__tests__/community-node-types.service.test.ts:29
		delete process.env.ENVIRONMENT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #02cf1f3c01c943e9 Environment-variable access.
repo/packages/cli/src/modules/community-packages/__tests__/community-node-types.service.test.ts:52
			process.env.ENVIRONMENT = 'staging';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b1df58dda4bec698 Environment-variable access.
repo/packages/cli/src/modules/community-packages/__tests__/community-node-types.service.test.ts:64
			process.env.ENVIRONMENT = 'production';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #af329e143e5b1212 Environment-variable access.
repo/packages/cli/src/modules/community-packages/__tests__/community-node-types.service.test.ts:70
			process.env.ENVIRONMENT = 'staging';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4efddcd9af18e3b8 Environment-variable access.
repo/packages/cli/src/modules/community-packages/__tests__/community-packages.config.test.ts:22
		process.env.N8N_DISABLED_MODULES = 'community-packages';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6f432f945ccf0d5a Environment-variable access.
repo/packages/cli/src/modules/community-packages/__tests__/community-packages.config.test.ts:28
		process.env.N8N_DISABLED_MODULES = 'insights,community-packages,mcp';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cbfb7cdc287a026e Environment-variable access.
repo/packages/cli/src/modules/community-packages/__tests__/community-packages.config.test.ts:34
		process.env.N8N_DISABLED_MODULES = 'insights,mcp';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6cc2ca189cdcd5c7 Environment-variable access.
repo/packages/cli/src/modules/community-packages/__tests__/community-packages.config.test.ts:40
		process.env.N8N_COMMUNITY_PACKAGES_ENABLED = 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0debda1e1a5d5e47 Environment-variable access.
repo/packages/cli/src/modules/community-packages/__tests__/community-packages.service.test.ts:1100
			const originalEnv = process.env.ENVIRONMENT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #db414f597c0ffb7b Environment-variable access.
repo/packages/cli/src/modules/community-packages/__tests__/community-packages.service.test.ts:1108
			process.env.ENVIRONMENT = 'staging';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #be13922409519cd8 Environment-variable access.
repo/packages/cli/src/modules/community-packages/__tests__/community-packages.service.test.ts:1124
					delete process.env.ENVIRONMENT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5f8eb79d940b68cd Environment-variable access.
repo/packages/cli/src/modules/community-packages/__tests__/community-packages.service.test.ts:1126
					process.env.ENVIRONMENT = originalEnv;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5d1a70e6b147af9a Environment-variable access.
repo/packages/cli/src/modules/community-packages/community-node-types.service.ts:128
		const environment = process.env.ENVIRONMENT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0b1b9ae174d306e7 Filesystem access.
repo/packages/cli/src/modules/community-packages/community-packages.service.ts:269
			await writeFile(this.packageJsonPath, JSON.stringify(packageJson, null, 2), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b5f9f7ba9144a57f Environment-variable access.
repo/packages/cli/src/modules/community-packages/community-packages.service.ts:298
			const environment = process.env.ENVIRONMENT === 'staging' ? 'staging' : 'production';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6345f72f94fcd6d4 Filesystem access.
repo/packages/cli/src/modules/community-packages/community-packages.service.ts:649
			const packageJsonContent = await readFile(packageJsonPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #842bf9832e527295 Filesystem access.
repo/packages/cli/src/modules/community-packages/community-packages.service.ts:662
			await writeFile(packageJsonPath, JSON.stringify(packageJson, null, 2), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2006f3af7c044c31 Filesystem access.
repo/packages/cli/src/modules/community-packages/community-packages.service.ts:704
		const existingContent = await readFile(this.packageJsonPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bc6af2f6b2dcd3fa Filesystem access.
repo/packages/cli/src/modules/community-packages/community-packages.service.ts:707
		await writeFile(this.packageJsonPath, JSON.stringify(packageJson, null, 2), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #242aa4303d5e660a Filesystem access.
repo/packages/cli/src/modules/data-table/__tests__/csv-parser.service.test.ts:3
import { mkdtempSync, writeFileSync, rmSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a4fe7f1f99e2f341 Filesystem access.
repo/packages/cli/src/modules/data-table/__tests__/csv-parser.service.test.ts:31
		writeFileSync(join(tempDir, filename), content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #98a68944d9d07720 Filesystem access.
repo/packages/cli/src/modules/data-table/__tests__/data-table-file-cleanup.service.test.ts:2
import { promises as fs } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6de6051007451b7a Filesystem access.
repo/packages/cli/src/modules/data-table/__tests__/multer-upload-middleware.test.ts:5
import * as fsPromises from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9eaec70d3f0bff78 Filesystem access.
repo/packages/cli/src/modules/data-table/csv-parser.service.ts:5
import { createReadStream } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0d678b83032a61c0 Filesystem access.
repo/packages/cli/src/modules/data-table/data-table-file-cleanup.service.ts:4
import { promises as fs } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c58fda37bf52bd72 Filesystem access.
repo/packages/cli/src/modules/data-table/multer-upload-middleware.ts:6
import { mkdir, readdir, stat, unlink } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b6c46e02c3c5c1c0 Environment-variable access.
repo/packages/cli/src/modules/dynamic-credentials.ee/__tests__/dynamic-credentials-cors.integration.test.ts:18
process.env.N8N_ENV_FEAT_DYNAMIC_CREDENTIALS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a5a950e7739bac1b Environment-variable access.
repo/packages/cli/src/modules/dynamic-credentials.ee/__tests__/dynamic-credentials-rate-limit.integration.test.ts:27
process.env.N8N_ENV_FEAT_DYNAMIC_CREDENTIALS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b5cfe4eefc14fff0 Environment-variable access.
repo/packages/cli/src/modules/dynamic-credentials.ee/dynamic-credentials.module.ts:13
	return process.env.N8N_ENV_FEAT_DYNAMIC_CREDENTIALS === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #689adbcd9906f7d8 Environment-variable access.
repo/packages/cli/src/modules/encryption-key-manager/encryption-key-manager.module.ts:7
	return process.env.N8N_ENV_FEAT_ENCRYPTION_KEY_ROTATION === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #36459388411c61d5 Environment-variable access.
repo/packages/cli/src/modules/instance-ai/__tests__/instance-ai-test.controller.test.ts:75
			delete process.env.E2E_TESTS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ce84b5eaad7071a7 Environment-variable access.
repo/packages/cli/src/modules/instance-ai/__tests__/instance-ai-test.controller.test.ts:82
			process.env.NODE_ENV = 'production';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fbbb5b6f75540116 Environment-variable access.
repo/packages/cli/src/modules/instance-ai/__tests__/instance-ai-test.controller.test.ts:103
			delete process.env.E2E_TESTS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6da27f15c3ebe8b9 Environment-variable access.
repo/packages/cli/src/modules/instance-ai/__tests__/instance-ai-test.controller.test.ts:131
			delete process.env.E2E_TESTS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #beae1f4f7fa61178 Environment-variable access.
repo/packages/cli/src/modules/instance-ai/__tests__/instance-ai-test.controller.test.ts:149
			delete process.env.E2E_TESTS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fd7a052588eb4f39 Environment-variable access.
repo/packages/cli/src/modules/instance-ai/__tests__/instance-ai-test.controller.test.ts:223
			delete process.env.E2E_TESTS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a4b614836f219e8c Environment-variable access.
repo/packages/cli/src/modules/instance-ai/__tests__/instance-ai.adapter.service.test.ts:3150
		const original = process.env.OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ffa6963b6578a438 Environment-variable access.
repo/packages/cli/src/modules/instance-ai/__tests__/instance-ai.adapter.service.test.ts:3151
		process.env.OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9a905a93cc91207f Environment-variable access.
repo/packages/cli/src/modules/instance-ai/__tests__/instance-ai.adapter.service.test.ts:3181
			if (original === undefined) delete process.env.OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d9c331f3cab49e86 Environment-variable access.
repo/packages/cli/src/modules/instance-ai/__tests__/instance-ai.adapter.service.test.ts:3182
			else process.env.OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS = original;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9566c30719f3d48b Filesystem access.
repo/packages/cli/src/modules/instance-ai/__tests__/node-definition-resolver.test.ts:14
		writeFileSync(join(setDir, 'mode_manual.ts'), '// manual mode def');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0ebe8f576e9b7551 Filesystem access.
repo/packages/cli/src/modules/instance-ai/__tests__/node-definition-resolver.test.ts:15
		writeFileSync(join(setDir, 'mode_raw.ts'), '// raw mode def');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a6951121272586aa Filesystem access.
repo/packages/cli/src/modules/instance-ai/__tests__/node-definition-resolver.test.ts:54
		writeFileSync(join(msgDir, 'operation_post.ts'), '// slack post def');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9e7cb950717b3a94 Filesystem access.
repo/packages/cli/src/modules/instance-ai/__tests__/node-definition-resolver.test.ts:55
		writeFileSync(join(msgDir, 'operation_update.ts'), '// slack update def');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f6b8cbd2c6ed564d Environment-variable access.
repo/packages/cli/src/modules/instance-ai/__tests__/trace-replay-state.test.ts:291
			delete process.env.E2E_TESTS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6dd5f79b4d41ee83 Environment-variable access.
repo/packages/cli/src/modules/instance-ai/__tests__/trace-replay-state.test.ts:301
			process.env.E2E_TESTS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #455a18ed1117a303 Environment-variable access.
repo/packages/cli/src/modules/instance-ai/__tests__/trace-replay-state.test.ts:314
			process.env.E2E_TESTS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a683f3eadaec8c45 Environment-variable access.
repo/packages/cli/src/modules/instance-ai/__tests__/trace-replay-state.test.ts:326
			process.env.E2E_TESTS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #71fda7b0cdfaf938 Environment-variable access.
repo/packages/cli/src/modules/instance-ai/__tests__/trace-replay-state.test.ts:338
			process.env.E2E_TESTS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5a916eccfa3c7399 Environment-variable access.
repo/packages/cli/src/modules/instance-ai/__tests__/trace-replay-state.test.ts:350
			process.env.E2E_TESTS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4d5878015a118c2b Environment-variable access.
repo/packages/cli/src/modules/instance-ai/__tests__/trace-replay-state.test.ts:365
			process.env.E2E_TESTS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #35b4b5003b7ef72a Environment-variable access.
repo/packages/cli/src/modules/instance-ai/__tests__/trace-replay-state.test.ts:379
			process.env.E2E_TESTS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4b23aeb2d260c668 Environment-variable access.
repo/packages/cli/src/modules/instance-ai/__tests__/trace-replay-state.test.ts:397
			process.env.E2E_TESTS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #82982ddb0e193660 Environment-variable access.
repo/packages/cli/src/modules/instance-ai/eval/__tests__/api-docs.test.ts:44
	savedApiKey = process.env.CONTEXT7_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9bb6e7205df0b8dc Environment-variable access.
repo/packages/cli/src/modules/instance-ai/eval/__tests__/api-docs.test.ts:45
	delete process.env.CONTEXT7_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fd4e036af84ff523 Environment-variable access.
repo/packages/cli/src/modules/instance-ai/eval/__tests__/api-docs.test.ts:50
		process.env.CONTEXT7_API_KEY = savedApiKey;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #00d2816391a0ccb6 Environment-variable access.
repo/packages/cli/src/modules/instance-ai/eval/__tests__/api-docs.test.ts:52
		delete process.env.CONTEXT7_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #292de3ea688dd7fa Environment-variable access.
repo/packages/cli/src/modules/instance-ai/eval/__tests__/api-docs.test.ts:225
		process.env.CONTEXT7_API_KEY = 'test-api-key-123';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #93817c1bd1428a58 Environment-variable access.
repo/packages/cli/src/modules/instance-ai/eval/__tests__/api-docs.test.ts:241
		delete process.env.CONTEXT7_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b36e3811be839dde Environment-variable access.
repo/packages/cli/src/modules/instance-ai/eval/__tests__/eval-timings.test.ts:8
	const original = process.env.N8N_INSTANCE_AI_EVAL_TIMING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ba61d32db6a96b4f Environment-variable access.
repo/packages/cli/src/modules/instance-ai/eval/__tests__/eval-timings.test.ts:11
		if (original === undefined) delete process.env.N8N_INSTANCE_AI_EVAL_TIMING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ffa6d06800e5907c Environment-variable access.
repo/packages/cli/src/modules/instance-ai/eval/__tests__/eval-timings.test.ts:12
		else process.env.N8N_INSTANCE_AI_EVAL_TIMING = original;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #62500893d668e2d1 Environment-variable access.
repo/packages/cli/src/modules/instance-ai/eval/__tests__/eval-timings.test.ts:17
			delete process.env.N8N_INSTANCE_AI_EVAL_TIMING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8e42826a723a394f Environment-variable access.
repo/packages/cli/src/modules/instance-ai/eval/__tests__/eval-timings.test.ts:33
			process.env.N8N_INSTANCE_AI_EVAL_TIMING = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ae68047f10011593 Environment-variable access.
repo/packages/cli/src/modules/instance-ai/eval/api-docs.ts:28
		const apiKey = process.env.CONTEXT7_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7f99ac5dc277b837 Environment-variable access.
repo/packages/cli/src/modules/instance-ai/eval/api-docs.ts:76
		const apiKey = process.env.CONTEXT7_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9f27ba86ec50751a Environment-variable access.
repo/packages/cli/src/modules/instance-ai/eval/eval-timings.ts:23
	readonly enabled = process.env.N8N_INSTANCE_AI_EVAL_TIMING === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fd257821858b7091 Environment-variable access.
repo/packages/cli/src/modules/instance-ai/eval/eval-timings.ts:56
			process.env.N8N_INSTANCE_AI_EVAL_MODEL ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a34c5de74c358dff Environment-variable access.
repo/packages/cli/src/modules/instance-ai/eval/eval-timings.ts:57
			process.env.N8N_INSTANCE_AI_MODEL ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9d65ab676c23531b Filesystem access.
repo/packages/cli/src/modules/instance-ai/eval/pin-data-generator.ts:15
import { existsSync, readFileSync, readdirSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #019f50e631f9572c Filesystem access.
repo/packages/cli/src/modules/instance-ai/eval/pin-data-generator.ts:129
							const content = readFileSync(join(entryPath, nodeFile), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #127a3170acc08670 Filesystem access.
repo/packages/cli/src/modules/instance-ai/eval/pin-data-generator.ts:204
				return JSON.parse(readFileSync(schemaFile, 'utf-8')) as Record<string, unknown>;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #31b91185a3041b38 Environment-variable access.
repo/packages/cli/src/modules/instance-ai/instance-ai-model.service.ts:124
		const hasHttpProxy = Boolean(process.env.HTTPS_PROXY || process.env.HTTP_PROXY);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #83ddeb43be2efb86 Environment-variable access.
repo/packages/cli/src/modules/instance-ai/instance-ai-test.controller.ts:117
		if (process.env.E2E_TESTS !== 'true' || process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0160e28c23c3998e Filesystem access.
repo/packages/cli/src/modules/instance-ai/instance-ai.adapter.service.ts:207
		const promise = readFile(filePath, 'utf-8').then((json) =>

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dcac469b77bd072b Environment-variable access.
repo/packages/cli/src/modules/instance-ai/instance-ai.adapter.service.ts:1051
					process.env.OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #62f69e91adb4105d Environment-variable access.
repo/packages/cli/src/modules/instance-ai/instance-ai.module.ts:29
		if (process.env.E2E_TESTS === 'true' && process.env.NODE_ENV !== 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #230e1d26969ed04e Environment-variable access.
repo/packages/cli/src/modules/instance-ai/instance-ai.service.ts:3071
			if (!tracing && process.env.E2E_TESTS === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #00f2b37f00d7e53b Filesystem access.
repo/packages/cli/src/modules/instance-ai/node-definition-resolver.ts:375
${readFileSync(variant.filePath, 'utf-8')}`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8a80f49ac951c7b1 Filesystem access.
repo/packages/cli/src/modules/instance-ai/node-definition-resolver.ts:382
		const content = readFileSync(filePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e7201bfc9ed9b674 Environment-variable access.
repo/packages/cli/src/modules/instance-ai/trace-replay-state.ts:154
		if (process.env.E2E_TESTS !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6e74f235dc78d5e2 Environment-variable access.
repo/packages/cli/src/modules/mcp-registry/__tests__/mcp-registry-test.controller.test.ts:66
			delete process.env.E2E_TESTS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e041f9e2887d483a Environment-variable access.
repo/packages/cli/src/modules/mcp-registry/__tests__/mcp-registry-test.controller.test.ts:72
			process.env.NODE_ENV = 'production';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #29fcdb53f389ea92 Environment-variable access.
repo/packages/cli/src/modules/mcp-registry/mcp-registry-test.controller.ts:39
		if (process.env.E2E_TESTS !== 'true' || process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0bd4e26c135b1c90 Environment-variable access.
repo/packages/cli/src/modules/mcp-registry/mcp-registry.module.ts:16
		if (process.env.E2E_TESTS === 'true' && process.env.NODE_ENV !== 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bb084f9e4faaf419 Environment-variable access.
repo/packages/cli/src/modules/mcp-registry/registry/__tests__/mcp-registry-api.client.test.ts:19
	const originalEnv = process.env.ENVIRONMENT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #267ec3a9cd6c96a8 Environment-variable access.
repo/packages/cli/src/modules/mcp-registry/registry/__tests__/mcp-registry-api.client.test.ts:20
	const originalDevUrl = process.env.N8N_MCP_SERVERS_DEV_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4f08974f77cfee41 Environment-variable access.
repo/packages/cli/src/modules/mcp-registry/registry/__tests__/mcp-registry-api.client.test.ts:24
		delete process.env.ENVIRONMENT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #800702748192b092 Environment-variable access.
repo/packages/cli/src/modules/mcp-registry/registry/__tests__/mcp-registry-api.client.test.ts:25
		delete process.env.N8N_MCP_SERVERS_DEV_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #70b4fa95f3521702 Environment-variable access.
repo/packages/cli/src/modules/mcp-registry/registry/__tests__/mcp-registry-api.client.test.ts:31
			process.env.ENVIRONMENT = originalEnv;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7ee538ba4b5b2a81 Environment-variable access.
repo/packages/cli/src/modules/mcp-registry/registry/__tests__/mcp-registry-api.client.test.ts:33
			delete process.env.ENVIRONMENT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d01ef520945b8270 Environment-variable access.
repo/packages/cli/src/modules/mcp-registry/registry/__tests__/mcp-registry-api.client.test.ts:36
			process.env.N8N_MCP_SERVERS_DEV_URL = originalDevUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1ec5185a1a265a80 Environment-variable access.
repo/packages/cli/src/modules/mcp-registry/registry/__tests__/mcp-registry-api.client.test.ts:38
			delete process.env.N8N_MCP_SERVERS_DEV_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #83b54066b19d4399 Environment-variable access.
repo/packages/cli/src/modules/mcp-registry/registry/__tests__/mcp-registry-api.client.test.ts:56
			process.env.ENVIRONMENT = 'staging';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a6dfc5fe32aecfe5 Environment-variable access.
repo/packages/cli/src/modules/mcp-registry/registry/__tests__/mcp-registry-api.client.test.ts:69
			process.env.ENVIRONMENT = 'production';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cd3ee434b7084554 Environment-variable access.
repo/packages/cli/src/modules/mcp-registry/registry/__tests__/mcp-registry-api.client.test.ts:82
			process.env.ENVIRONMENT = 'dev';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3835c8dfdaff16f5 Environment-variable access.
repo/packages/cli/src/modules/mcp-registry/registry/__tests__/mcp-registry-api.client.test.ts:95
			process.env.ENVIRONMENT = 'dev';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #37931bf7ec501a2c Environment-variable access.
repo/packages/cli/src/modules/mcp-registry/registry/__tests__/mcp-registry-api.client.test.ts:96
			process.env.N8N_MCP_SERVERS_DEV_URL = 'http://localhost:9999/api/mcp-servers';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3f267173a2d93d70 Environment-variable access.
repo/packages/cli/src/modules/mcp-registry/registry/__tests__/mcp-registry-api.client.test.ts:109
			process.env.N8N_MCP_SERVERS_DEV_URL = 'http://localhost:9999/api/mcp-servers';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #49bf9df6ad44108e Environment-variable access.
repo/packages/cli/src/modules/mcp-registry/registry/mcp-registry-api.client.ts:68
		switch (process.env.ENVIRONMENT) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bc58ecee5ae94978 Environment-variable access.
repo/packages/cli/src/modules/mcp-registry/registry/mcp-registry-api.client.ts:70
				return process.env.N8N_MCP_SERVERS_DEV_URL || MCP_SERVERS_DEV_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #59cfc1fce07743ba Environment-variable access.
repo/packages/cli/src/modules/mcp/__tests__/mcp.config.test.ts:11
		delete process.env.N8N_MCP_SERVER_RATE_LIMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bfe9cb5f3bbd4198 Environment-variable access.
repo/packages/cli/src/modules/mcp/__tests__/mcp.config.test.ts:21
		process.env.N8N_MCP_SERVER_RATE_LIMIT = '500';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #07c8338cbe960ab2 Environment-variable access.
repo/packages/cli/src/modules/mcp/__tests__/mcp.config.test.ts:29
		process.env.N8N_MCP_SERVER_RATE_LIMIT = '0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #945b06cbd3fdae28 Environment-variable access.
repo/packages/cli/src/modules/mcp/__tests__/mcp.config.test.ts:39
			process.env.N8N_MCP_SERVER_RATE_LIMIT = value;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ad4d0dc3a0d6a2dc Environment-variable access.
repo/packages/cli/src/modules/mcp/__tests__/mcp.settings.controller.test.ts:453
			const originalEnv = process.env.NODE_ENV;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f5e404c09a8279bc Environment-variable access.
repo/packages/cli/src/modules/mcp/__tests__/mcp.settings.controller.test.ts:454
			process.env.NODE_ENV = 'production';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a4368f24ebcde6ad Environment-variable access.
repo/packages/cli/src/modules/mcp/__tests__/mcp.settings.controller.test.ts:461
				process.env.NODE_ENV = originalEnv;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #65ecc18bcac4c365 Environment-variable access.
repo/packages/cli/src/modules/mcp/__tests__/mcp.settings.controller.test.ts:466
			const originalEnv = process.env.NODE_ENV;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5cea0804a3578725 Environment-variable access.
repo/packages/cli/src/modules/mcp/__tests__/mcp.settings.controller.test.ts:467
			process.env.NODE_ENV = 'production';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #397f976125f6a00c Environment-variable access.
repo/packages/cli/src/modules/mcp/__tests__/mcp.settings.controller.test.ts:479
				process.env.NODE_ENV = originalEnv;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2cb1c1abf40b84b7 Environment-variable access.
repo/packages/cli/src/modules/mcp/__tests__/mcp.settings.controller.test.ts:484
			const originalEnv = process.env.NODE_ENV;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2249381578009609 Environment-variable access.
repo/packages/cli/src/modules/mcp/__tests__/mcp.settings.controller.test.ts:485
			process.env.NODE_ENV = 'production';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #45ea4c1d52f0da05 Environment-variable access.
repo/packages/cli/src/modules/mcp/__tests__/mcp.settings.controller.test.ts:494
				process.env.NODE_ENV = originalEnv;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #01234d335538d8ef Environment-variable access.
repo/packages/cli/src/modules/mcp/dto/update-allowed-redirect-uris.dto.ts:22
		const requiresHttps = process.env.NODE_ENV !== 'development' && !isLocalhost(hostname);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d32e516de8a485f4 Filesystem access.
repo/packages/cli/src/modules/n8n-packages/__tests__/fixtures/package-fixtures.ts:143
	writer.writeFile('manifest.json', JSON.stringify(manifest));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6d6c3ec3e1fc3fd8 Filesystem access.
repo/packages/cli/src/modules/n8n-packages/__tests__/fixtures/package-fixtures.ts:146
		writer.writeFile(`workflows/wf-${idx}/workflow.json`, JSON.stringify(wf));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6bb5d5c3f3cc7f5a Filesystem access.
repo/packages/cli/src/modules/n8n-packages/__tests__/import-pipeline.integration.test.ts:1008
		writer.writeFile(
			'manifest.json',
			JSON.stringify({
				packageFormatVersion: '99',
				exportedAt: new Date().toISOString(),
				sourceN8nVersion: '1.0.0',
				sourceId: 'bad-manifest',
			}),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9e625c6449246b7c Filesystem access.
repo/packages/cli/src/modules/n8n-packages/__tests__/import-pipeline.integration.test.ts:1073
		writer.writeFile(
			'manifest.json',
			JSON.stringify({
				packageFormatVersion: '99',
				exportedAt: new Date().toISOString(),
				sourceN8nVersion: '1.0.0',
				sourceId: 'integration-test-source',
				workflows: [{ id: 'wf-x', name: 'X', target: 'workflows/wf-x' }],
			}),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #71a7b0fb26cb21ca Filesystem access.
repo/packages/cli/src/modules/n8n-packages/__tests__/import-pipeline.integration.test.ts:1084
		writer.writeFile(
			'workflows/wf-x/workflow.json',
			JSON.stringify(serializedWorkflow({ id: 'wf-x', name: 'X' })),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d687110f96d74d27 Filesystem access.
repo/packages/cli/src/modules/n8n-packages/__tests__/import-pipeline.integration.test.ts:1100
		writer.writeFile(
			'manifest.json',
			JSON.stringify({
				packageFormatVersion: FORMAT_VERSION,
				exportedAt: new Date().toISOString(),
				sourceN8nVersion: '1.0.0',
				sourceId: 'integration-test-source',
				workflows: [{ id: 'wf-missing', name: 'Missing', target: 'workflows/nowhere-to-be-found' }],
			}),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #21a72330d96efd4f Filesystem access.
repo/packages/cli/src/modules/n8n-packages/engine/n8n-package-parser.ts:55
			content = await reader.readFile(path);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a539bd0937dd8395 Filesystem access.
repo/packages/cli/src/modules/n8n-packages/entities/credential/credential.exporter.ts:74
				request.writer.writeFile(
					`${target}/credential.json`,
					JSON.stringify(this.credentialSerializer.serialize(credential), null, '\t'),
				);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ca4333c159a50de3 Filesystem access.
repo/packages/cli/src/modules/n8n-packages/entities/folder/folder.exporter.ts:168
		writer.writeFile(`${target}/folder.json`, JSON.stringify(serialized, null, '\t'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1f8f1efdace78d2e Filesystem access.
repo/packages/cli/src/modules/n8n-packages/entities/project/project.exporter.ts:91
		writer.writeFile(`${target}/project.json`, JSON.stringify(serialized, null, '\t'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b8d8159798b13647 Filesystem access.
repo/packages/cli/src/modules/n8n-packages/entities/workflow/workflow.exporter.ts:64
			request.writer.writeFile(`${target}/workflow.json`, JSON.stringify(serialized, null, '\t'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0590322ff59c884b Filesystem access.
repo/packages/cli/src/modules/n8n-packages/io/__tests__/tar-package-reader.test.ts:38
				writer.writeFile('manifest.json', JSON.stringify(manifest));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e0a23e6a750bc3c0 Filesystem access.
repo/packages/cli/src/modules/n8n-packages/io/__tests__/tar-package-reader.test.ts:40
				writer.writeFile('workflows/my-workflow-abc/workflow.json', workflowJson);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c3c554578e726c80 Filesystem access.
repo/packages/cli/src/modules/n8n-packages/io/__tests__/tar-package-reader.test.ts:46
			await expect(reader.readFile('workflows/my-workflow-abc/workflow.json')).resolves.toEqual(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f298247a52415ddf Filesystem access.
repo/packages/cli/src/modules/n8n-packages/io/__tests__/tar-package-reader.test.ts:53
				writer.writeFile('manifest.json', '{"packageFormatVersion":"1"}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f7dbb3e3a32e3ac8 Filesystem access.
repo/packages/cli/src/modules/n8n-packages/io/__tests__/tar-package-reader.test.ts:55
				writer.writeFile('workflows/a/workflow.json', '{}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f2e2987748711ba3 Filesystem access.
repo/packages/cli/src/modules/n8n-packages/io/__tests__/tar-package-reader.test.ts:57
				writer.writeFile('workflows/b/workflow.json', '{}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5a153ea40ce719ac Filesystem access.
repo/packages/cli/src/modules/n8n-packages/io/__tests__/tar-package-reader.test.ts:83
				writer.writeFile('manifest.json', '{not-json');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a192a697794750d4 Filesystem access.
repo/packages/cli/src/modules/n8n-packages/io/__tests__/tar-package-reader.test.ts:208
				writer.writeFile('manifest.json', '{"packageFormatVersion":"1"}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ec4a7cbfb5044c4e Filesystem access.
repo/packages/cli/src/modules/n8n-packages/io/__tests__/tar-package-reader.test.ts:209
				writer.writeFile('oversized.bin', 'x'.repeat(500));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e225115880b18259 Filesystem access.
repo/packages/cli/src/modules/n8n-packages/io/__tests__/tar-package-reader.test.ts:224
				writer.writeFile('manifest.json', '{"packageFormatVersion":"1"}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bb4d107e8db10161 Filesystem access.
repo/packages/cli/src/modules/n8n-packages/io/__tests__/tar-package-reader.test.ts:225
				writer.writeFile('oversized.bin', 'x'.repeat(500));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1d9b3f94e810fbf4 Filesystem access.
repo/packages/cli/src/modules/n8n-packages/io/__tests__/tar-package-reader.test.ts:239
				writer.writeFile('manifest.json', '{"packageFormatVersion":"1"}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d057340bf2fa65a4 Filesystem access.
repo/packages/cli/src/modules/n8n-packages/io/__tests__/tar-package-reader.test.ts:241
					writer.writeFile(`workflows/wf-${i}/workflow.json`, '{}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4c6738e44e743c09 Filesystem access.
repo/packages/cli/src/modules/n8n-packages/io/__tests__/tar-package-writer.test.ts:49
		writer.writeFile('workflows/wf-abc/workflow.json', '{"id":"abc"}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #aa0b45995b255a5d Filesystem access.
repo/packages/cli/src/modules/n8n-packages/io/__tests__/tar-package-writer.test.ts:50
		writer.writeFile('manifest.json', '{"packageFormatVersion":"1"}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #89ce6a0921c4a596 Filesystem access.
repo/packages/cli/src/modules/n8n-packages/io/__tests__/tar-package-writer.test.ts:62
			writer.writeFile('manifest.json', '{}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #35f08f2fdeca2301 Filesystem access.
repo/packages/cli/src/modules/n8n-packages/io/__tests__/tar-package-writer.test.ts:64
			writer.writeFile('workflows/x/workflow.json', '{"id":"x"}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a1b70e5c3c212591 Filesystem access.
repo/packages/cli/src/modules/n8n-packages/io/__tests__/tar-package-writer.test.ts:83
		writer.writeFile('manifest.json', '{}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b03a0f1e3f74aef4 Filesystem access.
repo/packages/cli/src/modules/n8n-packages/io/__tests__/tar-package-writer.test.ts:84
		writer.writeFile('./workflows/wf/workflow.json', '{}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee53d8acb6f61f8d Filesystem access.
repo/packages/cli/src/modules/n8n-packages/n8n-packages.service.ts:114
		writer.writeFile('manifest.json', JSON.stringify(manifest, null, '\t'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #64d5d81d3ca8403c Environment-variable access.
repo/packages/cli/src/modules/oauth-jwe/oauth-jwe.module.ts:9
	return process.env.N8N_ENV_FEAT_OAUTH2_JWE === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d0dfd12d404eefba Environment-variable access.
repo/packages/cli/src/modules/oauth-server/__tests__/oauth-server.config.test.ts:11
		delete process.env.N8N_OAUTH_SERVER_REGISTER_RATE_LIMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #41b4b19a789fbefe Environment-variable access.
repo/packages/cli/src/modules/oauth-server/__tests__/oauth-server.config.test.ts:12
		delete process.env.N8N_OAUTH_SERVER_AUTHORIZE_RATE_LIMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #35f6f6bfdf273ca7 Environment-variable access.
repo/packages/cli/src/modules/oauth-server/__tests__/oauth-server.config.test.ts:13
		delete process.env.N8N_OAUTH_SERVER_TOKEN_RATE_LIMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cbf36b7382c61540 Environment-variable access.
repo/packages/cli/src/modules/oauth-server/__tests__/oauth-server.config.test.ts:14
		delete process.env.N8N_OAUTH_SERVER_REVOKE_RATE_LIMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a7bde5f6d7f73f32 Environment-variable access.
repo/packages/cli/src/modules/oauth-server/__tests__/oauth-server.config.test.ts:15
		delete process.env.N8N_OAUTH_SERVER_WELL_KNOWN_RATE_LIMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #17db1cfd596d629a Environment-variable access.
repo/packages/cli/src/modules/oauth-server/__tests__/oauth-server.config.test.ts:29
		process.env.N8N_OAUTH_SERVER_REGISTER_RATE_LIMIT = '100';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5418cac0d57ffd1c Environment-variable access.
repo/packages/cli/src/modules/oauth-server/__tests__/oauth-server.config.test.ts:30
		process.env.N8N_OAUTH_SERVER_AUTHORIZE_RATE_LIMIT = '200';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7d7e6dcbac0a00a9 Environment-variable access.
repo/packages/cli/src/modules/oauth-server/__tests__/oauth-server.config.test.ts:31
		process.env.N8N_OAUTH_SERVER_TOKEN_RATE_LIMIT = '300';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #30f75d19e03e7bb3 Environment-variable access.
repo/packages/cli/src/modules/oauth-server/__tests__/oauth-server.config.test.ts:32
		process.env.N8N_OAUTH_SERVER_REVOKE_RATE_LIMIT = '400';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f9e8f3631486140d Environment-variable access.
repo/packages/cli/src/modules/oauth-server/__tests__/oauth-server.config.test.ts:33
		process.env.N8N_OAUTH_SERVER_WELL_KNOWN_RATE_LIMIT = '500';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5d2ce75dceaedb6c Environment-variable access.
repo/packages/cli/src/modules/oauth-server/__tests__/oauth-server.config.test.ts:45
		process.env.N8N_OAUTH_SERVER_TOKEN_RATE_LIMIT = '0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1c5341d6c148e3b1 Environment-variable access.
repo/packages/cli/src/modules/oauth-server/__tests__/oauth-server.config.test.ts:55
			process.env.N8N_OAUTH_SERVER_TOKEN_RATE_LIMIT = value;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only #6be0ceb2fbe087b8 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/modules/oauth-server/__tests__/oauth-server.service.test.ts:233
				resource: new URL('https://n8n.example.com/mcp-server/http'),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only #24b6da23da06e23c Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/modules/oauth-server/__tests__/oauth-server.service.test.ts:470
				resource: new URL('https://attacker.example.com/mcp-server/http'),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only #dd497fe5628559ed Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/modules/oauth-server/__tests__/oauth-server.service.test.ts:505
				resource: new URL('https://n8n.example.com/mcp-server/http/'),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only #4a709ea15ca8254d Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/modules/oauth-server/__tests__/oauth-server.service.test.ts:759
				new URL('https://n8n.example.com/mcp-server/http'),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only #338772e8a460a880 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/modules/oauth-server/__tests__/oauth-server.service.test.ts:817
					new URL('https://attacker.example.com/mcp-server/http'),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only #8bb5a0b5c0a53c06 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/modules/oauth-server/__tests__/oauth-server.service.test.ts:847
				new URL('https://n8n.example.com/mcp-server/http/'),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #188a553e253352a3 Environment-variable access.
repo/packages/cli/src/modules/oauth-server/oauth-session.service.ts:36
			secure: process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8ab83ba6d08515cf Environment-variable access.
repo/packages/cli/src/modules/otel/__tests__/otel-settings.service.test.ts:21
			if (key.startsWith('N8N_OTEL_')) delete process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fb602365b5b6fb1e Environment-variable access.
repo/packages/cli/src/modules/otel/__tests__/otel-settings.service.test.ts:81
			process.env.N8N_OTEL_EXPORTER_OTLP_ENDPOINT = 'https://from-env';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a5ee22495ff67939 Environment-variable access.
repo/packages/cli/src/modules/otel/__tests__/otel-settings.service.test.ts:100
			process.env.N8N_OTEL_ENABLED = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e1f11606beb4b561 Environment-variable access.
repo/packages/cli/src/modules/otel/__tests__/otel-settings.service.test.ts:101
			process.env.N8N_OTEL_EXPORTER_OTLP_ENDPOINT = 'https://from-env';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3b0e98f95ddb7456 Environment-variable access.
repo/packages/cli/src/modules/otel/__tests__/otel-settings.service.test.ts:172
			process.env.N8N_OTEL_EXPORTER_OTLP_ENDPOINT = 'https://from-env';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c90954dbee19c7db Environment-variable access.
repo/packages/cli/src/modules/otel/__tests__/otel-settings.service.test.ts:203
			process.env.N8N_OTEL_EXPORTER_OTLP_ENDPOINT = 'https://from-env';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #255b275abd386a0a Filesystem access.
repo/packages/cli/src/modules/otel/__tests__/support/otel-integration-utils.ts:7
import { readFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b6723de616164ea5 Filesystem access.
repo/packages/cli/src/modules/otel/__tests__/support/otel-integration-utils.ts:27
		readFileSync(path.join(BASE_DIR, 'nodes-base/dist/known/nodes.json'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e00368b838b413b1 Environment-variable access.
repo/packages/cli/src/modules/otel/__tests__/support/otel-integration-utils.ts:86
		saved[key] = process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7767a00d2fb68957 Environment-variable access.
repo/packages/cli/src/modules/otel/__tests__/support/otel-integration-utils.ts:87
		process.env[key] = value;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f749f9684f7eb18c Environment-variable access.
repo/packages/cli/src/modules/otel/__tests__/support/otel-integration-utils.ts:95
			delete process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c96269ae7cd1697c Environment-variable access.
repo/packages/cli/src/modules/otel/__tests__/support/otel-integration-utils.ts:97
			process.env[key] = value;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #329c08f7b82db1b8 Environment-variable access.
repo/packages/cli/src/modules/otel/otel-settings.service.ts:95
		return process.env[OTEL_ENV_VARS[key]] !== undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #511cd50fdfb11401 Environment-variable access.
repo/packages/cli/src/modules/quick-connect/__tests__/quick-connect.config.test.ts:11
		delete process.env.N8N_QUICK_CONNECT_OPTIONS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a0e4ded3661238e8 Environment-variable access.
repo/packages/cli/src/modules/quick-connect/__tests__/quick-connect.config.test.ts:29
		process.env.N8N_QUICK_CONNECT_OPTIONS = JSON.stringify(testConfig);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #31f6ef49a7ee4ddc Environment-variable access.
repo/packages/cli/src/modules/quick-connect/__tests__/quick-connect.config.test.ts:49
		process.env.N8N_QUICK_CONNECT_OPTIONS = JSON.stringify(testConfig);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9f76fc0991ba9871 Environment-variable access.
repo/packages/cli/src/modules/quick-connect/__tests__/quick-connect.config.test.ts:72
		process.env.N8N_QUICK_CONNECT_OPTIONS = JSON.stringify(testConfig);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ae7ae8e31e37da8c Environment-variable access.
repo/packages/cli/src/modules/quick-connect/__tests__/quick-connect.config.test.ts:93
		process.env.N8N_QUICK_CONNECT_OPTIONS = JSON.stringify(testConfig);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c8c8848cd3ce5b3a Environment-variable access.
repo/packages/cli/src/modules/quick-connect/__tests__/quick-connect.config.test.ts:101
		process.env.N8N_QUICK_CONNECT_OPTIONS = '[]';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b4c5030f8f1eeb32 Environment-variable access.
repo/packages/cli/src/modules/quick-connect/__tests__/quick-connect.config.test.ts:127
		process.env.N8N_QUICK_CONNECT_OPTIONS = JSON.stringify(testConfig);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2f5650d259181ee3 Environment-variable access.
repo/packages/cli/src/modules/quick-connect/__tests__/quick-connect.config.test.ts:249
		process.env.N8N_QUICK_CONNECT_OPTIONS = config;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bc8c85dcc63c6092 Environment-variable access.
repo/packages/cli/src/modules/quick-connect/__tests__/quick-connect.module.test.ts:15
		delete process.env.N8N_QUICK_CONNECT_OPTIONS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #00ad4391aaaaf56d Environment-variable access.
repo/packages/cli/src/modules/quick-connect/__tests__/quick-connect.module.test.ts:32
			process.env.N8N_QUICK_CONNECT_OPTIONS = JSON.stringify(testConfig);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #70f722ef95f68b7f Environment-variable access.
repo/packages/cli/src/modules/quick-connect/__tests__/quick-connect.module.test.ts:55
			process.env.N8N_QUICK_CONNECT_OPTIONS = JSON.stringify(testConfig);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #76f450c0ae392637 Environment-variable access.
repo/packages/cli/src/modules/quick-connect/__tests__/quick-connect.module.test.ts:83
			process.env.N8N_QUICK_CONNECT_OPTIONS = JSON.stringify(testConfig);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #24af0ce829ef0b07 Environment-variable access.
repo/packages/cli/src/modules/quick-connect/__tests__/quick-connect.module.test.ts:105
			process.env.N8N_QUICK_CONNECT_OPTIONS = JSON.stringify(testConfig);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2bf31382eb6c319f Environment-variable access.
repo/packages/cli/src/modules/quick-connect/__tests__/quick-connect.module.test.ts:140
			process.env.N8N_QUICK_CONNECT_OPTIONS = JSON.stringify(testConfig);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3f3bc73a1e5740cc Environment-variable access.
repo/packages/cli/src/modules/quick-connect/__tests__/quick-connect.service.test.ts:107
			process.env.N8N_QUICK_CONNECT_OPTIONS = JSON.stringify(testConfig);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #afaa9a08cc80cc85 Environment-variable access.
repo/packages/cli/src/modules/quick-connect/__tests__/quick-connect.service.test.ts:129
			process.env.N8N_QUICK_CONNECT_OPTIONS = JSON.stringify(testConfig);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e1d8cf73b84d7c76 Environment-variable access.
repo/packages/cli/src/modules/quick-connect/__tests__/quick-connect.service.test.ts:141
			process.env.N8N_QUICK_CONNECT_OPTIONS = '[]';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #31b3cafa3f8c5309 Environment-variable access.
repo/packages/cli/src/modules/quick-connect/__tests__/quick-connect.service.test.ts:165
			process.env.N8N_QUICK_CONNECT_OPTIONS = JSON.stringify(testConfig);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #19e280ca8089610e Environment-variable access.
repo/packages/cli/src/modules/quick-connect/__tests__/quick-connect.service.test.ts:177
		delete process.env.N8N_QUICK_CONNECT_OPTIONS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d95e022fb8deb0cd Environment-variable access.
repo/packages/cli/src/modules/runtime-credentials/__tests__/runtime-credentials.module.test.ts:14
		delete process.env.N8N_ENV_FEAT_RUNTIME_CREDENTIALS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3e89710a1e16aede Environment-variable access.
repo/packages/cli/src/modules/runtime-credentials/__tests__/runtime-credentials.module.test.ts:23
			process.env.N8N_ENV_FEAT_RUNTIME_CREDENTIALS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9649df8dbc986c3f Environment-variable access.
repo/packages/cli/src/modules/runtime-credentials/runtime-credentials.module.ts:8
	return process.env.N8N_ENV_FEAT_RUNTIME_CREDENTIALS === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b604ee1b06b2b4bd Environment-variable access.
repo/packages/cli/src/modules/source-control.ee/__tests__/source-control-git.service.test.ts:395
				delete process.env.HTTP_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d41604b4aceb7f78 Environment-variable access.
repo/packages/cli/src/modules/source-control.ee/__tests__/source-control-git.service.test.ts:396
				delete process.env.HTTPS_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5ddb62996634384a Environment-variable access.
repo/packages/cli/src/modules/source-control.ee/__tests__/source-control-git.service.test.ts:397
				delete process.env.http_proxy;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #59062ea522b3d50e Environment-variable access.
repo/packages/cli/src/modules/source-control.ee/__tests__/source-control-git.service.test.ts:398
				delete process.env.https_proxy;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f35f64032919ec16 Environment-variable access.
repo/packages/cli/src/modules/source-control.ee/__tests__/source-control-git.service.test.ts:399
				delete process.env.NO_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0080b4feee39f100 Environment-variable access.
repo/packages/cli/src/modules/source-control.ee/__tests__/source-control-git.service.test.ts:400
				delete process.env.no_proxy;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5d552fbc2b3cc5a4 Environment-variable access.
repo/packages/cli/src/modules/source-control.ee/__tests__/source-control-git.service.test.ts:401
				delete process.env.ALL_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #51531636576fc9f4 Environment-variable access.
repo/packages/cli/src/modules/source-control.ee/__tests__/source-control-git.service.test.ts:402
				delete process.env.all_proxy;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0cce39dc1d8391f7 Environment-variable access.
repo/packages/cli/src/modules/source-control.ee/__tests__/source-control-git.service.test.ts:415
				process.env.HTTPS_PROXY = proxyUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9dffc6cbb6d68414 Environment-variable access.
repo/packages/cli/src/modules/source-control.ee/__tests__/source-control-git.service.test.ts:439
				process.env.HTTP_PROXY = proxyUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cb04fdcb4d4432ab Environment-variable access.
repo/packages/cli/src/modules/source-control.ee/__tests__/source-control-git.service.test.ts:483
				process.env.HTTPS_PROXY = proxyUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #afee7cf851d2ab12 Environment-variable access.
repo/packages/cli/src/modules/source-control.ee/__tests__/source-control-git.service.test.ts:484
				process.env.NO_PROXY = 'github.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6279abbbecd2431b Filesystem access.
repo/packages/cli/src/modules/source-control.ee/__tests__/source-control-helper.ee.test.ts:3
import { accessSync, constants as fsConstants } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #23fbec1987dfa7f5 Filesystem access.
repo/packages/cli/src/modules/source-control.ee/__tests__/source-control-preferences.service.ee.test.ts:4
import { readFile, writeFile, access, mkdir } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ac8282ecba8b013d Filesystem access.
repo/packages/cli/src/modules/source-control.ee/__tests__/source-control-preferences.service.ee.test.ts:99
			const fileContent = await readFile(tempFilePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #878bf573a60e57c6 Filesystem access.
repo/packages/cli/src/modules/source-control.ee/__tests__/source-control-preferences.service.ee.test.ts:131
			const fileContent = await readFile(tempFilePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2a0e1689f9a1b156 Filesystem access.
repo/packages/cli/src/modules/source-control.ee/__tests__/source-control-preferences.service.ee.test.ts:165
			const fileContent = await readFile(tempFilePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #831984a2a61e5e32 Filesystem access.
repo/packages/cli/src/modules/source-control.ee/__tests__/source-control-preferences.service.ee.test.ts:205
			const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #040c5f9237a533a2 Filesystem access.
repo/packages/cli/src/modules/source-control.ee/__tests__/source-control-preferences.service.ee.test.ts:266
			const fileContent = await readFile(tempFilePath2, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b5464131f7bfbff5 Filesystem access.
repo/packages/cli/src/modules/source-control.ee/__tests__/source-control-preferences.service.ee.test.ts:437
			await writeFile(knownHostsPath, 'github.com ssh-rsa AAAA...\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e740277297f9e792 Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-export.service.ee.ts:146
					return await fsWriteFile(fileName, JSON.stringify(sanitizedWorkflow, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f9d07e8ff71eb8c0 Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-export.service.ee.ts:238
			await fsWriteFile(fileName, JSON.stringify(sanitizedVariables, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd86b7cfa19196f8 Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-export.service.ee.ts:359
				await fsWriteFile(filePath, JSON.stringify(exportableDataTable, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c72e5201b2561c07 Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-export.service.ee.ts:429
			await fsWriteFile(
				fileName,
				JSON.stringify(
					{
						folders: newFolders,
					},
					null,
					2,
				),
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #16d926d63422423b Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-export.service.ee.ts:462
				await fsWriteFile(fileName, JSON.stringify({ tags: [], mappings: [] }, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #55fb7f3d6a46c7a0 Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-export.service.ee.ts:492
			await fsWriteFile(
				fileName,
				JSON.stringify(
					{
						// overwrite all tags
						tags: tags.map((tag) => ({ id: tag.id, name: tag.name })),
						mappings: mappingsToKeep.concat(mappingsOfAllowedWorkflows),
					},
					null,
					2,
				),
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d38233365dcd54a1 Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-export.service.ee.ts:580
					return await fsWriteFile(filePath, JSON.stringify(stub, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #efc69087f2a884cf Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-export.service.ee.ts:640
					return await fsWriteFile(fileName, JSON.stringify(sanitizedProject, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fa0df437e4a89b9d Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-helper.ee.ts:6
import { accessSync, constants as fsConstants, mkdirSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b9d49b4bb46da16e Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-helper.ee.ts:191
			await fsReadFile(file, { encoding: 'utf8' }),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #698ad2fbd0bd19ef Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-helper.ee.ts:214
		return jsonParse<ExportedFolders>(await fsReadFile(file, { encoding: 'utf8' }), {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2835529b01c96075 Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-helper.ee.ts:229
		return jsonParse<ExportableDataTable[]>(await fsReadFile(file, { encoding: 'utf8' }), {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e1800dc88c81d657 Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-import.service.ee.ts:308
					await fsReadFile(file, { encoding: 'utf8' }),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #16d08a49d2220c7c Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-import.service.ee.ts:418
				await fsReadFile(variablesFile[0], { encoding: 'utf8' }),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #70ec47767567a46f Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-import.service.ee.ts:448
				const fileContent = await fsReadFile(file, { encoding: 'utf8' });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #365f306e8e163abf Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-import.service.ee.ts:548
			}>(await fsReadFile(foldersFile[0], { encoding: 'utf8' }), {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #161eaa0d3a0012cf Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-import.service.ee.ts:599
				await fsReadFile(tagsFile[0], { encoding: 'utf8' }),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0ce078224caaa756 Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-import.service.ee.ts:645
				const fileContent = await fsReadFile(file, { encoding: 'utf8' });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1244fe253f2c10cd Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-import.service.ee.ts:867
			const fileContent = await fsReadFile(file, { encoding: 'utf8' });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0acde04effc6e1fc Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-import.service.ee.ts:971
					await fsReadFile(candidate.file, { encoding: 'utf8' }),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #72db8b3cd34737f7 Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-import.service.ee.ts:1043
				await fsReadFile(candidate.file, { encoding: 'utf8' }),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #09be66bd13d15e76 Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-import.service.ee.ts:1141
			}>(await fsReadFile(candidate.file, { encoding: 'utf8' }), {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0cd9147dca80aa62 Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-import.service.ee.ts:1257
				await fsReadFile(candidate.file, { encoding: 'utf8' }),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9866aaf344bc04a9 Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-import.service.ee.ts:1295
					await fsReadFile(candidate.file, { encoding: 'utf8' }),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9f362b3bf8fbd2df Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-import.service.ee.ts:1518
					await fsReadFile(candidate.file, { encoding: 'utf8' }),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6c726a115acb2e32 Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-preferences.service.ee.ts:6
import { rm as fsRm } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2514cad1e89d545e Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-preferences.service.ee.ts:152
			await writeFile(tempFilePath, normalizedKey, { mode: 0o600 });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cdbcefba306dc500 Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-preferences.service.ee.ts:170
			return await readFile(this.sshKeyName + '.pub', { encoding: 'utf8' });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cfeefb90a163dd86 Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control.service.ee.ts:10
import { writeFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #294eab965468cc46 Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control.service.ee.ts:244
					writeFileSync(path.join(this.gitFolder, '/README.md'), SOURCE_CONTROL_README);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only #cdc9562fb29161a3 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/modules/sso-oidc/__tests__/oidc.controller.ee.test.ts:244
			const mockAuthUrl = new URL('https://provider.com/auth?client_id=123');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only #b1d5c0d87a65a1f5 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/modules/sso-oidc/__tests__/oidc.controller.ee.test.ts:301
			const mockAuthUrl = new URL(
				'https://provider.com/auth?client_id=123&redirect_uri=http://localhost:5678/callback',
			);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only #0033f27bf9373fcc Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/modules/sso-oidc/__tests__/oidc.service.ee.test.ts:374
			const callbackUrl = new URL('https://example.com/callback');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only #80b5ffae262aa31f Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/modules/sso-oidc/__tests__/oidc.service.ee.test.ts:399
			const callbackUrl = new URL('https://example.com/callback');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only #c30b7aed8caa42ee Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/modules/sso-oidc/__tests__/oidc.service.ee.test.ts:430
			const callbackUrl = new URL('https://example.com/callback');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only #9f54cd8dc296f652 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/modules/sso-oidc/__tests__/oidc.service.ee.test.ts:451
			const callbackUrl = new URL('https://example.com/callback');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only #b36eaae69a4a86f9 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/modules/sso-oidc/__tests__/oidc.service.ee.test.ts:473
			const callbackUrl = new URL('https://example.com/callback');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only #b018c674a3efbb2c Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/modules/sso-oidc/__tests__/oidc.service.ee.test.ts:495
			const callbackUrl = new URL('https://example.com/callback');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only #38ae7dc2f4904d17 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/modules/sso-oidc/__tests__/oidc.service.ee.test.ts:520
			const callbackUrl = new URL('https://example.com/callback');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only #c7ef22e569239f3e Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/modules/sso-oidc/__tests__/oidc.service.ee.test.ts:551
			const callbackUrl = new URL('https://example.com/callback');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only #f26a3d0cac549054 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/modules/sso-oidc/__tests__/oidc.service.ee.test.ts:589
			const callbackUrl = new URL('https://example.com/callback');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only #995bc1210325f278 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/modules/sso-oidc/__tests__/oidc.service.ee.test.ts:629
			const callbackUrl = new URL('https://example.com/callback');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only #846a7199141773de Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/modules/sso-oidc/__tests__/oidc.service.ee.test.ts:664
			const callbackUrl = new URL('https://example.com/callback');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only #479c9bc0b41040b6 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/modules/sso-oidc/__tests__/oidc.service.ee.test.ts:686
			const callbackUrl = new URL('https://example.com/callback');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only #6b84d1b06d0dd754 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/modules/sso-oidc/__tests__/oidc.service.ee.test.ts:700
		const discoveryUrl = new URL('https://example.com/.well-known/openid-configuration');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only #b47eb94bda5b96b4 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/modules/sso-oidc/__tests__/oidc.service.ee.test.ts:795
				new URL('https://issuer.example.com/.well-known/openid-configuration'),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #0b294923777625a7 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/modules/sso-oidc/oidc.service.ee.ts:63
	discoveryEndpoint: new URL('http://n8n.io/not-set'),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only #929ba97a677357e8 Environment-variable access.
repo/packages/cli/src/modules/sso-saml/__tests__/saml.service.ee.test.ts:200
	const originalEnv = process.env.N8N_ENV_FEAT_SIGNED_SAML_REQUESTS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1375e6c48751a3f3 Environment-variable access.
repo/packages/cli/src/modules/sso-saml/__tests__/saml.service.ee.test.ts:250
			process.env.N8N_ENV_FEAT_SIGNED_SAML_REQUESTS = originalEnv;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6ea565a55b655ec4 Environment-variable access.
repo/packages/cli/src/modules/sso-saml/__tests__/saml.service.ee.test.ts:252
			delete process.env.N8N_ENV_FEAT_SIGNED_SAML_REQUESTS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #15ac7160eb89a01f Environment-variable access.
repo/packages/cli/src/modules/sso-saml/__tests__/saml.service.ee.test.ts:265
				delete process.env.N8N_ENV_FEAT_SIGNED_SAML_REQUESTS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #224a24475535a02f Environment-variable access.
repo/packages/cli/src/modules/sso-saml/__tests__/saml.service.ee.test.ts:267
				process.env.N8N_ENV_FEAT_SIGNED_SAML_REQUESTS = value;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3220c7fe9c00657f Environment-variable access.
repo/packages/cli/src/modules/sso-saml/__tests__/saml.service.ee.test.ts:274
			process.env.N8N_ENV_FEAT_SIGNED_SAML_REQUESTS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #04cbae42f3855254 Environment-variable access.
repo/packages/cli/src/modules/sso-saml/__tests__/saml.service.ee.test.ts:849
				delete process.env.N8N_ENV_FEAT_SIGNED_SAML_REQUESTS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0b9e8673622578e7 Environment-variable access.
repo/packages/cli/src/modules/sso-saml/__tests__/saml.service.ee.test.ts:860
				delete process.env.N8N_ENV_FEAT_SIGNED_SAML_REQUESTS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cb9fadc0c3f3591e Environment-variable access.
repo/packages/cli/src/modules/sso-saml/__tests__/saml.service.ee.test.ts:873
				process.env.N8N_ENV_FEAT_SIGNED_SAML_REQUESTS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fa5151f6c98a456d Environment-variable access.
repo/packages/cli/src/modules/sso-saml/__tests__/saml.service.ee.test.ts:897
				process.env.N8N_ENV_FEAT_SIGNED_SAML_REQUESTS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #36623780697ef279 Environment-variable access.
repo/packages/cli/src/modules/sso-saml/__tests__/saml.service.ee.test.ts:927
				process.env.N8N_ENV_FEAT_SIGNED_SAML_REQUESTS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0c21760f1947880d Environment-variable access.
repo/packages/cli/src/modules/sso-saml/__tests__/saml.service.ee.test.ts:955
				process.env.N8N_ENV_FEAT_SIGNED_SAML_REQUESTS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d3569c45f160c8fa Environment-variable access.
repo/packages/cli/src/modules/sso-saml/__tests__/saml.service.ee.test.ts:993
				process.env.N8N_ENV_FEAT_SIGNED_SAML_REQUESTS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1f41fa17a72a414d Environment-variable access.
repo/packages/cli/src/modules/sso-saml/__tests__/saml.service.ee.test.ts:1014
				delete process.env.N8N_ENV_FEAT_SIGNED_SAML_REQUESTS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #08bbbf8f03ea05ff Environment-variable access.
repo/packages/cli/src/modules/sso-saml/__tests__/saml.service.ee.test.ts:1055
				process.env.N8N_ENV_FEAT_SIGNED_SAML_REQUESTS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #21d3fd6eefdf20dc Environment-variable access.
repo/packages/cli/src/modules/sso-saml/__tests__/saml.service.ee.test.ts:1110
				process.env.N8N_ENV_FEAT_SIGNED_SAML_REQUESTS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #146d8296a3633932 Environment-variable access.
repo/packages/cli/src/modules/sso-saml/__tests__/saml.service.ee.test.ts:1196
				process.env.N8N_ENV_FEAT_SIGNED_SAML_REQUESTS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f42bee643504ee7c Environment-variable access.
repo/packages/cli/src/modules/sso-saml/__tests__/saml.service.ee.test.ts:1222
				delete process.env.N8N_ENV_FEAT_SIGNED_SAML_REQUESTS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ab4192967af2b2fd Environment-variable access.
repo/packages/cli/src/modules/sso-saml/__tests__/saml.service.ee.test.ts:1246
				process.env.N8N_ENV_FEAT_SIGNED_SAML_REQUESTS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c9146c097f860c8b Environment-variable access.
repo/packages/cli/src/modules/sso-saml/saml.service.ee.ts:113
		return process.env.N8N_ENV_FEAT_SIGNED_SAML_REQUESTS === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1425cc642359e21b Environment-variable access.
repo/packages/cli/src/modules/token-exchange/token-exchange.module.ts:7
	return process.env.N8N_ENV_FEAT_TOKEN_EXCHANGE === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a086ba45f10620f5 Filesystem access.
repo/packages/cli/src/node-catalog/node-catalog.service.ts:9
import * as fs from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6e3bdefa1d9b5827 Filesystem access.
repo/packages/cli/src/node-types.ts:3
import type { Dirent } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5fa569ae7e19fb16 Filesystem access.
repo/packages/cli/src/node-types.ts:4
import { readdir, readFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #80cb431b0541a722 Filesystem access.
repo/packages/cli/src/node-types.ts:53
				const translation = await readFile(translationPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #989a7e8e1e2dad9b Environment-variable access.
repo/packages/cli/src/oauth/__tests__/oauth.service.test.ts:173
			delete process.env.N8N_SKIP_AUTH_ON_OAUTH_CALLBACK;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e28aaa146bec1e60 Environment-variable access.
repo/packages/cli/src/oauth/__tests__/oauth.service.test.ts:178
			process.env.N8N_SKIP_AUTH_ON_OAUTH_CALLBACK = 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5e300ed5f98cd1e8 Environment-variable access.
repo/packages/cli/src/oauth/__tests__/oauth.service.test.ts:183
			process.env.N8N_SKIP_AUTH_ON_OAUTH_CALLBACK = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a3b84c8e76739a6e Environment-variable access.
repo/packages/cli/src/oauth/__tests__/oauth.service.test.ts:188
			process.env.N8N_SKIP_AUTH_ON_OAUTH_CALLBACK = 'TRUE';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #826577f44528081c Environment-variable access.
repo/packages/cli/src/oauth/oauth.service.ts:87
	const value = process.env.N8N_SKIP_AUTH_ON_OAUTH_CALLBACK?.toLowerCase() ?? 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ab149918726f45ce Filesystem access.
repo/packages/cli/src/public-api/index.ts:7
import fs from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #46957ce2ed2b4398 Filesystem access.
repo/packages/cli/src/public-api/index.ts:90
			const spec = await fs.readFile(openApiSpecPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d42beeb11318e9ce Filesystem access.
repo/packages/cli/src/public-api/index.ts:102
			const swaggerThemeCss = await fs.readFile(swaggerThemePath, { encoding: 'utf-8' });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #478ef156265324be Environment-variable access.
repo/packages/cli/src/public-api/index.ts:236
						operationHandlers: process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d60215da810721a6 Filesystem access.
repo/packages/cli/src/public-api/v1/handlers/data-tables/__tests__/data-table-column-name.openapi.test.ts:2
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2b107a9f2487b1f4 Filesystem access.
repo/packages/cli/src/public-api/v1/handlers/data-tables/__tests__/data-table-column-name.openapi.test.ts:22
		const doc = columnNameYmlSchema.parse(parse(fs.readFileSync(ymlPath, 'utf8')));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8c8272fb7a26c68e Filesystem access.
repo/packages/cli/src/server.ts:9
import { access as fsAccess } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bed93618bd847903 Environment-variable access.
repo/packages/cli/src/server.ts:116
		if (inDevelopment && process.env.N8N_DEV_RELOAD === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d86d6036ddab2c99 Environment-variable access.
repo/packages/cli/src/server.ts:383
			const isPreviewMode = process.env.N8N_PREVIEW_MODE === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e60480ee70f11af0 Filesystem access.
repo/packages/cli/src/services/__tests__/ai-workflow-builder.service.test.ts:827
		writeFileSync(
			join(packageDir, 'package.json'),
			JSON.stringify({
				name: 'n8n-nodes-base',
				version: '1.0.0',
				n8n: { nodes: [], credentials: [] },
			}),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1a32cccccd4d8b89 Filesystem access.
repo/packages/cli/src/services/__tests__/ai-workflow-builder.service.test.ts:835
		writeFileSync(
			join(packageDir, 'dist', 'known', 'nodes.json'),
			JSON.stringify({
				httpRequest: {
					className: 'HttpRequest',
					sourcePath: 'dist/nodes/HttpRequest/HttpRequest.node.js',
				},
			}),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ec1bc0ebe816c9da Filesystem access.
repo/packages/cli/src/services/__tests__/ai-workflow-builder.service.test.ts:844
		writeFileSync(join(packageDir, 'dist', 'known', 'credentials.json'), JSON.stringify({}));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #13492d9f974e87dc Filesystem access.
repo/packages/cli/src/services/__tests__/ai-workflow-builder.service.test.ts:845
		writeFileSync(
			join(packageDir, 'dist', 'types', 'nodes.json'),
			JSON.stringify([nodeTypeDescription]),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #712928112209d4cf Filesystem access.
repo/packages/cli/src/services/__tests__/ai-workflow-builder.service.test.ts:849
		writeFileSync(join(packageDir, 'dist', 'types', 'credentials.json'), JSON.stringify([]));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #64396581ef483559 Filesystem access.
repo/packages/cli/src/services/__tests__/export.service.test.ts:3
import { mkdir, rm, readdir, appendFile, readFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #46d8077a8b57ad92 Environment-variable access.
repo/packages/cli/src/services/__tests__/frontend.service.test.ts:370
			delete process.env.N8N_CONCURRENCY_EVALUATION_LIMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #efce51afc5597e3c Environment-variable access.
repo/packages/cli/src/services/__tests__/frontend.service.test.ts:387
			process.env.N8N_CONCURRENCY_EVALUATION_LIMIT = '7';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dfe37e58ac7b1404 Environment-variable access.
repo/packages/cli/src/services/__tests__/frontend.service.test.ts:408
			delete process.env.N8N_CONCURRENCY_EVALUATION_LIMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1e22b6a5f94b9410 Environment-variable access.
repo/packages/cli/src/services/__tests__/frontend.service.test.ts:536
			process.env.N8N_PREVIEW_MODE = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1a88cff59271d0af Filesystem access.
repo/packages/cli/src/services/__tests__/import.service.test.ts:5
import { readdir, readFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f82ead3d3417b264 Environment-variable access.
repo/packages/cli/src/services/__tests__/url.service.test.ts:8
		delete process.env.WEBHOOK_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5fef6dcaf99e7ac1 Environment-variable access.
repo/packages/cli/src/services/__tests__/url.service.test.ts:13
			process.env.WEBHOOK_URL = undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b2f1fdab4dccf992 Environment-variable access.
repo/packages/cli/src/services/__tests__/url.service.test.ts:23
			process.env.WEBHOOK_URL = 'https://example.com/';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #23fc822a9bb1ecda Environment-variable access.
repo/packages/cli/src/services/__tests__/url.service.test.ts:34
			process.env.WEBHOOK_URL = undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d59e5ba682dced16 Environment-variable access.
repo/packages/cli/src/services/__tests__/url.service.test.ts:44
			process.env.WEBHOOK_URL = '"https://example.com/"';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #38504e2b2876c76a Environment-variable access.
repo/packages/cli/src/services/__tests__/url.service.test.ts:57
			process.env.WEBHOOK_URL = 'https://old.example.com/';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4b306445658c4d1c Environment-variable access.
repo/packages/cli/src/services/__tests__/url.service.test.ts:65
			process.env.WEBHOOK_URL = 'https://old.example.com/';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2f5def9fdb2a17ae Environment-variable access.
repo/packages/cli/src/services/__tests__/url.service.test.ts:92
			process.env.WEBHOOK_URL = undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c56284cd3e10f011 Filesystem access.
repo/packages/cli/src/services/ai-workflow-builder.service.ts:10
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ddb61cd8eb5403ca Filesystem access.
repo/packages/cli/src/services/export.service.ts:6
import { mkdir, rm, readdir, appendFile, readFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4420b06accc6fad9 Filesystem access.
repo/packages/cli/src/services/export.service.ts:252
				const keyFileContent = await readFile(keyFilePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #699000c6de1a7b17 Filesystem access.
repo/packages/cli/src/services/frontend.service.ts:7
import { createWriteStream } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a9f0baf63bd0bc31 Filesystem access.
repo/packages/cli/src/services/frontend.service.ts:8
import { mkdir } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f131ed4b536f8584 Environment-variable access.
repo/packages/cli/src/services/frontend.service.ts:170
		const previewMode = process.env.N8N_PREVIEW_MODE === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ba1715dc37b04aae Environment-variable access.
repo/packages/cli/src/services/frontend.service.ts:198
		const previewMode = process.env.N8N_PREVIEW_MODE === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #db5112e1564c7e60 Environment-variable access.
repo/packages/cli/src/services/frontend.service.ts:228
			nodeEnv: process.env.NODE_ENV,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #92a086401e5d5214 Environment-variable access.
repo/packages/cli/src/services/frontend.service.ts:336
				builtIn: process.env.NODE_FUNCTION_ALLOW_BUILTIN?.split(',') ?? undefined,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee63e72f03828e56 Environment-variable access.
repo/packages/cli/src/services/frontend.service.ts:337
				external: process.env.NODE_FUNCTION_ALLOW_EXTERNAL?.split(',') ?? undefined,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c126ff14bb8f507c Environment-variable access.
repo/packages/cli/src/services/frontend.service.ts:569
				!!this.globalConfig.aiAssistant.baseUrl || !!process.env.N8N_AI_ANTHROPIC_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ef1f938b660f20c6 Filesystem access.
repo/packages/cli/src/services/import.service.ts:17
import { readdir, readFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #96e0a8fc6b7a2d04 Filesystem access.
repo/packages/cli/src/services/import.service.ts:470
		const content = await readFile(filePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5e3bc52ea745a81c Filesystem access.
repo/packages/cli/src/services/import.service.ts:525
				const keyFileContent = await readFile(keyFilePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1f0afaa0e16afa5e Filesystem access.
repo/packages/cli/src/services/import.service.ts:1002
			await readFile(migrationsFilePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3f883f307240eeec Filesystem access.
repo/packages/cli/src/services/import.service.ts:1010
		const migrationsFileContent = await readFile(migrationsFilePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #06e7ab92be829665 Environment-variable access.
repo/packages/cli/src/services/url.service.ts:18
			this.globalConfig.webhookUrl || this.trimQuotes(process.env.WEBHOOK_URL) || this.baseUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a4e787162175a5e9 Environment-variable access.
repo/packages/cli/src/task-runners/__tests__/task-runner-process-py.test.ts:54
			process.env[envVar] = 'custom value';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4f959668861e2b21 Environment-variable access.
repo/packages/cli/src/task-runners/__tests__/task-runner-process.test.ts:91
			process.env[envVar] = 'custom value';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #34be836fbfe02bd3 Environment-variable access.
repo/packages/cli/src/task-runners/task-runner-process-js.ts:58
			PATH: process.env.PATH,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #95e80a24e0079b14 Environment-variable access.
repo/packages/cli/src/task-runners/task-runner-process-js.ts:59
			HOME: process.env.HOME ?? process.env.USERPROFILE,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ceda6f0aa558ff94 Environment-variable access.
repo/packages/cli/src/task-runners/task-runner-process-js.ts:60
			NODE_PATH: process.env.NODE_PATH,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ad26aa1fcd341661 Environment-variable access.
repo/packages/cli/src/task-runners/task-runner-process-js.ts:63
			GENERIC_TIMEZONE: process.env.GENERIC_TIMEZONE,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f9d69f9c1cb515a2 Environment-variable access.
repo/packages/cli/src/task-runners/task-runner-process-js.ts:64
			NODE_FUNCTION_ALLOW_BUILTIN: process.env.NODE_FUNCTION_ALLOW_BUILTIN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2deaeebe9619eee0 Environment-variable access.
repo/packages/cli/src/task-runners/task-runner-process-js.ts:65
			NODE_FUNCTION_ALLOW_EXTERNAL: process.env.NODE_FUNCTION_ALLOW_EXTERNAL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c9e7a50ef5f2c058 Environment-variable access.
repo/packages/cli/src/task-runners/task-runner-process-js.ts:68
			N8N_SENTRY_DSN: process.env.N8N_SENTRY_DSN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #446bef2245ba7329 Environment-variable access.
repo/packages/cli/src/task-runners/task-runner-process-js.ts:69
			N8N_VERSION: process.env.N8N_VERSION,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8a4a2218ab8b581a Environment-variable access.
repo/packages/cli/src/task-runners/task-runner-process-js.ts:70
			ENVIRONMENT: process.env.ENVIRONMENT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #67ab2026166aa7a2 Environment-variable access.
repo/packages/cli/src/task-runners/task-runner-process-js.ts:71
			DEPLOYMENT_NAME: process.env.DEPLOYMENT_NAME,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cc31a790817ba6b7 Environment-variable access.
repo/packages/cli/src/task-runners/task-runner-process-js.ts:80
			N8N_RUNNERS_INSECURE_MODE: process.env.N8N_RUNNERS_INSECURE_MODE,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ecf67f11a65b7b30 Environment-variable access.
repo/packages/cli/src/task-runners/task-runner-process-js.ts:83
			N8N_RUNNERS_GRACEFUL_SHUTDOWN_TIMEOUT: process.env.N8N_RUNNERS_GRACEFUL_SHUTDOWN_TIMEOUT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e65c9ec1eb8aee23 Environment-variable access.
repo/packages/cli/src/task-runners/task-runner-process-js.ts:84
			N8N_RUNNERS_SHUTDOWN_FORCE_KILL_MARGIN: process.env.N8N_RUNNERS_SHUTDOWN_FORCE_KILL_MARGIN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6c2fc7aebadd1a49 Environment-variable access.
repo/packages/cli/src/task-runners/task-runner-process-py.ts:42
				PATH: process.env.PATH,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6dc6f49a69604885 Environment-variable access.
repo/packages/cli/src/task-runners/task-runner-process-py.ts:43
				HOME: process.env.HOME ?? process.env.USERPROFILE,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #388f5842ad56052c Environment-variable access.
repo/packages/cli/src/task-runners/task-runner-process-py.ts:54
				N8N_RUNNERS_STDLIB_ALLOW: process.env.N8N_RUNNERS_STDLIB_ALLOW,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dbb39aa4211ef81e Environment-variable access.
repo/packages/cli/src/task-runners/task-runner-process-py.ts:55
				N8N_RUNNERS_EXTERNAL_ALLOW: process.env.N8N_RUNNERS_EXTERNAL_ALLOW,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #153fb63ccc9f1993 Environment-variable access.
repo/packages/cli/src/task-runners/task-runner-process-py.ts:56
				N8N_RUNNERS_ALLOW_TRANSITIVE_IMPORTS: process.env.N8N_RUNNERS_ALLOW_TRANSITIVE_IMPORTS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8bf12124a984e374 Environment-variable access.
repo/packages/cli/src/task-runners/task-runner-process-py.ts:57
				N8N_RUNNERS_BUILTINS_DENY: process.env.N8N_RUNNERS_BUILTINS_DENY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2e5c64df222000b9 Environment-variable access.
repo/packages/cli/src/task-runners/task-runner-process-py.ts:58
				N8N_BLOCK_RUNNER_ENV_ACCESS: process.env.N8N_BLOCK_RUNNER_ENV_ACCESS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a5ba614ced2500c7 Filesystem access.
repo/packages/cli/src/user-management/email/__tests__/node-mailer.test.ts:3
import { readFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f7b96bed3ed2c5db Filesystem access.
repo/packages/cli/src/user-management/email/__tests__/node-mailer.test.ts:23
		const includedContent = await readFile(pathJoin(templatesDir, match[1]), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9d39013cbe52b50a Filesystem access.
repo/packages/cli/src/user-management/email/__tests__/node-mailer.test.ts:35
	const rawMarkup = await readFile(pathJoin(templatesDir, `${templateName}.mjml`), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3002949c4d98299a Filesystem access.
repo/packages/cli/src/user-management/email/user-management-mailer.ts:7
import { existsSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4538d7f69af2e685 Filesystem access.
repo/packages/cli/src/user-management/email/user-management-mailer.ts:8
import { readFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #75d989dbb2a35140 Filesystem access.
repo/packages/cli/src/user-management/email/user-management-mailer.ts:337
			const markup = await readFile(templatePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c50928815ccfebd0 Environment-variable access.
repo/packages/cli/src/utils.ts:132
	if (process.env.ENABLE_OBSERVABILITY === undefined || process.env.ENABLE_OBSERVABILITY === '') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3ae2602eade873b7 Environment-variable access.
repo/packages/cli/src/utils.ts:133
		process.env.ENABLE_OBSERVABILITY = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #28c831024ef38de9 Environment-variable access.
repo/packages/cli/src/utils.ts:136
		process.env.ENABLE_A365_OBSERVABILITY_EXPORTER === undefined ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e1c400d06fe0b197 Environment-variable access.
repo/packages/cli/src/utils.ts:137
		process.env.ENABLE_A365_OBSERVABILITY_EXPORTER === ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #59df6f88600580a0 Environment-variable access.
repo/packages/cli/src/utils.ts:139
		process.env.ENABLE_A365_OBSERVABILITY_EXPORTER = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #33ab14d2bd189f10 Environment-variable access.
repo/packages/cli/src/utils/ai-proxy-fetch.ts:13
export const AI_REQUEST_TIMEOUT_MS = resolveTimeoutMs(process.env.N8N_AI_TIMEOUT_MAX);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0804b9ea82977e94 Filesystem access.
repo/packages/cli/src/utils/compression.util.ts:3
import { createWriteStream, mkdirSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1fc3d1a04788f9b9 Filesystem access.
repo/packages/cli/src/utils/compression.util.ts:4
import type { FileHandle } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #58f9cfef41ff900d Filesystem access.
repo/packages/cli/src/utils/compression.util.ts:5
import { open, readFile, readdir, mkdir } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #803d2f3f43f3c9a5 Filesystem access.
repo/packages/cli/src/utils/compression.util.ts:221
			const fileContent = await readFile(fullPath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fccf6e63dbd4cba5 Environment-variable access.
repo/packages/cli/src/utils/health-endpoint.util.ts:24
	const isHealthEndpointCustomized = process.env.N8N_ENDPOINT_HEALTH !== undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8529db9211f1913b Environment-variable access.
repo/packages/cli/src/workflow-runner.ts:272
			process.env.OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS === 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8aa0e1f2a6740736 Environment-variable access.
repo/packages/cli/src/workflows/__tests__/workflow-execution.service.test.ts:691
			originalOffloadManualExecutionsToWorkers = process.env.OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6f65561c3cc35ed9 Environment-variable access.
repo/packages/cli/src/workflows/__tests__/workflow-execution.service.test.ts:692
			process.env.OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #65fb0de354653d71 Environment-variable access.
repo/packages/cli/src/workflows/__tests__/workflow-execution.service.test.ts:718
				delete process.env.OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #966323728085e48e Environment-variable access.
repo/packages/cli/src/workflows/__tests__/workflow-execution.service.test.ts:720
				process.env.OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS = originalOffloadManualExecutionsToWorkers;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c0c3bb5b01b07117 Environment-variable access.
repo/packages/cli/src/workflows/workflow-execution.service.ts:238
				process.env.OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0da754d4819a0cb0 Filesystem access.
repo/packages/cli/vitest.tsc-entity-transform.ts:72
			const next = fs.existsSync(norm) ? fs.readFileSync(norm, 'utf-8') : undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3e18ccb038140be5 Filesystem access.
repo/packages/cli/vitest.tsc-entity-transform.ts:90
				const text = cached ?? (fs.existsSync(f) ? fs.readFileSync(f, 'utf-8') : undefined);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #736835cf4b44e31a Filesystem access.
repo/packages/core/bin/common.js:13
	await writeFile(filePath, payload, { encoding: 'utf-8' });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e64990d5a04709cb Filesystem access.
repo/packages/core/bin/generate-node-defs:4
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #17191d4a3cf93a70 Filesystem access.
repo/packages/core/bin/generate-node-defs:15
const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3962db6a1921b078 Filesystem access.
repo/packages/core/bin/generate-translations:3
const {
	existsSync,
	promises: { writeFile },
} = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2cea118fe9ea61a2 Filesystem access.
repo/packages/core/bin/generate-translations:6
} = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #78afb1833d56339c Filesystem access.
repo/packages/core/nodes-testing/node-test-harness.ts:64
		return JSON.parse(readFileSync(filePath, 'utf-8')) as IWorkflowBase &

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6b45012bec75d3be Environment-variable access.
repo/packages/core/src/__tests__/storage.config.test.ts:47
		process.env.N8N_EXECUTION_DATA_STORAGE_MODE = 'filesystem';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0b4417c7e404d778 Environment-variable access.
repo/packages/core/src/__tests__/storage.config.test.ts:55
		process.env.N8N_STORAGE_PATH = '/custom/storage/path';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #10ca692383721cd4 Environment-variable access.
repo/packages/core/src/__tests__/storage.config.test.ts:63
		process.env.N8N_STORAGE_PATH = '/path/one';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3ee4d51231cb5fdb Environment-variable access.
repo/packages/core/src/__tests__/storage.config.test.ts:64
		process.env.N8N_BINARY_DATA_STORAGE_PATH = '/path/two';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0413eee475902395 Environment-variable access.
repo/packages/core/src/__tests__/storage.config.test.ts:70
		process.env.N8N_STORAGE_PATH = '/same/path';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b092c1fea39aebde Environment-variable access.
repo/packages/core/src/__tests__/storage.config.test.ts:71
		process.env.N8N_BINARY_DATA_STORAGE_PATH = '/same/path';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d9cf82ea2050f982 Environment-variable access.
repo/packages/core/src/__tests__/storage.config.test.ts:79
		process.env.N8N_EXECUTION_DATA_STORAGE_MODE = 'invalid-mode';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #798692b20294ad1e Environment-variable access.
repo/packages/core/src/__tests__/storage.config.test.ts:106
			process.env.N8N_MIGRATE_FS_STORAGE_PATH = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #100807f196381d75 Environment-variable access.
repo/packages/core/src/__tests__/storage.config.test.ts:131
			process.env.N8N_STORAGE_PATH = '/custom/path';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2c03e1bea10cccd7 Environment-variable access.
repo/packages/core/src/__tests__/storage.config.test.ts:139
			process.env.N8N_BINARY_DATA_STORAGE_PATH = '/custom/path';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5b612b02b6e5f540 Environment-variable access.
repo/packages/core/src/__tests__/storage.config.test.ts:155
			process.env.N8N_MIGRATE_FS_STORAGE_PATH = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bd21eac62c902ba7 Environment-variable access.
repo/packages/core/src/__tests__/storage.config.test.ts:165
			process.env.N8N_MIGRATE_FS_STORAGE_PATH = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #42f9c11e7056a483 Environment-variable access.
repo/packages/core/src/__tests__/storage.config.test.ts:175
			process.env.N8N_MIGRATE_FS_STORAGE_PATH = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #63eed1afdfca97a0 Environment-variable access.
repo/packages/core/src/binary-data/__tests__/binary-data.config.test.ts:40
		process.env.N8N_DEFAULT_BINARY_DATA_MODE = 's3';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #980d0bc0e78cb7f7 Environment-variable access.
repo/packages/core/src/binary-data/__tests__/binary-data.config.test.ts:41
		process.env.N8N_BINARY_DATA_STORAGE_PATH = '/custom/storage/path';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #aa37036118439dae Environment-variable access.
repo/packages/core/src/binary-data/__tests__/binary-data.config.test.ts:42
		process.env.N8N_BINARY_DATA_SIGNING_SECRET = 'super-secret';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e3d9ad19a0e5fc57 Environment-variable access.
repo/packages/core/src/binary-data/__tests__/binary-data.config.test.ts:59
		process.env.N8N_DEFAULT_BINARY_DATA_MODE = 'invalid-mode';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1831b55ba67ae250 Environment-variable access.
repo/packages/core/src/binary-data/__tests__/binary-data.config.test.ts:71
			process.env.N8N_BINARY_DATA_DATABASE_MAX_FILE_SIZE = '1024';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cab1cebe899ae851 Environment-variable access.
repo/packages/core/src/binary-data/__tests__/binary-data.config.test.ts:85
			process.env.N8N_BINARY_DATA_DATABASE_MAX_FILE_SIZE = 'not-a-number';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ac64cc4fcebbad82 Environment-variable access.
repo/packages/core/src/binary-data/__tests__/binary-data.config.test.ts:96
			process.env.N8N_BINARY_DATA_DATABASE_MAX_FILE_SIZE = '2048';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #214274cb7df9ce41 Environment-variable access.
repo/packages/core/src/binary-data/__tests__/binary-data.config.test.ts:118
			delete process.env.N8N_BINARY_DATA_SIGNING_SECRET;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #50e8770a8d3f543e Environment-variable access.
repo/packages/core/src/binary-data/__tests__/binary-data.config.test.ts:122
			process.env.N8N_BINARY_DATA_SIGNING_SECRET = 'env-pinned-secret';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #590f0ac3a1e8ce6d Filesystem access.
repo/packages/core/src/binary-data/azure-blob.manager.ts:64
		const sourceFile = await fs.readFile(sourcePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a1d3762fe288509e Environment-variable access.
repo/packages/core/src/binary-data/binary-data.config.ts:81
		if (process.env.N8N_BINARY_DATA_SIGNING_SECRET) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #99bae92790726893 Filesystem access.
repo/packages/core/src/binary-data/binary-data.service.ts:77
			binaryData.data = await readFile(filePath, { encoding: BINARY_ENCODING });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fa011c9989cae613 Filesystem access.
repo/packages/core/src/binary-data/file-system.manager.ts:37
		await fs.writeFile(filePath, bufferOrStream);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8395904032f9b4d3 Filesystem access.
repo/packages/core/src/binary-data/file-system.manager.ts:67
		return await fs.readFile(filePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eae837e1676dc67a Filesystem access.
repo/packages/core/src/binary-data/file-system.manager.ts:73
		return await jsonParse(await fs.readFile(filePath, { encoding: 'utf-8' }));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ad5a071b8496eafe Filesystem access.
repo/packages/core/src/binary-data/file-system.manager.ts:199
		await fs.writeFile(filePath, JSON.stringify(metadata), { encoding: 'utf-8' });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2b04d4b38872ccc2 Filesystem access.
repo/packages/core/src/binary-data/object-store.manager.ts:78
		const sourceFile = await fs.readFile(sourcePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4485fef98c58f900 Environment-variable access.
repo/packages/core/src/encryption/__tests__/cipher.test.ts:233
			const originalFlag = process.env.N8N_ENV_FEAT_ENCRYPTION_KEY_ROTATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #92e2b5cfc8280906 Environment-variable access.
repo/packages/core/src/encryption/__tests__/cipher.test.ts:234
			process.env.N8N_ENV_FEAT_ENCRYPTION_KEY_ROTATION = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7a81e4e43d82af8b Environment-variable access.
repo/packages/core/src/encryption/__tests__/cipher.test.ts:243
				process.env.N8N_ENV_FEAT_ENCRYPTION_KEY_ROTATION = originalFlag;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7a682e12f8118731 Environment-variable access.
repo/packages/core/src/encryption/__tests__/cipher.test.ts:268
			const originalFlag = process.env.N8N_ENV_FEAT_ENCRYPTION_KEY_ROTATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9d3dcf4173562b2b Environment-variable access.
repo/packages/core/src/encryption/__tests__/cipher.test.ts:269
			process.env.N8N_ENV_FEAT_ENCRYPTION_KEY_ROTATION = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1420418aaff04a6c Environment-variable access.
repo/packages/core/src/encryption/__tests__/cipher.test.ts:274
				process.env.N8N_ENV_FEAT_ENCRYPTION_KEY_ROTATION = originalFlag;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #face7bac18cf8e90 Environment-variable access.
repo/packages/core/src/encryption/__tests__/cipher.test.ts:300
			const originalFlag = process.env.N8N_ENV_FEAT_ENCRYPTION_KEY_ROTATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e468b0797a598af8 Environment-variable access.
repo/packages/core/src/encryption/__tests__/cipher.test.ts:301
			process.env.N8N_ENV_FEAT_ENCRYPTION_KEY_ROTATION = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b9f8f02d4d751d37 Environment-variable access.
repo/packages/core/src/encryption/__tests__/cipher.test.ts:306
				process.env.N8N_ENV_FEAT_ENCRYPTION_KEY_ROTATION = originalFlag;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9316c778c25f818b Environment-variable access.
repo/packages/core/src/encryption/__tests__/cipher.test.ts:326
			const originalFlag = process.env.N8N_ENV_FEAT_ENCRYPTION_KEY_ROTATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #26ee263a7c7583db Environment-variable access.
repo/packages/core/src/encryption/__tests__/cipher.test.ts:327
			process.env.N8N_ENV_FEAT_ENCRYPTION_KEY_ROTATION = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #41cbe1c6f245657e Environment-variable access.
repo/packages/core/src/encryption/__tests__/cipher.test.ts:334
				process.env.N8N_ENV_FEAT_ENCRYPTION_KEY_ROTATION = originalFlag;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #233ec5ecec2eb0ba Environment-variable access.
repo/packages/core/src/encryption/cipher.ts:38
			process.env.N8N_ENV_FEAT_ENCRYPTION_KEY_ROTATION === 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #21243688f3581f2b Environment-variable access.
repo/packages/core/src/encryption/cipher.ts:58
			process.env.N8N_ENV_FEAT_ENCRYPTION_KEY_ROTATION === 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0f6d69f5654dcd1b Environment-variable access.
repo/packages/core/src/execution-engine/__tests__/ssh-clients-manager.test.ts:251
		process.env.N8N_SSH_TUNNEL_IDLE_TIMEOUT = '5';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #99c5381baa302d14 Environment-variable access.
repo/packages/core/src/execution-engine/__tests__/ssh-clients-manager.test.ts:264
			process.env.N8N_SSH_TUNNEL_IDLE_TIMEOUT = value;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #15b10f887e6fbf4f Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/execute-context.ts:222
		if (process.env.CODE_ENABLE_STDOUT === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7b9f74deeabd6129 Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/supply-data-context.ts:431
		if (process.env.CODE_ENABLE_STDOUT === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #38ab9faa7bb11a05 Filesystem access.
repo/packages/core/src/execution-engine/node-execution-context/utils/__tests__/binary-helper-functions.test.ts:3
import { mkdtempSync, readFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #84a5ed742f94c3d4 Filesystem access.
repo/packages/core/src/execution-engine/node-execution-context/utils/__tests__/binary-helper-functions.test.ts:128
			readFileSync(
				`${temporaryDir}/${setBinaryDataBufferResponse.id?.replace('filesystem-v2:', '')}`,
			),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #db29276add8bd599 Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/utils/__tests__/file-system-helper-functions.test.ts:61
		process.env[BLOCK_FILE_ACCESS_TO_N8N_FILES] = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #926ef689d3c7f774 Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/utils/__tests__/file-system-helper-functions.test.ts:99
		process.env[BLOCK_FILE_ACCESS_TO_N8N_FILES] = 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fd2e4a0e1eaef625 Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/utils/__tests__/file-system-helper-functions.test.ts:117
		process.env[CONFIG_FILES] = '/path/to/config1,/path/to/config2';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a7870148f8c75740 Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/utils/__tests__/file-system-helper-functions.test.ts:123
		process.env[CUSTOM_EXTENSION_ENV] = '/path/to/extensions1;/path/to/extensions2';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9139d6faa5643d83 Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/utils/__tests__/file-system-helper-functions.test.ts:129
		process.env[BINARY_DATA_STORAGE_PATH] = '/path/to/binary/storage';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #291b623105eab98b Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/utils/__tests__/file-system-helper-functions.test.ts:135
		process.env[UM_EMAIL_TEMPLATES_INVITE] = '/path/to/invite/templates';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #de10fa5b6426b375 Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/utils/__tests__/file-system-helper-functions.test.ts:136
		process.env[UM_EMAIL_TEMPLATES_PWRESET] = '/path/to/pwreset/templates';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #089576df3029daf2 Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/utils/__tests__/file-system-helper-functions.test.ts:147
		const userHome = process.env.N8N_USER_FOLDER ?? process.env[homeVarName] ?? process.cwd();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f6f44e2a4ecf6165 Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/utils/__tests__/file-system-helper-functions.test.ts:150
		process.env[BLOCK_FILE_ACCESS_TO_N8N_FILES] = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #970ff14ccd83a9c6 Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/utils/__tests__/file-system-helper-functions.test.ts:157
		const userHome = process.env.N8N_USER_FOLDER ?? process.env[homeVarName] ?? process.cwd();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5f9c393ab25a1e90 Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/utils/__tests__/file-system-helper-functions.test.ts:160
		process.env[BLOCK_FILE_ACCESS_TO_N8N_FILES] = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6da019457a83a00c Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/utils/__tests__/file-system-helper-functions.test.ts:167
		const userHome = process.env.N8N_USER_FOLDER ?? process.env[homeVarName] ?? process.cwd();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #94753606cb4f8f23 Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/utils/__tests__/file-system-helper-functions.test.ts:170
		process.env[BLOCK_FILE_ACCESS_TO_N8N_FILES] = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8782f018e4acc776 Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/utils/__tests__/file-system-helper-functions.test.ts:389
			process.env[BLOCK_FILE_ACCESS_TO_N8N_FILES] = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1a0dc86a3ddbb224 Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/utils/file-system-helper-functions.ts:122
	const blockFileAccessToN8nFiles = process.env[BLOCK_FILE_ACCESS_TO_N8N_FILES] !== 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c1530fa15ee9102b Filesystem access.
repo/packages/core/src/execution-engine/node-execution-context/utils/file-system-helper-functions.ts:423
				await fileHandle.writeFile(content, { encoding: 'binary' });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #21f8775e236fbb6a Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/utils/file-system-helper-functions.ts:458
	if (process.env[CONFIG_FILES]) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #564357c22842142e Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/utils/file-system-helper-functions.ts:459
		restrictedPaths.push(...process.env[CONFIG_FILES].split(','));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #17f58096aa8829cb Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/utils/file-system-helper-functions.ts:462
	if (process.env[CUSTOM_EXTENSION_ENV]) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #239f5479d4cf5a76 Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/utils/file-system-helper-functions.ts:463
		const customExtensionFolders = process.env[CUSTOM_EXTENSION_ENV].split(';');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e9a8c0bde407e525 Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/utils/file-system-helper-functions.ts:467
	if (process.env[BINARY_DATA_STORAGE_PATH]) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ec36591157e7b614 Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/utils/file-system-helper-functions.ts:468
		restrictedPaths.push(process.env[BINARY_DATA_STORAGE_PATH]);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e9fe78a41f770c4 Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/utils/file-system-helper-functions.ts:471
	if (process.env[UM_EMAIL_TEMPLATES_INVITE]) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b4f4623660d5c89f Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/utils/file-system-helper-functions.ts:472
		restrictedPaths.push(process.env[UM_EMAIL_TEMPLATES_INVITE]);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ab9925cc8a3fe843 Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/utils/file-system-helper-functions.ts:475
	if (process.env[UM_EMAIL_TEMPLATES_PWRESET]) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b679baafa89d4504 Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/utils/file-system-helper-functions.ts:476
		restrictedPaths.push(process.env[UM_EMAIL_TEMPLATES_PWRESET]);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #161c7698a7d004de Environment-variable access.
repo/packages/core/src/instance-settings/__tests__/instance-settings.test.ts:91
			process.env.N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS = 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #36caa37a5fa6497f Environment-variable access.
repo/packages/core/src/instance-settings/__tests__/instance-settings.test.ts:101
			process.env.N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e6cd466800cf021b Environment-variable access.
repo/packages/core/src/instance-settings/__tests__/instance-settings.test.ts:137
			process.env.N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS = 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bb47c83f54a8baf1 Environment-variable access.
repo/packages/core/src/instance-settings/__tests__/instance-settings.test.ts:155
			process.env.N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ebfc32c31bcee3e2 Environment-variable access.
repo/packages/core/src/instance-settings/__tests__/instance-settings.test.ts:247
				process.env.N8N_INSTANCE_ID = 'env-pinned-id';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #810c30c359e1be94 Environment-variable access.
repo/packages/core/src/instance-settings/__tests__/instance-settings.test.ts:302
				process.env.N8N_HMAC_SIGNATURE_SECRET = 'env-pinned-hmac';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #78e53e438bf71bcd Environment-variable access.
repo/packages/core/src/instance-settings/instance-settings.ts:101
			process.env.N8N_INSTANCE_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6e7b0af7145e3ae8 Environment-variable access.
repo/packages/core/src/instance-settings/instance-settings.ts:110
			process.env.N8N_HMAC_SIGNATURE_SECRET,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fb4fc244d78b1f73 Filesystem access.
repo/packages/core/src/instance-settings/instance-settings.ts:232
			const cgroupV1 = readFileSync('/proc/self/cgroup', 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c11693642232a0df Filesystem access.
repo/packages/core/src/instance-settings/instance-settings.ts:241
			const cgroupV2 = readFileSync('/proc/self/mountinfo', 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f45aa3a897d97dcb Filesystem access.
repo/packages/core/src/instance-settings/instance-settings.ts:263
			const content = readFileSync(this.settingsFile, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1dccb66a2fb51f70 Environment-variable access.
repo/packages/core/src/instance-settings/instance-settings.ts:315
		const hmacSignatureSecretFromEnv = process.env.N8N_HMAC_SIGNATURE_SECRET;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e2eaf98e9db8facf Filesystem access.
repo/packages/core/src/instance-settings/instance-settings.ts:324
		writeFileSync(this.settingsFile, JSON.stringify(this.settings, null, '\t'), {
			mode: this.enforceSettingsFilePermissions.enforce ? 0o600 : undefined,
			encoding: 'utf-8',
		});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #46230b573b26d2e0 Environment-variable access.
repo/packages/core/src/instance-settings/instance-settings.ts:335
		const isEnvVarSet = !!process.env.N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bb0d1ab4cb6a5ca8 Filesystem access.
repo/packages/core/src/nodes-loader/__tests__/custom-directory-loader.hot-reload.test.ts:40
		fs.writeFileSync(file, nodeSource(version));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2b1acdd36a411db5 Filesystem access.
repo/packages/core/src/nodes-loader/__tests__/custom-directory-loader.hot-reload.test.ts:75
		fs.writeFileSync(nodeFile, nodeSource(2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7e5eaec82962e318 Filesystem access.
repo/packages/core/src/nodes-loader/__tests__/custom-directory-loader.hot-reload.test.ts:99
		fs.writeFileSync(nodeFile, nodeSource(2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7fb447df5d5a4f8a Filesystem access.
repo/packages/core/src/nodes-loader/__tests__/custom-directory-loader.hot-reload.test.ts:116
		fs.writeFileSync(nodeFile, nodeSource(2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bca044b4c7b29d48 Filesystem access.
repo/packages/core/src/nodes-loader/__tests__/scan-directory-for-packages.fs.test.ts:30
		writeFileSync(path.join(dir, 'package.json'), JSON.stringify({ name, version: '1.0.0' }));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e3a89af37f4ac9a4 Filesystem access.
repo/packages/core/src/nodes-loader/package-directory-loader.ts:96
		const fileString = readFileSync(filePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eb41b327c8810886 Filesystem access.
repo/packages/core/src/nodes-loader/package-directory-loader.ts:102
		const fileString = await readFile(filePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1eb1b90c79945d28 Environment-variable access.
repo/packages/core/src/storage.config.ts:41
		const storagePath = process.env.N8N_STORAGE_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c6da777775cc6137 Environment-variable access.
repo/packages/core/src/storage.config.ts:42
		const binaryDataStoragePath = process.env.N8N_BINARY_DATA_STORAGE_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #86141289b9b9248e Environment-variable access.
repo/packages/core/src/storage.config.ts:70
		if (process.env.N8N_STORAGE_PATH) return;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f68a766dab96b0bb Environment-variable access.
repo/packages/core/src/storage.config.ts:71
		if (process.env.N8N_BINARY_DATA_STORAGE_PATH) return;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f243de2896bef2c2 Environment-variable access.
repo/packages/core/src/storage.config.ts:78
		const shouldMigrate = process.env.N8N_MIGRATE_FS_STORAGE_PATH === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a1113dc81ac78077 Filesystem access.
repo/packages/frontend/@n8n/design-system/src/icons/lucide/vite.ts:36
			const raw = readFileSync(jsonPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9acb474ec530dc4e Environment-variable access.
repo/packages/frontend/@n8n/i18n/src/__tests__/setup.ts:2
process.env.TZ = 'UTC';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #97990bbc31e3916f Environment-variable access.
repo/packages/frontend/@n8n/stores/src/__tests__/setup.ts:5
process.env.TZ = 'UTC';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #06ebf3d37988df63 Filesystem access.
repo/packages/frontend/editor-ui/scripts/fetch-node-popularity.mjs:2
import { promises as fs } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #75ce3cabfeee35a9 Environment-variable access.
repo/packages/frontend/editor-ui/scripts/fetch-node-popularity.mjs:8
	process.env.NODE_POPULARITY_ENDPOINT ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #015b4950f64c01e3 Environment-variable access.
repo/packages/frontend/editor-ui/scripts/fetch-node-popularity.mjs:10
const FAIL_ON_ERROR = process.env.N8N_FAIL_ON_POPULARITY_FETCH_ERROR === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd33a7331418b2bd Filesystem access.
repo/packages/frontend/editor-ui/scripts/fetch-node-popularity.mjs:44
		const content = await fs.readFile(OUTPUT_FILE, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2fb88be4fde65eef Filesystem access.
repo/packages/frontend/editor-ui/scripts/fetch-node-popularity.mjs:54
	await fs.writeFile(OUTPUT_FILE, JSON.stringify(data, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #40a1bb438f9d6dd4 Environment-variable access.
repo/packages/frontend/editor-ui/src/__tests__/server/index.ts:24
	server.urlPrefix = process.env.API_URL || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low pii_flow test-only Excluded from app score #b087fb59f99e86d3 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration. Test harness — not production egress.
repo/packages/frontend/editor-ui/src/__tests__/server/index.ts:35 · flow /tmp/closeopen-zwski0h_/repo/packages/frontend/editor-ui/src/__tests__/server/index.ts:24 → /tmp/closeopen-zwski0h_/repo/packages/frontend/editor-ui/src/__tests__/server/index.ts:35
	server.post('/rest/:any', async () => ({}));

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

low env_fs test-only #3e66879f84eb2b1d Environment-variable access.
repo/packages/frontend/editor-ui/src/__tests__/setup.ts:79
process.env.TZ = 'UTC';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #cbe8ea5e0dea9a22 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/frontend/editor-ui/src/app/api/workflow-webhooks.ts:13
	return await post(N8N_API_BASE_URL, CONTACT_EMAIL_SUBMISSION_ENDPOINT, {
		instance_id: instanceId,
		user_id: `${instanceId}#${currentUser.id}`,
		email,
		agree,
		agree_updates: true,
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #7b2af6a68ed227dc Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/frontend/editor-ui/src/app/composables/useBugReporting.ts:31
		const url = new URL(BASE_FORUM_URL);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only #c201b80a9ec3c94e Filesystem access.
repo/packages/frontend/editor-ui/src/features/ai/instanceAi/__tests__/InstanceAiPreviewTabBar.test.ts:139
		const source = readFileSync(
			'src/features/ai/instanceAi/components/InstanceAiPreviewTabBar.vue',
			'utf8',
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2c79e03f137c6e07 Filesystem access.
repo/packages/node-dev/commands/new.ts:7
import { access } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2dbcf045069ac050 Filesystem access.
repo/packages/node-dev/src/Build.ts:6
import { copyFile, mkdir, readFile, writeFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c53c98532c57cdc4 Filesystem access.
repo/packages/node-dev/src/Build.ts:25
	const tsConfigString = await readFile(tsconfigPath, { encoding: 'utf8' });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9f1a8d8dececcde5 Filesystem access.
repo/packages/node-dev/src/Build.ts:39
	await writeFile(path, JSON.stringify(tsConfig, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #447b76990eaccf64 Filesystem access.
repo/packages/node-dev/src/Create.ts:1
import { copyFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2181e3061deeb94c Environment-variable access.
repo/packages/nodes-base/credentials/common/aws/system-credentials-sdk.ts:44
const getEnv = (key: string): string | undefined => process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e7e0f60c8224838 Filesystem access.
repo/packages/nodes-base/credentials/common/aws/system-credentials-utils.ts:4
import { readFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d7d337210cbd5b5c Environment-variable access.
repo/packages/nodes-base/credentials/common/aws/system-credentials-utils.ts:28
export const envGetter = (key: string): string | undefined => process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #cec77c564d52ea3f Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/nodes-base/credentials/common/aws/system-credentials-utils.ts:121
			const tokenResponse = await fetch(`${baseUrl}/api/token`, {
				method: 'PUT',
				headers: {
					'X-aws-ec2-metadata-token-ttl-seconds': '21600',
					'User-Agent': 'n8n-aws-credential',
				},
				signal: AbortSignal.timeout(2000),
			});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #7565b4b638c21572 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/nodes-base/credentials/common/aws/system-credentials-utils.ts:138
		const roleResponse = await fetch(`${baseUrl}/meta-data/iam/security-credentials/`, {
			method: 'GET',
			headers,
			signal: AbortSignal.timeout(2000),
		});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #b4199ae684f442b4 Filesystem access.
repo/packages/nodes-base/credentials/common/aws/system-credentials-utils.ts:264
				authToken = (await readFile(authTokenFile, 'utf-8')).trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5d8808bbc5fe3c44 Filesystem access.
repo/packages/nodes-base/credentials/common/aws/system-credentials-utils.ts:328
		const token = (await readFile(webIdentityTokenFile, 'utf8')).trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d1ca1c87990c30bb Environment-variable access.
repo/packages/nodes-base/credentials/common/aws/utils.ts:522
	if (process.env.N8N_AWS_LEGACY_SIGNER === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fd389ade75c07dd4 Filesystem access.
repo/packages/nodes-base/nodes/Airtop/constants.ts:1
import { readFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bfcd100a8e1517dd Environment-variable access.
repo/packages/nodes-base/nodes/Airtop/constants.ts:8
	if (process.env.N8N_VERSION) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d3db651e7a71395b Environment-variable access.
repo/packages/nodes-base/nodes/Airtop/constants.ts:9
		return process.env.N8N_VERSION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4a8368bac0839ec0 Filesystem access.
repo/packages/nodes-base/nodes/Airtop/constants.ts:15
		const n8nPackageJson = jsonParse<n8n.PackageJson>(readFileSync(packageJsonPath, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5285368423a4ee4d Environment-variable access.
repo/packages/nodes-base/nodes/Airtop/constants.ts:25
export const BASE_URL = process.env.AIRTOP_BASE_URL ?? 'https://api.airtop.ai/api/v1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3a68e6e1294b8830 Environment-variable access.
repo/packages/nodes-base/nodes/Airtop/constants.ts:26
export const BASE_URL_V2 = process.env.AIRTOP_BASE_URL_V2 ?? 'https://api.airtop.ai/api/v2';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #83fb35e31478124a Environment-variable access.
repo/packages/nodes-base/nodes/Airtop/constants.ts:28
	process.env.AIRTOP_HOOKS_BASE_URL ?? 'https://api.airtop.ai/api/hooks';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7817de830c5e549e Filesystem access.
repo/packages/nodes-base/nodes/EditImage/EditImage.node.ts:1
import { writeFile as fsWriteFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #883049d43179985b Filesystem access.
repo/packages/nodes-base/nodes/EditImage/EditImage.node.ts:1140
						await fsWriteFile(path, binaryDataBuffer);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1eb615e13c9b8cea Filesystem access.
repo/packages/nodes-base/nodes/ExecuteWorkflow/ExecuteWorkflow/GenericFunctions.test.ts:1
import { readFile as fsReadFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #97136a1077d1e639 Filesystem access.
repo/packages/nodes-base/nodes/ExecuteWorkflow/ExecuteWorkflow/GenericFunctions.ts:1
import { readFile as fsReadFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #37bd603568b757a1 Filesystem access.
repo/packages/nodes-base/nodes/ExecuteWorkflow/ExecuteWorkflow/GenericFunctions.ts:48
		const workflowJson = await fsReadFile(resolvedPath, { encoding: 'utf8' }).catch(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #900af00dc9d5ff52 Filesystem access.
repo/packages/nodes-base/nodes/Form/utils/utils.ts:3
import { rm } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74fc14d2a9e8cd8d Filesystem access.
repo/packages/nodes-base/nodes/Ftp/Ftp.node.ts:3
import { createWriteStream } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f124865f387a5a43 Filesystem access.
repo/packages/nodes-base/nodes/Merge/v3/helpers/sandbox-utils.ts:62
	const alasqlSource = await readFile(alasqlBundlePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee008fb47a110d8f Filesystem access.
repo/packages/nodes-base/nodes/SpreadsheetFile/v1/SpreadsheetFileV1.node.ts:83
						workbook = xlsxReadFile(binaryPath, xlsxOptions);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3bf38b2f6d52745f Filesystem access.
repo/packages/nodes-base/nodes/Ssh/Ssh.node.ts:2
import { writeFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ef798e601a1cb83f Filesystem access.
repo/packages/nodes-base/nodes/Ssh/Ssh.node.ts:448
								await writeFile(binaryFile.path, uploadData);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74fcc22ac202e9d4 Filesystem access.
repo/packages/nodes-base/nodes/Webhook/Webhook.node.ts:2
import { createWriteStream } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #56ed936eab6c9c6e Filesystem access.
repo/packages/nodes-base/nodes/Webhook/Webhook.node.ts:3
import { stat } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d37e83943627e575 Filesystem access.
repo/packages/nodes-base/nodes/Webhook/utils.ts:3
import { rm } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2b7453ae1bb01d6f Filesystem access.
repo/packages/nodes-base/scripts/copy-nodes-json.js:2
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #824395357ca47d74 Filesystem access.
repo/packages/nodes-base/scripts/validate-schema-versions.js:11
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e4565b8cf1ee5a40 Filesystem access.
repo/packages/nodes-base/scripts/validate-schema-versions.js:66
	const content = fs.readFileSync(nodeFilePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #498c5f4e031bf79e Environment-variable access.
repo/packages/nodes-base/vite.config.ts:7
process.env.TZ = 'UTC';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #33064a60068204fb Environment-variable access.
repo/packages/testing/code-health/src/cli.ts:27
		changedFiles: parseChangedFiles(process.env.CODE_HEALTH_CHANGED_FILES),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #271c573703566f86 Environment-variable access.
repo/packages/testing/code-health/src/cli.ts:28
		addedFiles: parseChangedFiles(process.env.CODE_HEALTH_ADDED_FILES),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d0ef112af0dec156 Filesystem access.
repo/packages/testing/code-health/src/rules/catalog-violations.rule.test.ts:16
	fs.writeFileSync(fullPath, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ff47505eae690a17 Filesystem access.
repo/packages/testing/code-health/src/rules/migration-timestamp.rule.test.ts:25
	fs.writeFileSync(fullPath, 'export {};\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #40c071876d797eb4 Filesystem access.
repo/packages/testing/code-health/src/rules/stale-overrides.rule.test.ts:16
	fs.writeFileSync(fullPath, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f92031c13e4d3af7 Filesystem access.
repo/packages/testing/code-health/src/rules/subpath-purity.rule.test.ts:16
		writeFileSync(abs, source, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #25dbe6eca8ad65a8 Filesystem access.
repo/packages/testing/code-health/src/rules/workflow-pr-target-safety.rule.test.ts:16
	fs.writeFileSync(fullPath, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #54c3edeb77fb4864 Filesystem access.
repo/packages/testing/code-health/src/utils/node-modules-deps-scanner.ts:34
			pkg = JSON.parse(fs.readFileSync(filePath, 'utf-8')) as OnDiskPackageJson;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d9f7908e2eda7d97 Filesystem access.
repo/packages/testing/code-health/src/utils/overrides-parser.ts:21
	const content = fs.readFileSync(filePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ec662ed06a5f41e1 Filesystem access.
repo/packages/testing/code-health/src/utils/package-json-scanner.ts:28
	const content = fs.readFileSync(filePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0a3e7acc3605141 Filesystem access.
repo/packages/testing/code-health/src/utils/pnpm-lock-parser.ts:31
	const content = fs.readFileSync(filePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #978f0743caf4bb71 Filesystem access.
repo/packages/testing/code-health/src/utils/workflow-scanner.ts:35
	const content = fs.readFileSync(filePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #543ed242d0b4728f Filesystem access.
repo/packages/testing/code-health/src/utils/workspace-parser.ts:17
	const content = fs.readFileSync(filePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3d3bcae92b26cc9d Environment-variable access.
repo/packages/testing/containers/helm-stack.ts:170
	if (process.env.N8N_LICENSE_TENANT_ID) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #09c7b2f78af7ac51 Environment-variable access.
repo/packages/testing/containers/helm-stack.ts:171
		extraEnvs.push({ name: 'N8N_LICENSE_TENANT_ID', value: process.env.N8N_LICENSE_TENANT_ID });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #321463665d5a4c02 Environment-variable access.
repo/packages/testing/containers/helm-stack.ts:173
	if (process.env.N8N_LICENSE_ACTIVATION_KEY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cd9b433076a49484 Environment-variable access.
repo/packages/testing/containers/helm-stack.ts:176
			value: process.env.N8N_LICENSE_ACTIVATION_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #934a3042e60dbc4c Environment-variable access.
repo/packages/testing/containers/helm-stack.ts:179
	if (process.env.N8N_LICENSE_CERT) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4f54a486bf458a7c Environment-variable access.
repo/packages/testing/containers/helm-stack.ts:180
		extraEnvs.push({ name: 'N8N_LICENSE_CERT', value: process.env.N8N_LICENSE_CERT });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1446c66401abc081 Filesystem access.
repo/packages/testing/containers/helm-stack.ts:331
	writeFileSync(kubeConfigPath, namedKubeconfig);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e7ee3f51afe0a2ba Filesystem access.
repo/packages/testing/containers/helm-stack.ts:349
		writeFileSync(defaultKubeconfig, merged);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3ccf55558c35f788 Filesystem access.
repo/packages/testing/containers/helm-start-stack.ts:124
		writeFileSync(values['url-file'], stack.baseUrl);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #efbfdfe3b24a9ea6 Filesystem access.
repo/packages/testing/containers/helm-start-stack.ts:129
		writeFileSync(values['kubeconfig-file'], stack.kubeConfigPath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9922268f14792812 Environment-variable access.
repo/packages/testing/containers/helpers/utils.ts:12
	const isVerbose = process.env.CONTAINER_TELEMETRY_VERBOSE === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c7e0c6e0a372711b Environment-variable access.
repo/packages/testing/containers/network-stabilization.ts:18
	if (!process.env.CI || os.platform() !== 'linux') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5e15e83bf251a0d0 Environment-variable access.
repo/packages/testing/containers/pull-test-images.ts:111
	if (failures.length > 0 && process.env.STRICT_IMAGE_PULL === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #87fc81a120835a30 Filesystem access.
repo/packages/testing/containers/service-stack.ts:83
	writeFileSync(devEnvFilePath(), lines.join('\n'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7be4ffab229b9f64 Environment-variable access.
repo/packages/testing/containers/services/n8n.ts:48
	N8N_ENCRYPTION_KEY: process.env.N8N_ENCRYPTION_KEY ?? 'test-encryption-key',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #af23db25f2a4f597 Environment-variable access.
repo/packages/testing/containers/services/n8n.ts:55
	N8N_LICENSE_TENANT_ID: process.env.N8N_LICENSE_TENANT_ID ?? '1001',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6c8c8152fbf78809 Environment-variable access.
repo/packages/testing/containers/services/n8n.ts:56
	N8N_LICENSE_ACTIVATION_KEY: process.env.N8N_LICENSE_ACTIVATION_KEY ?? '',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #40bf30bd2ad0adae Environment-variable access.
repo/packages/testing/containers/services/n8n.ts:57
	N8N_LICENSE_CERT: process.env.N8N_LICENSE_CERT ?? '',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #98c6cef5f116a1ed Environment-variable access.
repo/packages/testing/containers/services/n8n.ts:119
			if (!process.env.N8N_LICENSE_ACTIVATION_KEY && !process.env.N8N_LICENSE_CERT) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cdc17334b25105e5 Environment-variable access.
repo/packages/testing/containers/services/ngrok.ts:48
		const authToken = process.env.NGROK_AUTHTOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1c8c0eb7de84eed1 Filesystem access.
repo/packages/testing/containers/services/proxy.ts:2
import { promises as fs } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5400f47155d776cd Filesystem access.
repo/packages/testing/containers/services/proxy.ts:205
					const fileContent = await fs.readFile(filePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6e77d76e28348b01 Filesystem access.
repo/packages/testing/containers/services/proxy.ts:488
				await fs.writeFile(filePath, JSON.stringify(processedExpectation, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f4af0a5d102b3acb Environment-variable access.
repo/packages/testing/containers/telemetry.ts:62
	const ref = process.env.GITHUB_REF ?? '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c6f95f7c4d8bc16e Environment-variable access.
repo/packages/testing/containers/telemetry.ts:66
		sha: process.env.GITHUB_SHA?.slice(0, 8) ?? 'local',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d005ebd3df9bde68 Environment-variable access.
repo/packages/testing/containers/telemetry.ts:67
		branch: process.env.GITHUB_HEAD_REF ?? process.env.GITHUB_REF_NAME ?? 'local',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9f4c58c80e53c331 Environment-variable access.
repo/packages/testing/containers/telemetry.ts:74
		runId: process.env.GITHUB_RUN_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1dfe9a786f0b6aa1 Environment-variable access.
repo/packages/testing/containers/telemetry.ts:75
		job: process.env.GITHUB_JOB,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #59c48cde4f19be31 Environment-variable access.
repo/packages/testing/containers/telemetry.ts:76
		workflow: process.env.GITHUB_WORKFLOW,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ba3f3d39f680d6e2 Environment-variable access.
repo/packages/testing/containers/telemetry.ts:77
		attempt: process.env.GITHUB_RUN_ATTEMPT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aa7c67bc603207c2 Environment-variable access.
repo/packages/testing/containers/telemetry.ts:78
			? parseInt(process.env.GITHUB_RUN_ATTEMPT, 10)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #55568c0d4c0a55d5 Environment-variable access.
repo/packages/testing/containers/telemetry.ts:85
	if (!process.env.CI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e96286881ed3bbec Environment-variable access.
repo/packages/testing/containers/telemetry.ts:89
	if (process.env.RUNNER_ENVIRONMENT === 'github-hosted') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a5fafcf5b2cda1f9 Environment-variable access.
repo/packages/testing/containers/telemetry.ts:182
		const isVerbose = process.env.CONTAINER_TELEMETRY_VERBOSE === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #56063b0345bb48b0 Environment-variable access.
repo/packages/testing/containers/telemetry.ts:183
		const webhookUrl = process.env.QA_METRICS_WEBHOOK_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #adf6cd7aa7a83e09 Environment-variable access.
repo/packages/testing/containers/telemetry.ts:211
		const repo = process.env.GITHUB_REPOSITORY ?? null;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9a0ce7cf87fd5a53 Environment-variable access.
repo/packages/testing/containers/telemetry.ts:283
		const webhookUser = process.env.QA_METRICS_WEBHOOK_USER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d0689f87ec5e8243 Environment-variable access.
repo/packages/testing/containers/telemetry.ts:284
		const webhookPassword = process.env.QA_METRICS_WEBHOOK_PASSWORD;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #efbea35181b0af4d Environment-variable access.
repo/packages/testing/containers/test-containers.ts:84
	let value = process.env[envVar];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #10a9dfa2349894da Environment-variable access.
repo/packages/testing/containers/test-containers.ts:87
		value = process.env.N8N_DOCKER_IMAGE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ffc3e93f85fb9fc7 Filesystem access.
repo/packages/testing/janitor/src/cli.test.ts:92
			fs.writeFileSync(
				path.join(tempDir, 'tsconfig.json'),
				JSON.stringify({
					compilerOptions: {
						target: 'ES2020',
						module: 'ESNext',
						moduleResolution: 'node',
						strict: true,
					},
					include: ['**/*.ts'],
				}),
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1d93fe9fd80d3a70 Filesystem access.
repo/packages/testing/janitor/src/cli.test.ts:106
			fs.writeFileSync(
				path.join(tempDir, 'janitor.config.js'),
				`module.exports = {
					rootDir: '${tempDir}',
					patterns: {
						pages: ['pages/**/*.ts'],
						components: [],
						flows: [],
						tests: ['tests/**/*.spec.ts'],
						services: [],
						fixtures: [],
						helpers: [],
						factories: [],
						testData: [],
					},
					excludeFromPages: [],
					facade: { file: 'pages/AppPage.ts', className: 'AppPage', excludeTypes: [] },
					fixtureObjectName: 'app',
					apiFixtureName: 'api',
					rawApiPatterns: [],
					flowLayerName: 'Composable',
					architectureLayers: [],
					rules: {},
				};`,
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e9326b79cb65b349 Filesystem access.
repo/packages/testing/janitor/src/cli.test.ts:142
			fs.writeFileSync(path.join(tempDir, 'pages', 'CleanPage.ts'), 'export class CleanPage {}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7db301257b702fc6 Filesystem access.
repo/packages/testing/janitor/src/cli.test.ts:165
			fs.writeFileSync(
				path.join(tempDir, 'pages', 'VerbosePage.ts'),
				'export class VerbosePage {}',
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4964ab8335e6e83e Filesystem access.
repo/packages/testing/janitor/src/cli.test.ts:186
			fs.writeFileSync(
				path.join(tempDir, 'pages', 'BaselinePage.ts'),
				'export class BaselinePage {}',
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a17f5deb63a461f0 Environment-variable access.
repo/packages/testing/janitor/src/cli.ts:451
	const attempt = Number(process.env.GITHUB_RUN_ATTEMPT ?? '1');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4c6a111e6bc2739f Environment-variable access.
repo/packages/testing/janitor/src/cli.ts:460
		firstNonEmpty(options.url, process.env.JANITOR_FILTER_SHARD_URL) ?? DEFAULT_FILTER_SHARD_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #730fd2eb835ca853 Environment-variable access.
repo/packages/testing/janitor/src/cli.ts:461
	const runId = process.env.GITHUB_RUN_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #76a448495f79c387 Filesystem access.
repo/packages/testing/janitor/src/cli.ts:546
		const includeRaw = fs.readFileSync(options.includeSpecsFile, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #18b95542fa8b0b16 Filesystem access.
repo/packages/testing/janitor/src/cli.ts:568
				const raw = JSON.parse(fs.readFileSync(metricsPath, 'utf-8')) as {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #01ec2a9e04b540bb Environment-variable access.
repo/packages/testing/janitor/src/cli.ts:610
	const env = process.env.CHANGED_FILES;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6273ec3383506985 Filesystem access.
repo/packages/testing/janitor/src/cli.ts:670
	const inputs = files.map((f) => ({ text: fs.readFileSync(f, 'utf8'), spec: f }));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d6b5fe0e7f5ed724 Filesystem access.
repo/packages/testing/janitor/src/cli.ts:672
	fs.writeFileSync(options.outLcov, result.lcov);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb05a0ff18ec49f4 Filesystem access.
repo/packages/testing/janitor/src/cli.ts:674
	fs.writeFileSync(options.outMap, JSON.stringify(encodeImpactMap(result.impactMap)));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #252a57aab492b3de Filesystem access.
repo/packages/testing/janitor/src/core/affected-packages-analyzer.test.ts:25
	writeFileSync(
		join(root, 'pnpm-workspace.yaml'),
		`packages:\n${opts.patterns.map((p) => `  - '${p}'`).join('\n')}\n`,
	);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1c61aa138b3e4bfc Filesystem access.
repo/packages/testing/janitor/src/core/affected-packages-analyzer.test.ts:29
	writeFileSync(join(root, 'package.json'), JSON.stringify({ name: 'monorepo-root' }));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ab2f5a48cbbc7f55 Filesystem access.
repo/packages/testing/janitor/src/core/affected-packages-analyzer.test.ts:38
		writeFileSync(join(pkgDir, 'package.json'), JSON.stringify(pkg));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52fec950277f6469 Filesystem access.
repo/packages/testing/janitor/src/core/affected-packages-analyzer.test.ts:42
		writeFileSync(
			join(root, 'turbo.json'),
			JSON.stringify({
				tasks: Object.fromEntries(opts.turboTasks.map((t) => [t.taskId, { inputs: t.inputs }])),
			}),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #42f32a7451e0d155 Filesystem access.
repo/packages/testing/janitor/src/core/affected-packages-analyzer.ts:18
		return JSON.parse(readFileSync(path, 'utf-8')) as T;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3bf6f9280715e4d2 Filesystem access.
repo/packages/testing/janitor/src/core/affected-packages-analyzer.ts:42
		(parseYaml(readFileSync(wsFile, 'utf-8')) as { packages?: string[] } | null)?.packages ?? [];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b8c2f4f42ea1cc61 Filesystem access.
repo/packages/testing/janitor/src/core/ast-diff-analyzer.ts:81
		const currentContent = fs.readFileSync(filePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2859c02d618fb170 Filesystem access.
repo/packages/testing/janitor/src/core/baseline.test.ts:42
			fs.writeFileSync(path.join(tempDir, '.janitor-baseline.json'), '{}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #75e03402dc1d0014 Filesystem access.
repo/packages/testing/janitor/src/core/impact-analyzer.ts:315
				const content = fs.readFileSync(file, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #549ccf7eb5e31741 Filesystem access.
repo/packages/testing/janitor/src/core/inventory-analyzer.test.ts:24
		fs.writeFileSync(fullPath, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f72c2a80b674b0a6 Filesystem access.
repo/packages/testing/janitor/src/core/inventory-analyzer.test.ts:49
		fs.writeFileSync(
			path.join(tempDir, 'tsconfig.json'),
			JSON.stringify({
				compilerOptions: {
					target: 'ES2020',
					module: 'ESNext',
					moduleResolution: 'node',
					strict: true,
				},
				include: ['**/*.ts'],
			}),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #10e787694ffa3553 Filesystem access.
repo/packages/testing/janitor/src/core/inventory-analyzer.test.ts:203
			fs.writeFileSync(
				path.join(tempDir, 'workflows', 'simple-webhook.json'),
				JSON.stringify({ name: 'Simple Webhook' }),
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #903c6addc23c4bd0 Filesystem access.
repo/packages/testing/janitor/src/core/inventory-analyzer.test.ts:207
			fs.writeFileSync(
				path.join(tempDir, 'workflows', 'complex-flow.json'),
				JSON.stringify({ name: 'Complex Flow' }),
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ac8ac7ca500efba1 Filesystem access.
repo/packages/testing/janitor/src/core/inventory-analyzer.test.ts:346
			fs.writeFileSync(
				path.join(tempDir, 'workflows', 'test-workflow.json'),
				JSON.stringify({ name: 'Test' }),
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a024f1e567ce235c Filesystem access.
repo/packages/testing/janitor/src/core/method-usage-analyzer.ts:114
			const content = fs.readFileSync(testFilePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f9c110dc214272d8 Filesystem access.
repo/packages/testing/janitor/src/core/project-loader.test.ts:24
		fs.writeFileSync(path.join(tempDir, 'tsconfig.json'), JSON.stringify(tsconfig, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b91669628f14fecb Filesystem access.
repo/packages/testing/janitor/src/core/project-loader.test.ts:52
			fs.writeFileSync(path.join(pagesDir, 'TestPage.ts'), 'export class TestPage { foo() {} }');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #17e0a8b82594d9f4 Filesystem access.
repo/packages/testing/janitor/src/core/project-loader.test.ts:65
			fs.writeFileSync(
				path.join(tempDir, 'TestClass.ts'),
				`export class TestClass {
					publicMethod() { return 1; }
					private privateMethod() { return 2; }
				}`,
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #77ef7cdd762250a0 Filesystem access.
repo/packages/testing/janitor/src/core/read-lockfile-importers.ts:25
		doc = parse(readFileSync(lockPath, 'utf8')) as typeof doc;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a4386bc33688d166 Filesystem access.
repo/packages/testing/janitor/src/core/read-manifest-diffs.ts:17
		return existsSync(abs) ? readFileSync(abs, 'utf8') : '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c2413157115129eb Filesystem access.
repo/packages/testing/janitor/src/core/scope-analyzer.test.ts:12
	writeFileSync(join(pkgDir, 'package.json'), JSON.stringify({ name: 'some-pkg' }));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a8b8a8db832f104 Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:28
		fs.writeFileSync(path.join(tempDir, 'pages', '.gitkeep'), '');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #894edabe344cf41a Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:29
		fs.writeFileSync(path.join(tempDir, 'tests', '.gitkeep'), '');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e440827869f505c9 Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:32
		fs.writeFileSync(
			path.join(tempDir, 'tsconfig.json'),
			JSON.stringify({
				compilerOptions: {
					target: 'ES2020',
					module: 'ESNext',
					moduleResolution: 'node',
					strict: true,
					skipLibCheck: true,
					noEmit: true,
				},
				include: ['**/*.ts'],
			}),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #08c731735dea9f85 Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:48
		fs.writeFileSync(
			path.join(tempDir, 'package.json'),
			JSON.stringify({
				name: 'tcr-test',
				scripts: {
					typecheck: 'tsc --noEmit',
				},
			}),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f3d683eb701f7157 Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:97
			fs.writeFileSync(path.join(tempDir, 'pages', 'NewPage.ts'), 'export class NewPage {}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d8dda55ac7456c5b Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:108
			fs.writeFileSync(path.join(tempDir, 'pages', 'TestPage.ts'), 'export class TestPage {}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5965bf7a9fd6edfa Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:112
			fs.writeFileSync(
				path.join(tempDir, 'pages', 'TestPage.ts'),
				'export class TestPage { modified() {} }',
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c4d74b3cb3aad441 Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:136
			fs.writeFileSync(
				path.join(newDir, 'new-feature.spec.ts'),
				'import { test } from "@playwright/test"; test("new feature", () => {});',
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ef851d4e8ec67aa Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:158
			fs.writeFileSync(
				path.join(newDir, 'staged-feature.spec.ts'),
				'export const test = { name: "staged feature test" };\n',
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aaee5cb153f13496 Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:167
			fs.writeFileSync(
				path.join(tempDir, 'package.json'),
				JSON.stringify({ name: 'tcr-test', scripts: { typecheck: 'node -e ""' } }),
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c8b5d1436e6fa6db Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:188
			fs.writeFileSync(
				path.join(tempDir, 'pages', 'ToDelete.ts'),
				'export class ToDelete { method() {} }',
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c0499455b8687de9 Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:205
			fs.writeFileSync(
				path.join(tempDir, 'pages', 'OldName.ts'),
				'export class OldName { method() {} }',
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e85daa9076c770ff Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:225
			fs.writeFileSync(
				path.join(tempDir, 'MethodClass.ts'),
				`export class MethodClass {
	existing() {}
}`,
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9cd75611690784e5 Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:234
			fs.writeFileSync(
				path.join(tempDir, 'MethodClass.ts'),
				`export class MethodClass {
	existing() {}
	newMethod() {}
}`,
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bdebc6ac8c73284b Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:254
			fs.writeFileSync(
				path.join(tempDir, 'RemoveClass.ts'),
				`export class RemoveClass {
	keepMe() {}
	removeMe() {}
}`,
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b49a432ea78ad23c Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:264
			fs.writeFileSync(
				path.join(tempDir, 'RemoveClass.ts'),
				`export class RemoveClass {
	keepMe() {}
}`,
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1407c43c5a0f484a Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:283
			fs.writeFileSync(
				path.join(tempDir, 'ModifyClass.ts'),
				`export class ModifyClass {
	myMethod() { return 1; }
}`,
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #acf7f608b1ff3ed2 Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:292
			fs.writeFileSync(
				path.join(tempDir, 'ModifyClass.ts'),
				`export class ModifyClass {
	myMethod() { return 2; }
}`,
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #71c301a48d1fa3f7 Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:313
			fs.writeFileSync(path.join(tempDir, 'pages', 'LargePage.ts'), 'export class LargePage {}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3f8c69e030fbec6b Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:318
			fs.writeFileSync(path.join(tempDir, 'pages', 'LargePage.ts'), largeContent);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3ed03a3025131831 Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:330
			fs.writeFileSync(path.join(tempDir, 'pages', 'SmallPage.ts'), 'export class SmallPage {}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fe78e04e8b9b16e1 Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:334
			fs.writeFileSync(
				path.join(tempDir, 'pages', 'SmallPage.ts'),
				'export class SmallPage { x = 1; }',
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #df97b394bbee9437 Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:387
			fs.writeFileSync(path.join(tempDir, 'pages', 'OtherPage.ts'), 'export class OtherPage {}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d5bc6ec4b1672071 Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:400
			fs.writeFileSync(
				path.join(tempDir, 'pages', 'PageA.ts'),
				`import { PageB } from './PageB';
				export class PageA {}`,
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #074eb723120b47d0 Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:405
			fs.writeFileSync(path.join(tempDir, 'pages', 'PageB.ts'), 'export class PageB {}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e5155e04de0421aa Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:437
			fs.writeFileSync(path.join(tempDir, 'pages', 'DryRunPage.ts'), 'export class DryRunPage {}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #21568f48cdc03332 Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:452
			fs.writeFileSync(path.join(tempDir, 'pages', 'ResultPage.ts'), 'export class ResultPage {}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c601a8e7fafce9f1 Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:483
			fs.writeFileSync(
				path.join(tempDir, 'tests', 'example.spec.ts'),
				'import { test } from "@playwright/test"; test("example", () => {});',
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f98e58614fc29a1f Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:569
			fs.writeFileSync(path.join(tempDir, 'pages', 'FailPage.ts'), 'export class FailPage {}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #42ff95dfd87cd2af Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:574
			fs.writeFileSync(headFile, 'corrupted');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f2e1ea5b9b18aef8 Environment-variable access.
repo/packages/testing/janitor/vitest.config.ts:9
	process.env.CI === 'true' ? { pool: 'forks' as const, maxWorkers: '50%' } : {};

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f5e7936fcdbc3962 Filesystem access.
repo/packages/testing/performance/scripts/check-regression.mjs:13
import { readFileSync, existsSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2cdea029cf3b3e5d Filesystem access.
repo/packages/testing/performance/scripts/check-regression.mjs:34
const baseline = JSON.parse(readFileSync(BASELINE_PATH, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #49cf09ff58a17b0d Filesystem access.
repo/packages/testing/performance/scripts/check-regression.mjs:35
const current = JSON.parse(readFileSync(CURRENT_PATH, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #be341fd8f82f5350 Filesystem access.
repo/packages/testing/performance/scripts/extract-expressions.mjs:12
import { readFileSync, writeFileSync, readdirSync, existsSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c689ac6e1f604b94 Filesystem access.
repo/packages/testing/performance/scripts/extract-expressions.mjs:81
		const wf = JSON.parse(readFileSync(join(inputDir, file), 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c5b68a64e0755525 Filesystem access.
repo/packages/testing/performance/scripts/extract-expressions.mjs:166
writeFileSync(outputPath, JSON.stringify(fixture, null, '\t'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #75da5dce07281a09 Filesystem access.
repo/packages/testing/performance/scripts/save-baseline.mjs:9
import { readFileSync, writeFileSync, existsSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1473c914767bf2ca Filesystem access.
repo/packages/testing/performance/scripts/save-baseline.mjs:39
const results = JSON.parse(readFileSync(resultsPath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a18b6d4cafac8e87 Filesystem access.
repo/packages/testing/performance/scripts/save-baseline.mjs:69
writeFileSync(baselinePath, JSON.stringify(results, null, '\t'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #23290d8164d1cb11 Environment-variable access.
repo/packages/testing/performance/vitest.config.ts:5
	plugins: [process.env.CODSPEED ? codspeedPlugin() : null].filter(Boolean),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8b9ed1081bd481f4 Environment-variable access.
repo/packages/testing/playwright/coverage-options.ts:13
export const COVERAGE_ENABLED = process.env.COVERAGE_ENABLED === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9fcb5cbe1a74936b Environment-variable access.
repo/packages/testing/playwright/currents.config.ts:4
	recordKey: process.env.CURRENTS_RECORD_KEY ?? '',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #da328b48e5a1351f Environment-variable access.
repo/packages/testing/playwright/currents.config.ts:5
	projectId: process.env.CURRENTS_PROJECT_ID ?? 'nHHLA5',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7e4a5dc87db2bb31 Filesystem access.
repo/packages/testing/playwright/fixtures/backend-v8-coverage.ts:84
					writeFileSync(
						join(specDir, `raw-${slugify(testInfo.testId)}.json`),
						JSON.stringify({ result }),
					);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cdbe7fb7daf77454 Filesystem access.
repo/packages/testing/playwright/fixtures/backend-v8-coverage.ts:88
					writeFileSync(join(specDir, '.spec'), spec);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d441fd7b0b988d52 Environment-variable access.
repo/packages/testing/playwright/fixtures/base.ts:64
	const raw = process.env.N8N_TEST_ENV;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a879922ccdffcbed Environment-variable access.
repo/packages/testing/playwright/fixtures/base.ts:124
				...(process.env.N8N_COVERAGE_DIR ? { coverageHostDir: process.env.N8N_COVERAGE_DIR } : {}),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #121e3ca3ecf6c304 Environment-variable access.
repo/packages/testing/playwright/fixtures/base.ts:144
			if (process.env.N8N_CONTAINERS_KEEPALIVE === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2939996873d9c300 Environment-variable access.
repo/packages/testing/playwright/fixtures/base.ts:156
			const envBaseURL = process.env.N8N_BASE_URL ?? n8nContainer?.baseUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ea72ed87c4544338 Environment-variable access.
repo/packages/testing/playwright/fixtures/langsmith.ts:20
			const client = process.env.LANGSMITH_API_KEY ? new Client() : undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a89d49348315f945 Environment-variable access.
repo/packages/testing/playwright/fixtures/langsmith.ts:46
				project_name: process.env.LANGSMITH_PROJECT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #41ae725c96d46d56 Environment-variable access.
repo/packages/testing/playwright/fixtures/observability.ts:31
	if (process.env.CONTAINER_TELEMETRY_VERBOSE === '1') return true;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #1e6028115cb6d52f Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/testing/playwright/fixtures/quarantine.ts:12
		const res = await fetch(QUARANTINE_WEBHOOK_URL, { signal: controller.signal });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #cbfde3c46888492d Environment-variable access.
repo/packages/testing/playwright/fixtures/quarantine.ts:69
			if (process.env.CURRENTS_RECORD_KEY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9ff0fde3357a8966 Environment-variable access.
repo/packages/testing/playwright/fixtures/quarantine.ts:80
			if (process.env.CURRENTS_RECORD_KEY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5f64d33be17c1425 Filesystem access.
repo/packages/testing/playwright/fixtures/v8-coverage.ts:86
			writeFileSync(join(specDir, '.spec'), spec);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e11f0c61809bc7c5 Environment-variable access.
repo/packages/testing/playwright/global-setup.ts:16
	const resetE2eDb = process.env.RESET_E2E_DB;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #645033c12d621364 Environment-variable access.
repo/packages/testing/playwright/playwright-projects.ts:30
const ALLOW_CONTAINER_ONLY = process.env.PLAYWRIGHT_ALLOW_CONTAINER_ONLY === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #642820c44fad33f5 Environment-variable access.
repo/packages/testing/playwright/playwright-projects.ts:176
				N8N_INSTANCE_AI_MODEL: process.env.N8N_INSTANCE_AI_MODEL ?? 'openai/gpt-4o-mini',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #22f37fc4ac61aedc Environment-variable access.
repo/packages/testing/playwright/playwright-projects.ts:178
				...(process.env.N8N_AI_OPENAI_API_KEY && {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c7778a3e673264f8 Environment-variable access.
repo/packages/testing/playwright/playwright-projects.ts:179
					N8N_AI_OPENAI_API_KEY: process.env.N8N_AI_OPENAI_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e0c563c522834563 Environment-variable access.
repo/packages/testing/playwright/playwright-projects.ts:180
					OPENAI_API_KEY: process.env.N8N_AI_OPENAI_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #949e5d0410a22d22 Environment-variable access.
repo/packages/testing/playwright/playwright-projects.ts:182
				...(process.env.LANGSMITH_API_KEY && {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #17c0f22f3b97e6bb Environment-variable access.
repo/packages/testing/playwright/playwright-projects.ts:183
					LANGSMITH_API_KEY: process.env.LANGSMITH_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #00d17aefc4cf4728 Environment-variable access.
repo/packages/testing/playwright/playwright-projects.ts:185
				...(process.env.ANTHROPIC_API_KEY && {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #108eea3bfd41a712 Environment-variable access.
repo/packages/testing/playwright/playwright-projects.ts:186
					ANTHROPIC_API_KEY: process.env.ANTHROPIC_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1f07de0c6d39669c Environment-variable access.
repo/packages/testing/playwright/playwright-projects.ts:188
				...(process.env.OPENROUTER_API_KEY && {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c3b33a4025ac2fcb Environment-variable access.
repo/packages/testing/playwright/playwright-projects.ts:189
					OPENROUTER_API_KEY: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fa97625117b9b84d Environment-variable access.
repo/packages/testing/playwright/playwright-projects.ts:191
				...(process.env.CEREBRAS_API_KEY && {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ceb256427c34d6aa Environment-variable access.
repo/packages/testing/playwright/playwright-projects.ts:192
					CEREBRAS_API_KEY: process.env.CEREBRAS_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b5f569dfb97ce9a0 Environment-variable access.
repo/packages/testing/playwright/playwright-projects.ts:195
				...(process.env.N8N_INSTANCE_AI_SANDBOX_ENABLED && {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4a2507ffcd76b662 Environment-variable access.
repo/packages/testing/playwright/playwright-projects.ts:196
					N8N_INSTANCE_AI_SANDBOX_ENABLED: process.env.N8N_INSTANCE_AI_SANDBOX_ENABLED,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #da6f19966ee9f148 Environment-variable access.
repo/packages/testing/playwright/playwright-projects.ts:198
						process.env.N8N_INSTANCE_AI_SANDBOX_PROVIDER ?? 'daytona',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #12c6339d182458a3 Environment-variable access.
repo/packages/testing/playwright/playwright-projects.ts:199
					N8N_INSTANCE_AI_SANDBOX_IMAGE: process.env.N8N_INSTANCE_AI_SANDBOX_IMAGE ?? '',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #53e8b9b5aab3628f Environment-variable access.
repo/packages/testing/playwright/playwright-projects.ts:201
				...(process.env.DAYTONA_API_URL && {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb7f8a011eea69a5 Environment-variable access.
repo/packages/testing/playwright/playwright-projects.ts:202
					DAYTONA_API_URL: process.env.DAYTONA_API_URL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2996854de4c931d7 Environment-variable access.
repo/packages/testing/playwright/playwright-projects.ts:204
				...(process.env.DAYTONA_API_KEY && {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #258d78d70d22d048 Environment-variable access.
repo/packages/testing/playwright/playwright-projects.ts:205
					DAYTONA_API_KEY: process.env.DAYTONA_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a5c1cfc39a891e47 Environment-variable access.
repo/packages/testing/playwright/playwright.config.ts:13
const IS_CI = !!process.env.CI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #af8797cec02d7e5f Environment-variable access.
repo/packages/testing/playwright/playwright.config.ts:14
const IS_DEV = !!process.env.N8N_EDITOR_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aae3fd163a5bfb66 Environment-variable access.
repo/packages/testing/playwright/playwright.config.ts:22
	const testEnv = process.env.N8N_TEST_ENV;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e80c6008c0b42c2a Environment-variable access.
repo/packages/testing/playwright/playwright.config.ts:52
const SKIP_WEB_SERVER = process.env.PLAYWRIGHT_SKIP_WEBSERVER === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4950de4c234466c7 Environment-variable access.
repo/packages/testing/playwright/playwright.config.ts:109
		headless: process.env.SHOW_BROWSER !== 'true',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #41bbdf530a4e00de Environment-variable access.
repo/packages/testing/playwright/playwright.config.ts:113
		currentsFixturesEnabled: !!process.env.CI,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #00e3154df0606b14 Environment-variable access.
repo/packages/testing/playwright/playwright.config.ts:119
				['junit', { outputFile: process.env.PLAYWRIGHT_JUNIT_OUTPUT_NAME ?? 'results.xml' }],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #592d7215a3de615e Environment-variable access.
repo/packages/testing/playwright/playwright.config.ts:122
				...(process.env.CURRENTS_RECORD_KEY ? [currentsReporter(currentsConfig)] : []),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #54a06f0bff509e22 Environment-variable access.
repo/packages/testing/playwright/playwright.config.ts:125
				...(process.env.LANGSMITH_API_KEY ? ([['./reporters/langsmith-eval.ts']] as const) : []),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6ae5723fc70974dc Environment-variable access.
repo/packages/testing/playwright/playwright.config.ts:132
				...(process.env.LANGSMITH_API_KEY ? ([['./reporters/langsmith-eval.ts']] as const) : []),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e2505c97ea2d9275 Filesystem access.
repo/packages/testing/playwright/reporters/benchmark-summary-reporter.ts:2
import { appendFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #80a87981d48d2727 Environment-variable access.
repo/packages/testing/playwright/reporters/benchmark-summary-reporter.ts:242
		const summaryPath = process.env.GITHUB_STEP_SUMMARY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d1a79be4fbe1bd47 Environment-variable access.
repo/packages/testing/playwright/reporters/langsmith-eval.ts:23
		if (process.env.LANGSMITH_API_KEY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ba85c564e6b2f2b2 Environment-variable access.
repo/packages/testing/playwright/reporters/langsmith-eval.ts:26
		const project = process.env.LANGSMITH_PROJECT ?? 'unset';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2aa12da0ddb47896 Environment-variable access.
repo/packages/testing/playwright/reporters/metrics-reporter.ts:40
		this.webhookUrl = options.webhookUrl ?? process.env.QA_METRICS_WEBHOOK_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0627eb01f6ec816 Environment-variable access.
repo/packages/testing/playwright/reporters/metrics-reporter.ts:41
		this.webhookUser = options.webhookUser ?? process.env.QA_METRICS_WEBHOOK_USER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #389194fb8f924863 Environment-variable access.
repo/packages/testing/playwright/reporters/metrics-reporter.ts:42
		this.webhookPassword = options.webhookPassword ?? process.env.QA_METRICS_WEBHOOK_PASSWORD;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d0b78fdf50553ea2 Environment-variable access.
repo/packages/testing/playwright/reporters/metrics-reporter.ts:133
		const ref = process.env.GITHUB_REF ?? '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d83d77a3e414a785 Environment-variable access.
repo/packages/testing/playwright/reporters/metrics-reporter.ts:135
		const runId = process.env.GITHUB_RUN_ID ?? null;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8672f29f2557fddb Environment-variable access.
repo/packages/testing/playwright/reporters/metrics-reporter.ts:140
				sha: (process.env.GITHUB_SHA ?? this.gitFallback('rev-parse HEAD'))?.slice(0, 8) ?? null,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #47d29b3dc68144f4 Environment-variable access.
repo/packages/testing/playwright/reporters/metrics-reporter.ts:142
					process.env.GITHUB_HEAD_REF ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #090048b75373b2a6 Environment-variable access.
repo/packages/testing/playwright/reporters/metrics-reporter.ts:143
					process.env.GITHUB_REF_NAME ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a37f8206349a8e23 Environment-variable access.
repo/packages/testing/playwright/reporters/metrics-reporter.ts:150
					runId && process.env.GITHUB_REPOSITORY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #34d0a5af4ddfb644 Environment-variable access.
repo/packages/testing/playwright/reporters/metrics-reporter.ts:151
						? `https://github.com/${process.env.GITHUB_REPOSITORY}/actions/runs/${runId}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8635a0a68cd07c46 Environment-variable access.
repo/packages/testing/playwright/reporters/metrics-reporter.ts:153
				workflow: process.env.GITHUB_WORKFLOW ?? null,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74b3ce34dfff7a3c Environment-variable access.
repo/packages/testing/playwright/reporters/metrics-reporter.ts:154
				job: process.env.GITHUB_JOB ?? null,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fba2072347f010a7 Environment-variable access.
repo/packages/testing/playwright/reporters/metrics-reporter.ts:155
				attempt: process.env.GITHUB_RUN_ATTEMPT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1263600421fb306d Environment-variable access.
repo/packages/testing/playwright/reporters/metrics-reporter.ts:156
					? parseInt(process.env.GITHUB_RUN_ATTEMPT, 10)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7dd9fdd392d091ad Environment-variable access.
repo/packages/testing/playwright/reporters/metrics-reporter.ts:160
				provider: !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6daebd5f86ea0f6e Environment-variable access.
repo/packages/testing/playwright/reporters/metrics-reporter.ts:162
					: process.env.RUNNER_ENVIRONMENT === 'github-hosted'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ef435a88bb5cb069 Filesystem access.
repo/packages/testing/playwright/scripts/aggregate-coverage.mjs:96
		writeFileSync(path.join(dir, `${label}-${i}.lcov`), transform(readFileSync(file, 'utf8'))),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #60851f2e09a4bdbf Filesystem access.
repo/packages/testing/playwright/scripts/ast-viewer.ts:11
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e4d3b6fa600ae0c4 Environment-variable access.
repo/packages/testing/playwright/scripts/backend-coverage-resolver.ts:23
const IMAGE_DIST_ROOT = process.env.IMAGE_DIST_ROOT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #af1b10b1274ee528 Environment-variable access.
repo/packages/testing/playwright/scripts/backend-coverage-resolver.ts:24
const IMAGE_ROOT_PREFIX = process.env.IMAGE_ROOT_PREFIX ?? '/usr/local/lib/node_modules/n8n';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fe4629de8d06b52b Filesystem access.
repo/packages/testing/playwright/scripts/backend-coverage-resolver.ts:40
				const name = JSON.parse(readFileSync(pkgJson, 'utf8')).name as string;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7b3fd08ba0bf330b Filesystem access.
repo/packages/testing/playwright/scripts/backend-coverage-resolver.ts:113
				source = readFileSync(r.bytesFile, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fb0b7082c2519e69 Filesystem access.
repo/packages/testing/playwright/scripts/backend-coverage-resolver.ts:119
				const map = JSON.parse(readFileSync(`${r.bytesFile}.map`, 'utf8')) as {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8ef539d43ce93e2e Filesystem access.
repo/packages/testing/playwright/scripts/build-test-image.mjs:4
import { writeFileSync, existsSync, mkdirSync, copyFileSync, rmSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fe1beefa45e2aed4 Filesystem access.
repo/packages/testing/playwright/scripts/build-test-image.mjs:51
		writeFileSync(
			dockerfilePath,
			`FROM ${targetImage}
COPY e2e.controller.js /usr/local/lib/node_modules/n8n/dist/controllers/e2e.controller.js
`,
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #afe6c6de3160a1bb Filesystem access.
repo/packages/testing/playwright/scripts/canvas-perf-sentinels.mjs:82
		return readFileSync(attachment.path, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f4f8494ca27fa2d Environment-variable access.
repo/packages/testing/playwright/scripts/canvas-perf-sentinels.mjs:150
	const summaryPath = process.env.GITHUB_STEP_SUMMARY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7f945cb258bfe151 Filesystem access.
repo/packages/testing/playwright/scripts/canvas-perf-sentinels.mjs:161
	const raw = readFileSync(path, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #77f38c25c217e1ed Environment-variable access.
repo/packages/testing/playwright/scripts/coverage-analysis.mjs:87
const TOKEN = process.env.CODECOV_API_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee433a93db31adaf Filesystem access.
repo/packages/testing/playwright/scripts/coverage-pipeline.test.ts:39
		writeFileSync(join(sibling, 'specA', '.spec'), 'tests/e2e/x.spec.ts');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bf4f7ca5d440f7e8 Filesystem access.
repo/packages/testing/playwright/scripts/distribute-tests.mjs:232
	writeFileSync(allowPath, [...union].join('\n'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f6b0054489308a67 Environment-variable access.
repo/packages/testing/playwright/scripts/emit-shard-coverage.ts:32
const IMAGE_DIST_ROOT = process.env.IMAGE_DIST_ROOT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #093ffa3d6823e79c Environment-variable access.
repo/packages/testing/playwright/scripts/emit-shard-coverage.ts:37
	const dir = process.env.N8N_COVERAGE_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3f3a40206b5b28fb Filesystem access.
repo/packages/testing/playwright/scripts/emit-shard-coverage.ts:44
			parsed = JSON.parse(readFileSync(file, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fb599f933287c745 Filesystem access.
repo/packages/testing/playwright/scripts/emit-shard-coverage.ts:64
			JSON.parse(readFileSync(file, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b4cc315374fb35e8 Filesystem access.
repo/packages/testing/playwright/scripts/emit-spec-backend-lcovs.ts:47
					parsed = JSON.parse(readFileSync(join(dir, rf), 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fc52700f17412575 Filesystem access.
repo/packages/testing/playwright/scripts/fetch-currents-metrics.mjs:12
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7f196d63c8e5d6f4 Environment-variable access.
repo/packages/testing/playwright/scripts/fetch-currents-metrics.mjs:86
	const apiKey = process.env.CURRENTS_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #10f304fe960206cd Filesystem access.
repo/packages/testing/playwright/scripts/fetch-currents-metrics.mjs:130
	fs.writeFileSync(OUTPUT_PATH, JSON.stringify(output, null, 2) + '\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee88e10de0bd3cdb Filesystem access.
repo/packages/testing/playwright/scripts/impact-map.mjs:98
const map = buildMap(parseLcov(readFileSync(lcovPath, 'utf8')), specId);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f54d13a77636b5b2 Filesystem access.
repo/packages/testing/playwright/scripts/impact-map.mjs:99
const diff = parseDiff(readFileSync(diffPath, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #35e95eddbc0ee369 Filesystem access.
repo/packages/testing/playwright/scripts/import-jaeger-traces.mjs:44
const raw = JSON.parse(readFileSync(tracesFile, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb3f5b9052d81df7 Filesystem access.
repo/packages/testing/playwright/scripts/import-jaeger-traces.mjs:52
writeFileSync(
	wrappedFile,
	JSON.stringify({
		data: traces,
		total: traces.length,
		limit: traces.length,
		offset: 0,
		errors: null,
	}),
);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9878c30950a3f090 Filesystem access.
repo/packages/testing/playwright/scripts/import-victoria-data.mjs:49
		body: readFileSync(metricsFile),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #08742ec972733619 Filesystem access.
repo/packages/testing/playwright/scripts/import-victoria-data.mjs:59
		body: readFileSync(logsFile),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7e5865a643f5ca13 Environment-variable access.
repo/packages/testing/playwright/scripts/run-coverage-shard.mjs:36
	const image = process.env.TEST_IMAGE_N8N ?? 'n8nio/n8n:local';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7722e5afe96e1a35 Environment-variable access.
repo/packages/testing/playwright/scripts/run-local-instance-ai.mjs:25
const apiKey = process.env.ANTHROPIC_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0fb85b08ebfe4d78 Environment-variable access.
repo/packages/testing/playwright/scripts/run-local-instance-ai.mjs:40
		return process.env.N8N_TEST_ENV ? JSON.parse(process.env.N8N_TEST_ENV) : {};

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #14343cfb080875ee Filesystem access.
repo/packages/testing/playwright/scripts/run-local-isolated.mjs:39
import { mkdtempSync, rmSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #671dfadf5b632a9b Environment-variable access.
repo/packages/testing/playwright/scripts/run-local-isolated.mjs:69
if (process.env.N8N_BASE_URL) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e80b99bb68b8523a Environment-variable access.
repo/packages/testing/playwright/scripts/run-local-isolated.mjs:70
	backendUrl = process.env.N8N_BASE_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #841b8d7ea75b5571 Environment-variable access.
repo/packages/testing/playwright/scripts/run-local-isolated.mjs:72
	brokerPort = process.env.N8N_RUNNERS_BROKER_PORT ?? String(await getFreePort());

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #719ba922989633cc Environment-variable access.
repo/packages/testing/playwright/scripts/run-local-isolated.mjs:86
		return process.env.N8N_TEST_ENV ? JSON.parse(process.env.N8N_TEST_ENV) : {};

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #efb1807d2461bfa2 Environment-variable access.
repo/packages/testing/playwright/scripts/run-local-isolated.mjs:99
	N8N_LOG_LEVEL: process.env.N8N_LOG_LEVEL ?? 'info',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ed9718c178ed8d11 Environment-variable access.
repo/packages/testing/playwright/scripts/select-affected-e2e.mjs:72
	const changedFiles = process.argv.slice(2).join(',') || process.env.CHANGED_FILES || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4f36e91956c8c2d4 Environment-variable access.
repo/packages/testing/playwright/scripts/select-affected-e2e.mjs:77
		allSpecs: process.env.ALL_SPECS_FILE,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #074f0b585484cbb9 Environment-variable access.
repo/packages/testing/playwright/scripts/select-affected-e2e.mjs:78
		base: process.env.BASE_REF,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d970913b3224cebf Filesystem access.
repo/packages/testing/playwright/scripts/select-affected-e2e.test.ts:33
			fs.writeFileSync(p, '{}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #044ebf7ec14541b6 Filesystem access.
repo/packages/testing/playwright/scripts/select-affected-e2e.test.ts:42
			fs.writeFileSync(p, '{}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #15ba51b4a7dde68f Filesystem access.
repo/packages/testing/playwright/scripts/sizing-matrix-aggregate.test.ts:75
		writeFileSync(
			join(laneDir, 'test-results.json'),
			JSON.stringify(testResultsWithReports(specs)),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b0c565e685806149 Filesystem access.
repo/packages/testing/playwright/scripts/sizing-matrix-aggregate.test.ts:94
		const written = JSON.parse(readFileSync(join(laneDir, looseFiles[0]), 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c65e6c7eef1116a4 Filesystem access.
repo/packages/testing/playwright/scripts/sizing-matrix-aggregate.test.ts:116
		writeFileSync(
			join(root, 'test-results.json'),
			JSON.stringify({ suites: [{ specs: [{ tests: [{ results: [{ attachments: [] }] }] }] }] }),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e763f8163a4ac617 Filesystem access.
repo/packages/testing/playwright/scripts/sizing-matrix-aggregate.test.ts:127
		writeFileSync(join(root, 'test-results.json'), '{ not valid json');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2402391e4076b666 Environment-variable access.
repo/packages/testing/playwright/scripts/sizing-matrix-aggregate.ts:91
		args['hardware-runner'] ?? process.env.SIZING_MATRIX_RUNNER ?? DEFAULT_HARDWARE.runner;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #95dbf0941be1fc8b Environment-variable access.
repo/packages/testing/playwright/scripts/sizing-matrix-aggregate.ts:94
		: process.env.SIZING_MATRIX_VCPU

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #45970a1d585de2b2 Environment-variable access.
repo/packages/testing/playwright/scripts/sizing-matrix-aggregate.ts:95
			? Number(process.env.SIZING_MATRIX_VCPU)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #db795f007a5899dc Environment-variable access.
repo/packages/testing/playwright/scripts/sizing-matrix-aggregate.ts:99
		: process.env.SIZING_MATRIX_RAM_GB

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cd5fa37c17d665dd Environment-variable access.
repo/packages/testing/playwright/scripts/sizing-matrix-aggregate.ts:100
			? Number(process.env.SIZING_MATRIX_RAM_GB)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aa7452f4e8804586 Filesystem access.
repo/packages/testing/playwright/scripts/sizing-matrix-aggregate.ts:113
		const pkg = JSON.parse(readFileSync(join(REPO_ROOT, 'packages/cli/package.json'), 'utf8')) as {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5112d3fa01450b8a Filesystem access.
repo/packages/testing/playwright/scripts/sizing-matrix-aggregate.ts:124
		const head = readFileSync(join(REPO_ROOT, '.git/HEAD'), 'utf8').trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d9d9b745a9298a5d Filesystem access.
repo/packages/testing/playwright/scripts/sizing-matrix-aggregate.ts:127
			return readFileSync(join(REPO_ROOT, '.git', refPath), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e6c09b2d9a06a478 Filesystem access.
repo/packages/testing/playwright/scripts/sizing-matrix-aggregate.ts:139
	const overrides = JSON.parse(readFileSync(path, 'utf8')) as SpecMapping;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7267a8fa81c3f100 Environment-variable access.
repo/packages/testing/playwright/scripts/sizing-matrix-aggregate.ts:181
	const apiKey = process.env.CURRENTS_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e2bcb01aa6ce40ce Filesystem access.
repo/packages/testing/playwright/scripts/sizing-matrix-aggregate.ts:221
	writeFileSync(outPath, buf);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1dab7d57bfcb19d9 Filesystem access.
repo/packages/testing/playwright/scripts/sizing-matrix-aggregate.ts:288
			report = JSON.parse(readFileSync(file, 'utf8')) as JSONReport;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6705e703bd9eb8c8 Filesystem access.
repo/packages/testing/playwright/scripts/sizing-matrix-aggregate.ts:296
			writeFileSync(join(laneDir, `${stem}.run-report.${index}.json`), body);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cf560511d7d8ef97 Filesystem access.
repo/packages/testing/playwright/scripts/sizing-matrix-aggregate.ts:305
		const report = JSON.parse(readFileSync(path, 'utf8')) as RunReport;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1302210ddf0e4861 Filesystem access.
repo/packages/testing/playwright/scripts/sizing-matrix-aggregate.ts:367
	writeFileSync(args.out, JSON.stringify(matrix, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3231f06a1c45cfd9 Filesystem access.
repo/packages/testing/playwright/scripts/sizing-matrix-aggregate.ts:372
		writeFileSync(args.markdownOut, renderMarkdown(matrix));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c45ddd8e049fc4ab Filesystem access.
repo/packages/testing/playwright/scripts/sizing-matrix-topologies.test.ts:72
		const source = readFileSync(workerCmd, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2f1792536e316056 Filesystem access.
repo/packages/testing/playwright/services/workflow-api-helper.ts:2
import { readFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c863f5256f70b201 Filesystem access.
repo/packages/testing/playwright/services/workflow-api-helper.ts:345
		const fileContent = readFileSync(filePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #24bee11a3e1bc012 Filesystem access.
repo/packages/testing/playwright/utils/benchmark/run-heap-analysis.ts:148
		unboundGrowthOutput = await readFile(or.analysisOutputFile, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6e219b72e412432c Filesystem access.
repo/packages/testing/playwright/utils/benchmark/run-heap-analysis.ts:159
		shapeGrowthOutput = await readFile(sr.analysisOutputFile, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7bdac7b6786afcc1 Filesystem access.
repo/packages/testing/playwright/utils/benchmark/run-heap-analysis.ts:233
	await writeFile(reportPath, JSON.stringify(report, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b5c6f6b3a0498848 Filesystem access.
repo/packages/testing/playwright/utils/path-helper.ts:1
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1cc9339e59c83aec Filesystem access.
repo/packages/testing/playwright/utils/performance-helper.ts:342
			await writeFile(`${outputDir}/${label}-smaps-raw.txt`, data.raw);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ea742bd4f3c29397 Filesystem access.
repo/packages/testing/playwright/utils/performance-helper.ts:351
		await writeFile(`${outputDir}/${label}-rss-breakdown.json`, JSON.stringify(summary, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #be3f6e8649564c4a Environment-variable access.
repo/packages/testing/playwright/utils/url-helper.ts:14
	return process.env.N8N_BASE_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0b66ce9403ea468 Environment-variable access.
repo/packages/testing/playwright/utils/url-helper.ts:23
	return process.env.N8N_EDITOR_URL ?? process.env.N8N_BASE_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8bb19b7a5d3b3ff6 Filesystem access.
repo/packages/testing/rules-engine/src/baseline.ts:33
		const content = fs.readFileSync(filePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #130c6983ac7decdb Filesystem access.
repo/packages/testing/rules-engine/src/baseline.ts:74
	fs.writeFileSync(filePath, JSON.stringify(baseline, null, '\t') + '\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3b3711a215c88c0d Filesystem access.
repo/packages/testing/test-impact/src/map-build.test.ts:49
		writeFileSync(join(bs, 'spec_a', '.spec'), 'tests/e2e/a.spec.ts');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #99a2dfd0d57a7872 Filesystem access.
repo/packages/testing/test-impact/src/map-build.test.ts:50
		writeFileSync(join(bs, 'spec_a', 'raw-1.json'), '{}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #17d4be0e1f6a735b Filesystem access.
repo/packages/testing/test-impact/src/map-build.test.ts:52
		writeFileSync(join(bs, 'no_marker', 'raw-1.json'), '{}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bc899b57eb85406a Filesystem access.
repo/packages/testing/test-impact/src/map-build.test.ts:54
		writeFileSync(join(bs, 'no_raw', '.spec'), 'x');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #27abe73ffcefa2ed Filesystem access.
repo/packages/testing/test-impact/src/map-build.test.ts:57
		writeFileSync(join(bs, 'spec_jsonl', '.spec'), 'tests/e2e/b.spec.ts');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #44c91e31fdf38cc2 Filesystem access.
repo/packages/testing/test-impact/src/map-build.test.ts:58
		writeFileSync(join(bs, 'spec_jsonl', 'raw-1.jsonl'), '{}\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2c663fce0ae4a7d9 Filesystem access.
repo/packages/testing/test-impact/src/map-build.ts:66
		const spec = readFileSync(specMarker, 'utf8').trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3914551de5981bae Filesystem access.
repo/packages/testing/test-impact/src/map-build.ts:84
		writeFileSync(
			join(outDir, `${slug}${suffix}.lcov`),
			forceSpecTn(readFileSync(lcovPath, 'utf8'), spec),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7ff42735344563a1 Filesystem access.
repo/packages/testing/test-impact/src/map-build.ts:86
			forceSpecTn(readFileSync(lcovPath, 'utf8'), spec),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f65800f3a60a4d2e Filesystem access.
repo/packages/testing/test-impact/src/select.test.ts:29
		fs.writeFileSync(p, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #51fdbfb1ecb142ce Filesystem access.
repo/packages/testing/test-impact/src/select.test.ts:57
		fs.writeFileSync(mapPath, '{not valid json,,,');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c6471730ddc2ddb3 Filesystem access.
repo/packages/testing/test-impact/src/select.test.ts:73
		fs.writeFileSync(mapPath, '{}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d6849298db716122 Filesystem access.
repo/packages/testing/test-impact/src/select.test.ts:92
		fs.writeFileSync(mapPath, JSON.stringify(interned));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fd595a45eb614add Filesystem access.
repo/packages/testing/test-impact/src/select.test.ts:109
		fs.writeFileSync(mapPath, JSON.stringify(map));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f07d19b2faf9f365 Filesystem access.
repo/packages/testing/test-impact/src/select.test.ts:127
		fs.writeFileSync(mapPath, JSON.stringify(map));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0c1a586f3f6cb5ca Filesystem access.
repo/packages/testing/test-impact/src/select.test.ts:140
		fs.writeFileSync(mapPath, JSON.stringify(map));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1c48bef79e8d64a4 Filesystem access.
repo/packages/testing/test-impact/src/select.test.ts:155
		fs.writeFileSync(mapPath, JSON.stringify(map));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9f3d3cea34bf13f3 Filesystem access.
repo/packages/testing/test-impact/src/select.test.ts:169
		fs.writeFileSync(mapPath, JSON.stringify(map));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #84fe11b71c2e6eed Filesystem access.
repo/packages/testing/test-impact/src/select.test.ts:191
		fs.writeFileSync(mapPath, JSON.stringify(map));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #402db84f83a1b940 Filesystem access.
repo/packages/testing/test-impact/src/select.test.ts:204
		fs.writeFileSync(mapPath, JSON.stringify(map));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a50f3343f0624495 Filesystem access.
repo/packages/testing/test-impact/src/select.ts:70
		const parsed: unknown = JSON.parse(fs.readFileSync(mapFile, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #636ec01a82849b35 Filesystem access.
repo/packages/testing/test-impact/src/select.ts:93
		? parseSpecList(fs.readFileSync(input.allSpecsFile, 'utf8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4ad069e2a31fa198 Environment-variable access.
repo/packages/workflow/src/expression.ts:552
						env: process.env.N8N_BLOCK_ENV_ACCESS_IN_NODE !== 'false' ? {} : process.env,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f0718807fdb928e Filesystem access.
repo/packages/workflow/src/interfaces.ts:7
import type { PathLike } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e54761f13e7e9710 Environment-variable access.
repo/packages/workflow/src/workflow-data-proxy-env-provider.ts:16
		? process.env.N8N_BLOCK_ENV_ACCESS_IN_NODE !== 'false'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0396c085ec90330f Environment-variable access.
repo/packages/workflow/stryker.config.mjs:30
	concurrency: Number(process.env.STRYKER_CONCURRENCY ?? 4),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6a80547f0d3dc9a3 Environment-variable access.
repo/scripts/agent-setup.mjs:122
	NODE_OPTIONS: process.env.NODE_OPTIONS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #00949afa6ee7bf4e Environment-variable access.
repo/scripts/agent-setup.mjs:123
		? `${process.env.NODE_OPTIONS} ${NODE_OPTS}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #03e52058b613ecda Filesystem access.
repo/scripts/agent-setup.mjs:167
	const content = await readFile(path, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d00277cf36aca24d Filesystem access.
repo/scripts/agent-setup.mjs:201
	writeFileSync(summaryPath, JSON.stringify(summary, null, 2) + '\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e64b45cd56a6256b Filesystem access.
repo/scripts/backend-module/setup.mjs:35
		const content = await readFile(path.join(templateDir, template), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6e6a1d5f99106c9d Filesystem access.
repo/scripts/backend-module/setup.mjs:36
		await fs.writeFile(target, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #df631892d39b7658 Environment-variable access.
repo/scripts/build-n8n.mjs:15
const isCI = process.env.CI === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #95b5921ad354dbbe Environment-variable access.
repo/scripts/build-n8n.mjs:19
	process.env.CI === 'true' && process.env.INCLUDE_TEST_CONTROLLER !== 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #05a01c7317442a13 Environment-variable access.
repo/scripts/build-n8n.mjs:23
process.env.FORCE_COLOR = isCI ? '0' : '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #955075251d28a71d Environment-variable access.
repo/scripts/build-n8n.mjs:131
if (process.env.CI !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #916cadcba1cec3a6 Filesystem access.
repo/scripts/build-n8n.mjs:148
		const packageJsonContent = await fs.readFile(packageJsonPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #09671b5dac2c89cc Filesystem access.
repo/scripts/build-n8n.mjs:165
		await fs.writeFile(packageJsonPath, JSON.stringify(packageJson, null, 2), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f6fa247029e440c2 Filesystem access.
repo/scripts/build-n8n.mjs:186
	const content = await fs.readFile(cliPackagePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eb7aa9ce45d8ec88 Filesystem access.
repo/scripts/build-n8n.mjs:189
	await fs.writeFile(cliPackagePath, JSON.stringify(packageJson, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #06e976bf07e71794 Environment-variable access.
repo/scripts/build-n8n.mjs:198
const generateLicenses = process.env.N8N_GENERATE_LICENSES === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9561fd1865834bab Environment-variable access.
repo/scripts/build-n8n.mjs:200
	process.env.npm_config_shamefully_hoist = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #470904b7f6b37608 Environment-variable access.
repo/scripts/build-n8n.mjs:256
		if (process.env.CI === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0d4b774215d4e686 Environment-variable access.
repo/scripts/build-n8n.mjs:267
if (process.env.CI !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #893c1191cdcb49fb Filesystem access.
repo/scripts/check-workspace-deps.mjs:12
		const content = readFileSync(file, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8eb0c1e2804ddfca Filesystem access.
repo/scripts/check-zod-peer-deps.mjs:55
		const pkg = JSON.parse(readFileSync(file, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0402045d204b4115 Environment-variable access.
repo/scripts/dockerize-n8n.mjs:16
process.env.FORCE_COLOR = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f8dfd7dc92931371 Environment-variable access.
repo/scripts/dockerize-n8n.mjs:26
	if (process.env.DOCKER_PLATFORM) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bc503b7c23f4d2d2 Environment-variable access.
repo/scripts/dockerize-n8n.mjs:27
		return process.env.DOCKER_PLATFORM;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #82f1ce4e3bb427ef Environment-variable access.
repo/scripts/dockerize-n8n.mjs:115
	const override = process.env.CONTAINER_ENGINE?.toLowerCase();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #55a58cfc59cf6495 Environment-variable access.
repo/scripts/dockerize-n8n.mjs:143
const noCache = process.env.DOCKER_BUILD_NO_CACHE === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #176ee25435e7aacc Environment-variable access.
repo/scripts/dockerize-n8n.mjs:144
const withBaseImage = process.env.DOCKER_BUILD_BASE_IMAGE === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5c471c8e940f4814 Environment-variable access.
repo/scripts/dockerize-n8n.mjs:145
const nodeVersion = process.env.NODE_VERSION || '24.16.0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d37b345cd7748da1 Environment-variable access.
repo/scripts/dockerize-n8n.mjs:156
		imageBaseName: process.env.IMAGE_BASE_NAME || 'n8nio/n8n',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c09af3f23c524f36 Environment-variable access.
repo/scripts/dockerize-n8n.mjs:157
		imageTag: process.env.IMAGE_TAG || 'local',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #28600cf1ce109840 Environment-variable access.
repo/scripts/dockerize-n8n.mjs:164
		imageBaseName: process.env.RUNNERS_IMAGE_BASE_NAME || 'n8nio/runners',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c4e0f9bafa400b8b Filesystem access.
repo/scripts/format.mjs:3
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #616127020253b40c Filesystem access.
repo/scripts/generate-emoji-data.mjs:126
	const rawData = JSON.parse(readFileSync(compactDataPath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #14af03ffa8114e42 Filesystem access.
repo/scripts/generate-emoji-data.mjs:133
	const fullData = JSON.parse(readFileSync(fullDataPath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bd5fbb00348bd8bd Filesystem access.
repo/scripts/generate-emoji-data.mjs:240
	writeFileSync(OUTPUT_PATH, output);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #72c6ca20171712aa Filesystem access.
repo/scripts/generate-lucide-icon-data.mjs:48
	const lucideJson = JSON.parse(readFileSync(LUCIDE_JSON_PATH, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b776e9b165d67c09 Filesystem access.
repo/scripts/generate-lucide-icon-data.mjs:57
			cache = JSON.parse(readFileSync(CACHE_PATH, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #42a942ef2b2bef53 Filesystem access.
repo/scripts/generate-lucide-icon-data.mjs:79
		writeFileSync(CACHE_PATH, JSON.stringify(cache, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d5979bb012c5bc65 Filesystem access.
repo/scripts/generate-lucide-icon-data.mjs:128
	writeFileSync(OUTPUT_PATH, output);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #50c47e24ad211598 Filesystem access.
repo/scripts/grind.mjs:70
	const pkg = JSON.parse(readFileSync(resolve(pkgRootDir, 'package.json'), 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2f9c46049773badf Environment-variable access.
repo/scripts/instance-seeding/seedInstance.mjs:10
const BASE = process.env.N8N_BASE_URL ?? 'http://localhost:5678';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #14324822423ac12a Environment-variable access.
repo/scripts/instance-seeding/seedInstance.mjs:11
const KEY = process.env.N8N_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1251ecbea7ef67ce Environment-variable access.
repo/scripts/instance-seeding/seedInstance.mjs:17
const CLEAR = (process.env.CLEAR ?? 'false').toLowerCase() === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cd89da7c2da907e9 Environment-variable access.
repo/scripts/instance-seeding/seedInstance.mjs:18
const PERSONAL_WORKFLOWS = Number(process.env.WF_MULTIPLIER) || 50;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5b3c4ed38a5e53cf Filesystem access.
repo/scripts/licenses/check-sbom-licenses.mjs:43
	const raw = await readFile(SPDX_IDS_PATH, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #684cbde4ba404e24 Filesystem access.
repo/scripts/licenses/check-sbom-licenses.mjs:212
		sbom = JSON.parse(await readFile(sbomPath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2e02c852c30fdbf8 Filesystem access.
repo/scripts/licenses/enrich-sbom.mjs:53
		const raw = await readFile(OVERRIDES_PATH, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3a32add0ef11bdad Filesystem access.
repo/scripts/licenses/enrich-sbom.mjs:124
				const pkg = JSON.parse(await readFile(path.join(dir, entry.name), 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8c1741d144b0bd93 Filesystem access.
repo/scripts/licenses/enrich-sbom.mjs:272
	const sbom = JSON.parse(await readFile(sbomPath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #63555ab54838a9cb Filesystem access.
repo/scripts/licenses/enrich-sbom.mjs:279
		licenseText = (await readFile(licenseFile, 'utf-8')).trim() || null;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #387ec80ccdf50a18 Filesystem access.
repo/scripts/licenses/enrich-sbom.mjs:319
	await writeFile(outputPath, JSON.stringify(enriched, null, 2) + '\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c589bf5f10d730b3 Filesystem access.
repo/scripts/licenses/enrich-sbom.test.mjs:251
			await writeFile(path.join(dir, rel), JSON.stringify(json));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3a560995bae99663 Filesystem access.
repo/scripts/licenses/pipeline.test.mjs:53
		const sbom = JSON.parse(await readFile(enriched, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #363e8c1078e3cfc0 Filesystem access.
repo/scripts/licenses/properties.test.mjs:71
		const raw = JSON.parse(readFileSync(path.join(HERE, 'spdx-license-ids.json'), 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d02244be25265081 Filesystem access.
repo/scripts/licenses/render-licenses-md.mjs:90
			const text = await readFile(path.join(resolvedPkgDir, candidate), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ceef35a26a8d0ca Filesystem access.
repo/scripts/licenses/render-licenses-md.mjs:123
		const raw = await readFile(OVERRIDES_PATH, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #29e3040010242b68 Filesystem access.
repo/scripts/licenses/render-licenses-md.mjs:254
	const sbom = JSON.parse(await readFile(sbomPath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a47998a063a489f4 Filesystem access.
repo/scripts/licenses/render-licenses-md.mjs:285
	await writeFile(outputPath, markdown);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6fb4ccca558f548b Filesystem access.
repo/scripts/licenses/render-licenses-md.test.mjs:418
		await writeFile(path.join(pkgDir, 'LICENSE'), 'PKGA LICENSE TEXT');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #01b76f5b4343d2f7 Filesystem access.
repo/scripts/licenses/render-licenses-md.test.mjs:426
		await writeFile(path.join(pkgDir, 'LICENSE.md'), 'SCOPED PKGB TEXT');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aeb9262dd719bc7f Filesystem access.
repo/scripts/licenses/render-licenses-md.test.mjs:434
		await writeFile(path.join(pkgDir, 'README.md'), 'not a license');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8155b59783f2486e Filesystem access.
repo/scripts/licenses/render-licenses-md.test.mjs:435
		await writeFile(path.join(pkgDir, 'CHANGELOG'), 'not a license');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1c74fa3705ce023b Filesystem access.
repo/scripts/licenses/render-licenses-md.test.mjs:436
		await writeFile(path.join(pkgDir, 'package.json'), '{}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bea9ff6b8c3d6bca Filesystem access.
repo/scripts/licenses/render-licenses-md.test.mjs:437
		await writeFile(path.join(pkgDir, 'COPYING'), 'COPYING IS A LICENSE');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd7726bb646cc448 Filesystem access.
repo/scripts/mutation-health/build-matrix.mjs:202
	writeFileSync(file, JSON.stringify(coverageMap));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8e3270d00aec52db Filesystem access.
repo/scripts/mutation-health/build-matrix.mjs:210
		return parseLedgerBody(readFileSync(ledgerFile, 'utf8')).rows;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f465239ffc3567af Environment-variable access.
repo/scripts/mutation-health/build-matrix.mjs:241
	const sourceFile = (process.env.SOURCE_FILE ?? '').trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1894e0098a506971 Environment-variable access.
repo/scripts/mutation-health/build-matrix.mjs:242
	const requestedMode = (process.env.REQUESTED_MODE ?? 'both').trim() || 'both';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a48be001552e6645 Environment-variable access.
repo/scripts/mutation-health/build-matrix.mjs:243
	const topNRaw = (process.env.TOP_N ?? '6').trim() || '6';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #60f24b5cd72b6647 Environment-variable access.
repo/scripts/mutation-health/build-matrix.mjs:244
	const ledgerFile = (process.env.LEDGER_FILE ?? '').trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #30d3a8def0c4acea Environment-variable access.
repo/scripts/mutation-health/build-matrix.mjs:245
	const signalsFile = (process.env.SIGNALS_FILE ?? '').trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3b2161f25b8fccbe Environment-variable access.
repo/scripts/mutation-health/build-matrix.mjs:246
	const coverageFile = (process.env.COVERAGE_FILE ?? '').trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b24668fb999f443a Environment-variable access.
repo/scripts/mutation-health/build-matrix.mjs:267
	const bootstrapRaw = (process.env.BOOTSTRAP_PACKAGES ?? '').trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #28ed84f11bb78843 Filesystem access.
repo/scripts/mutation-health/emit-payload.mjs:309
	const summary = JSON.parse(await readFile(summaryPath, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #94edb12301689ab6 Filesystem access.
repo/scripts/mutation-health/emit-payload.mjs:331
		const signals = JSON.parse(await readFile(signalsPath, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fac402a823b3dd9f Filesystem access.
repo/scripts/mutation-health/emit-payload.mjs:362
	await writeFile(outPath, JSON.stringify({ ledger, events }, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0618ad41b992010 Filesystem access.
repo/scripts/mutation-health/ledger.mjs:48
	const raw = await readFile(path, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e312e91bf48aa288 Filesystem access.
repo/scripts/mutation-health/ledger.test.mjs:116
		writeFileSync(file, body(MULTI_PKG_FIXTURE));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #832e0a3e9321a7c1 Filesystem access.
repo/scripts/mutation-health/ledger.test.mjs:123
		writeFileSync(file, '');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #90a69d8cfa2f33b5 Filesystem access.
repo/scripts/mutation-health/ledger.test.mjs:130
		writeFileSync(file, body(MULTI_PKG_FIXTURE));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #edb369c5f10f5376 Environment-variable access.
repo/scripts/mutation-health/mutate.mjs:67
const THRESHOLD = Number(process.env.STRYKER_THRESHOLD ?? 80);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d4915d4f5dfeb6f8 Filesystem access.
repo/scripts/mutation-health/mutate.mjs:394
		await writeFile(summaryJsonPath, JSON.stringify(summary, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dc7b892ec4d8f11c Filesystem access.
repo/scripts/mutation-health/mutate.mjs:407
	const raw = JSON.parse(await readFile(rawJsonPath, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b8e9fa0a978400d7 Filesystem access.
repo/scripts/mutation-health/mutate.mjs:419
	await writeFile(summaryJsonPath, JSON.stringify(summary, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7d7e4328d34506da Filesystem access.
repo/scripts/mutation-health/pick-next.mjs:369
		return JSON.parse(await readFile(resolved, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #240177154571fe98 Filesystem access.
repo/scripts/mutation-health/pick-next.mjs:497
	const pkgName = JSON.parse(await readFile(pkgJsonPath, 'utf8')).name;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #35fe524fcdbd8bb3 Environment-variable access.
repo/scripts/mutation-health/stryker.default.mjs:34
	concurrency: Number(process.env.STRYKER_CONCURRENCY ?? 4),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #79a3170df520b749 Environment-variable access.
repo/scripts/prepare.mjs:6
if (process.env.CI || process.env.DOCKER_BUILD) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #16a0848a5ce8ba66 Environment-variable access.
repo/scripts/reset.mjs:8
process.env.FORCE_COLOR = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #66f2faab3b7f44a2 Environment-variable access.
repo/scripts/reset.mjs:32
const nodeOptions = process.env.NODE_OPTIONS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d8f86458004e2729 Environment-variable access.
repo/scripts/reset.mjs:33
	? `${process.env.NODE_OPTIONS} --max-old-space-size=${mem}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #156ee467cf2bb4d7 Environment-variable access.
repo/scripts/scan-n8n-image.mjs:11
process.env.FORCE_COLOR = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a79b6f93030cdd81 Environment-variable access.
repo/scripts/scan-n8n-image.mjs:18
	const resolved = path.resolve(process.env[envVar] || path.join(rootDir, defaultRelPath));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8951f865684ae83f Environment-variable access.
repo/scripts/scan-n8n-image.mjs:28
	imageBaseName: process.env.IMAGE_BASE_NAME || 'n8nio/n8n',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #97ea7159cffa7fa9 Environment-variable access.
repo/scripts/scan-n8n-image.mjs:29
	imageTag: process.env.IMAGE_TAG || 'local',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1942815b8a4247bd Environment-variable access.
repo/scripts/scan-n8n-image.mjs:30
	trivyImage: process.env.TRIVY_IMAGE || 'aquasec/trivy:latest',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8c7ef9c7ac6ad4ec Environment-variable access.
repo/scripts/scan-n8n-image.mjs:31
	severity: process.env.TRIVY_SEVERITY || 'CRITICAL,HIGH,MEDIUM,LOW',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1e64dc40d5f5cd65 Environment-variable access.
repo/scripts/scan-n8n-image.mjs:32
	outputFormat: process.env.TRIVY_FORMAT || 'table',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2977fba48ed0c1de Environment-variable access.
repo/scripts/scan-n8n-image.mjs:33
	outputFile: process.env.TRIVY_OUTPUT || null,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b9a1532d9344948d Environment-variable access.
repo/scripts/scan-n8n-image.mjs:34
	scanTimeout: process.env.TRIVY_TIMEOUT || '10m',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #201cf890e29d3457 Environment-variable access.
repo/scripts/scan-n8n-image.mjs:35
	ignoreUnfixed: process.env.TRIVY_IGNORE_UNFIXED === 'true',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f58fbda27ab4ed65 Environment-variable access.
repo/scripts/scan-n8n-image.mjs:36
	scanners: process.env.TRIVY_SCANNERS || 'vuln',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #931a9cb1176c6fda Environment-variable access.
repo/scripts/scan-n8n-image.mjs:37
	quiet: process.env.TRIVY_QUIET === 'true',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e2378c777fdd3d2f Environment-variable access.
repo/scripts/smoke-n8n-image.mjs:11
process.env.FORCE_COLOR = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d3d1571cb83a95b5 Environment-variable access.
repo/scripts/smoke-n8n-image.mjs:13
const IMAGE = process.env.SMOKE_IMAGE || 'n8nio/n8n:local';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9d99986d94a24800 Environment-variable access.
repo/scripts/smoke-n8n-image.mjs:24
	ref: process.env.CLOUD_CHART_REF || 'main',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9165460ec654c495 Environment-variable access.
repo/scripts/smoke-n8n-image.mjs:27
	chartPath: process.env.CLOUD_CHART_PATH || 'packages/instance-controller/charts/n8napp/n8n',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3ce57b8b757e4146 Environment-variable access.
repo/scripts/smoke-n8n-image.mjs:29
		process.env.CLOUD_CHART_VALUES ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a2cc11f89643d6f7 Environment-variable access.
repo/scripts/smoke-n8n-image.mjs:81
const cloud = process.env.SMOKE_SKIP_CLOUD === 'true' ? [] : await fetchCloudInvocations();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fd333f9c6c688327 Environment-variable access.
repo/scripts/smoke-n8n-image.mjs:82
if (process.env.SMOKE_SKIP_CLOUD !== 'true' && cloud.length === 0) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #19689fda951ee8d6 Filesystem access.
repo/scripts/typescript-migration/benchmark.mjs:62
		const pkg = JSON.parse(readFileSync(join(asDir, 'package.json'), 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d92e7ebfbe86e6ad Filesystem access.
repo/scripts/typescript-migration/benchmark.mjs:78
	const pkg = JSON.parse(readFileSync(join(dir, 'package.json'), 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ba3d0aee374a5bd2 Filesystem access.
repo/scripts/typescript-migration/benchmark.mjs:212
		? JSON.parse(readFileSync(resultsFile, 'utf8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6007e96ed077bf6d Filesystem access.
repo/scripts/typescript-migration/benchmark.mjs:221
	writeFileSync(resultsFile, `${JSON.stringify(data, null, 2)}\n`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8b812405fb5a43a3 Filesystem access.
repo/scripts/typescript-migration/summarize.mjs:96
		.map((f) => JSON.parse(readFileSync(join(RESULTS_DIR, f), 'utf8')))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d95001b6e9a418b0 Filesystem access.
repo/scripts/typescript-migration/summarize.mjs:121
	writeFileSync(out, `${md.join('\n')}\n`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/frontend/editor-ui

npm first-party
high pii_flow production #fd1ead654f4332e0 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/frontend/editor-ui/scripts/fetch-node-popularity.mjs:25 · flow /tmp/closeopen-zwski0h_/repo/packages/frontend/editor-ui/scripts/fetch-node-popularity.mjs:8 → /tmp/closeopen-zwski0h_/repo/packages/frontend/editor-ui/scripts/fetch-node-popularity.mjs:25
		const response = await fetch(POPULARITY_ENDPOINT, {
			signal: AbortSignal.timeout(5000),
		});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium telemetry production #6b296438276cc01d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useAutocompleteTelemetry.ts:93
		telemetry.track('User autocompleted code', payload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #64602a79ce2a6df6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useCalloutHelpers.ts:81
			telemetry.track('User clicked on RAG callout', {
				node_type: options.telemetry.nodeType ?? null,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #20611d4f78323603 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useCalloutHelpers.ts:85
			telemetry.track('User inserted tutorial template', {
				template: templateId,
				source: options.telemetry.source,
				node_type: options.telemetry.nodeType ?? null,
				section: options.telemetry.section ?? null,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #8913790f8015eb63 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useCanvasOperations.ts:285
		telemetry.track('User tidied up canvas', {
			source,
			target,
			nodes_count: result.nodes.length,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d5e2102329ab1b95 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useCanvasOperations.ts:608
			telemetry.track('User deleted workflow note', {
				workflow_id: workflowDocumentStore.value.workflowId,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ada51d86af400cb5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useCanvasOperations.ts:613
			telemetry.track('User deleted node', {
				node_type: node.type,
				workflow_id: workflowDocumentStore.value.workflowId,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #86729f8b393a08c8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useCanvasOperations.ts:1230
		telemetry.track('User inserted workflow note', {
			workflow_id: workflowDocumentStore.value.workflowId,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b74cdffdb1805caf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useCanvasOperations.ts:2956
						telemetry.track('User pasted nodes', {
							workflow_id: workflowDocumentStore.value.workflowId,
							node_graph_string: nodeGraph,
						});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #961a25e42b473317 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useCanvasOperations.ts:2961
						telemetry.track('User duplicated nodes', {
							workflow_id: workflowDocumentStore.value.workflowId,
							node_graph_string: nodeGraph,
						});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #fc8bf7621902c2d0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useCanvasOperations.ts:2966
						telemetry.track('User imported workflow', {
							source,
							workflow_id: workflowDocumentStore.value.workflowId,
							node_graph_string: nodeGraph,
						});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #3a81a6c02f4e9914 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useCanvasOperations.ts:3279
		telemetry.track('User copied nodes', {
			node_types: workflowData.nodes.map((node) => node.type),
			workflow_id: workflowDocumentStore.value.workflowId,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b8542a57e6ebe8d1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useCanvasOperations.ts:3353
		telemetry.track('User clicked chat open button', payload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #7fb1937f7530fecc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useCanvasOperations.ts:3538
		telemetry.track('User inserted workflow template', {
			source: 'workflow',
			template_id: tryToParseNumber(templateId),
			wf_template_repo_session_id: templatesStore.previousSessionId,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #9a712c4a46dac851 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useCollectionOverhaul.ts:6
	const postHogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #492e31cc6165b803 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useErrorHandler.ts:3
import { captureException } from '@sentry/vue';

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a6cbe871a42d9b18 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useFreeAiCredits.ts:79
			telemetry.track('User claimed OpenAI credits', { source });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #045690b3529fb228 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useGlobalEntityCreation.ts:460
			telemetry.track('User clicked sidebar add variable button');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b5136d060b7659d9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useGlobalEntityCreation.ts:465
			telemetry.track('User clicked sidebar add data table button');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #653884074ca37777 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useHistoryHelper.ts:90
			telemetry.track(`User hit ${type}`, { commands_length: 1, commands: [command.name] });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #fa373d076b62dc5f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useHistoryHelper.ts:92
			telemetry.track(`User hit ${type}`, {
				commands_length: command.commands.length,
				commands: command.commands.map((c) => c.name),
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #3f35b57064df80ea Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useHistoryHelper.ts:102
			telemetry?.track('User hit undo in NDV', { node_type: activeNode.type });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #05dac999eb0bf783 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useNodeExecution.ts:427
			telemetry.track('User clicked execute node button', telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #16cb2e929f0002bd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useNodeHelpers.ts:798
			telemetry.track('User set node enabled status', {
				node_type: node.type,
				is_enabled: node.disabled,
				workflow_id: workflowDocumentStore.value.workflowId,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b0425a768ed03146 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/usePageRedirectionHelper.ts:63
		telemetry.track('User clicked upgrade CTA', {
			source,
			isTrial: userIsTrialing,
			deploymentType,
			trialDaysLeft,
			executionsLeft,
			workflowsLeft,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #586e45582a59117f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/usePinnedData.ts:241
		telemetry.track('Ndv data pinning success', telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #8c6196eb23c9788f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/usePinnedData.ts:255
		telemetry.track('Ndv data pinning failure', {
			pinning_source: source,
			node_type: targetNode?.type,
			push_ref: rootStore.pushRef,
			data_size: stringSizeInBytes(data.value),
			view: displayMode,
			run_index: runIndex,
			error_type: errorType,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #8af70e83d083db68 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/usePinnedData.ts:307
		telemetry.track('User unpinned ndv data', {
			node_type: targetNode?.type,
			push_ref: rootStore.pushRef,
			run_index: runIndex,
			source,
			data_size: stringSizeInBytes(data.value),
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #51ef885fd05bf2da Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/usePostMessageHandler.ts:176
		telemetry.track('User opened read-only execution', {
			workflow_id: data.workflowData.id,
			execution_mode: data.mode,
			execution_finished: data.finished,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ba42ed1de6d05a0d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/usePushConnection/handlers/executionFinished.ts:121
			telemetry.track('User executed test AI workflow', {
				status: data.status,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #07e3bb7b6a4284c7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/usePushConnection/handlers/executionFinished.ts:140
			telemetry.track('User executed tutorial template', {
				template: templateId,
				status: data.status,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #260db5771e00bcca Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/usePushConnection/handlers/executionFinished.ts:401
		telemetry.track('Instance FE emitted paired item error', eventData);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a310b2a68bab2284 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/usePushConnection/handlers/trackNodeExecution.ts:23
		telemetry.track('Manual exec errored', {
			error_title: pushData.data.error.message,
			node_type: node?.type,
			node_type_version: node?.typeVersion,
			node_id: node?.id,
			node_graph_string: JSON.stringify(
				TelemetryHelpers.generateNodesGraph(
					workflowDocumentStore.serialize(),
					workflowHelpers.getNodeTypes(),
					{
						isCloudDeployment: settingsStore.isCloudDeployment,
					},
				).nodeGraph,
			),
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #92d3c11869d69d67 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useRunWorkflow.ts:651
		telemetry.track('User clicked execute workflow button', telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ffb00110098946fd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useToast.ts:82
			telemetry.track('Instance FE emitted error', {
				error_title: params.title,
				error_message: messageForTelemetry,
				caused_by_credential: causedByCredential(messageForTelemetry),
				workflow_id: workflowDocumentStore.value.workflowId,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ff855f11d645a2f8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useToast.ts:177
		telemetry.track('Instance FE emitted error', {
			error_title: title,
			error_description: message,
			error_message: error.message,
			caused_by_credential: causedByCredential(error.message),
			workflow_id: workflowDocumentStore.value.workflowId,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #74e86d8c1254c19c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useWorkflowActivate.ts:200
		telemetry.track('User set workflow active status', telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b5bda6625d20e0d6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useWorkflowExtraction.ts:526
		telemetry.track('User started nodes to sub-workflow extraction', {
			node_count: nodeCount,
			success,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #f9ee9b642f68920b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useWorkflowExtraction.ts:533
		telemetry.track('User extracted nodes to sub-workflow', {
			node_count: nodeCount,
			success,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #92c4cbfe6600b16e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useWorkflowInitialization.ts:352
				telemetry.track(
					`User opened workflow from onboarding template with ID ${workflowData.meta.onboardingId}`,
					{ workflow_id: id },
				);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #19eda0def8ae1ef1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useWorkflowSaving.ts:264
					telemetry.track('User attempted to save locked workflow', {
						workflowId: currentWorkflow,
						sharing_role: getWorkflowProjectRole(currentWorkflow),
					});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #075cf5323f94d076 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/composables/useWorkflowSaving.ts:523
				telemetry.track('User saved new workflow from template', {
					template_id: tryToParseNumber(String(templateId)),
					workflow_id: workflowData.id,
					wf_template_repo_session_id: templatesStore.previousSessionId,
				});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #f3e0634fb2e77f21 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/init.ts:234
	const postHogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #dade4070bcdb7e0b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/plugins/sentry.test.ts:1
import type * as Sentry from '@sentry/vue';

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #9de5c84c5b03014b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/plugins/sentry.ts:4
import * as Sentry from '@sentry/vue';

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #36c3a269244cdcfb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/plugins/telemetry.test.ts:194
			telemetry.track(event, properties);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b85683db4e240dc5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/plugins/telemetry.test.ts:217
			telemetry.track(event, properties);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #332611e725809b6e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/plugins/telemetry/index.ts:69
		this.track('Session started', { session_id: rootStore.pushRef });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #5ff5ab4d9b9f16ef Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/plugins/telemetry/index.ts:115
		this.rudderStack.track(event, updatedProperties, {
			context: {
				// provide a fake IP address to instruct RudderStack to not use the user's IP address
				ip: '0.0.0.0',
			},
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #24469938414de2e9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/plugins/telemetry/index.ts:123
			usePostHog().capture(event, updatedProperties);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #5c83ec7eb0e29c1d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/plugins/telemetry/index.ts:176
					this.track('Ai code generation finished', properties);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #6ccc04c97e5cf504 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/plugins/telemetry/index.ts:190
					this.track('Ai Transform code generation finished', properties);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b0fbcfdef2b1cac4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/plugins/telemetry/index.ts:208
				this.track('User toggled n8n reference option', {
					node: nodeType,
					toValue: change.value,
				});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #c978f4bf8f7be014 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/router.test.ts:212
			const posthog = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #58dc84779cd09723 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/router.test.ts:217
			const posthog = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #fdb9c5a2970ae53a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/router.test.ts:225
			const posthog = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #6fff72b0f3aeee59 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/router.test.ts:238
			const posthog = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #31fe9ebbd30c19a6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/router.ts:256
			const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e6e6a493f581785f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/router.ts:306
			const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #24bea1bf1b295396 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/favorites.store.ts:67
			telemetry.track('User toggled favorite', {
				action: 'removed',
				resource_type: resourceType,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d4cfcedeff5a96f8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/favorites.store.ts:75
			telemetry.track('User toggled favorite', {
				action: 'added',
				resource_type: resourceType,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d246b2c46f2d081b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/logs.store.ts:92
		telemetry.track('User toggled log view sub pane', {
			pane: 'input',
			newState: wasOpen ? 'hidden' : 'visible',
			isSubNode: isSubNodeSelected.value,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #7f27233950d10f09 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/logs.store.ts:113
		telemetry.track('User toggled log view sub pane', {
			pane: 'output',
			newState: wasOpen ? 'hidden' : 'visible',
			isSubNode: isSubNodeSelected.value,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #fc0131c75f8f417e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/posthog.store.test.ts:119
			const posthog = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #2a7e39e81644f400 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/posthog.store.test.ts:120
			posthog.init();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #06750638e9ec7d40 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/posthog.store.test.ts:127
			const posthog = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #6a5d41168e396b60 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/posthog.store.test.ts:128
			posthog.init();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #cf36c1717c658ccc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/posthog.store.test.ts:152
			const posthog = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ed92ac05ff683df3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/posthog.store.test.ts:153
			posthog.init(flags);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b08f0918e5bc7e04 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/posthog.store.test.ts:155
			expect(posthog.getVariant('test')).toEqual(flags[TEST]);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b1af8c91218366db Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/posthog.store.test.ts:168
			const posthog = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #237b2099f9927226 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/posthog.store.test.ts:169
			posthog.init();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #3dded12d17394976 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/posthog.store.test.ts:183
			const posthog = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #681eb3b9c78132c3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/posthog.store.test.ts:184
			posthog.init();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d1876ff9bd402435 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/posthog.store.test.ts:194
			const posthog = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ee5c3c21e0050565 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/posthog.store.test.ts:196
			posthog.capture('Test event', { test: 'value' });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #860f26f505a9faff Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/posthog.store.test.ts:204
			const posthog = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #3befd48a170ba837 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/posthog.store.test.ts:206
			posthog.capture('Test event', {
				test: 'value',
				$groups: {
					organization: 'n8n',
				},
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #f2cd64d463566a59 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/posthog.store.test.ts:226
			const posthog = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #96b2db6e310120e6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/posthog.store.test.ts:227
			posthog.init(flags);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #768bbe24e0222242 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/posthog.store.test.ts:232
			expect(posthog.getVariant('test')).toEqual('override');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #06e371f901a54d2e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/posthog.store.test.ts:246
			const posthog = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #316357b69814ebba Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/posthog.store.test.ts:247
			posthog.init();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ecbe274ea4dc1e26 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/posthog.store.test.ts:249
			expect(posthog.hasPendingFeatureFlags()).toBe(true);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #fb8bbbbf0760533e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/posthog.store.test.ts:253
			const waitForFlags = posthog.waitForFeatureFlags().then(() => {

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b07bc50513f63f81 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/posthog.store.test.ts:263
			expect(posthog.hasPendingFeatureFlags()).toBe(false);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #4194b8dd9d9459f1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/posthog.store.test.ts:264
			expect(posthog.getVariant('test')).toEqual('variant');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #5aaf6e11ceda1eac Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/posthog.store.ts:147
		telemetry.track(TELEMETRY_EVENTS.IS_PART_OF_EXPERIMENT, {
			name,
			variant,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #bd6f18fcbcf9da13 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/ui.store.ts:596
		telemetry.track('User clicked to open community node update modal', {
			source,
			package_name: packageName,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a3b09d401493a697 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/ui.store.ts:646
		telemetry.track('User toggled sidebar', {
			expanded: !sidebarMenuCollapsed.value,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #2494d9ce15eef4b4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/app/stores/versions.store.ts:213
								telemetry.track("User clicked on what's new notification", {
									article_id: articleId,
								});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #f18533e2c8dbc3db Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/aiTemplatesStarterCollection/stores/aiTemplatesStarterCollection.store.ts:27
		const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a7e83937d2b16fca Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/aiTemplatesStarterCollection/stores/aiTemplatesStarterCollection.store.ts:71
			telemetry.track('User created AI templates starter collection', {
				source,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #7552b5302da53842 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/aiTemplatesStarterCollection/stores/aiTemplatesStarterCollection.store.ts:77
			telemetry.track('User dismissed AI templates starter collection callout');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d4704fd9e2dcf430 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/aiTemplatesStarterCollection/stores/aiTemplatesStarterCollection.store.ts:81
			telemetry.track('User opened AI template workflow', {
				template,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #4670393ab51ba330 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/aiTemplatesStarterCollection/stores/aiTemplatesStarterCollection.store.ts:87
			telemetry.track('User executed AI template', {
				template,
				status,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a826580aeb272137 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/credentialsAppSelection/stores/credentialsAppSelection.store.ts:16
		const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #874fc35507ea16a3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/credentialsAppSelection/stores/credentialsAppSelection.store.ts:52
			telemetry.track('App selection page viewed');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b880b2deb6111df2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/credentialsAppSelection/stores/credentialsAppSelection.store.ts:56
			telemetry.track('App selection search performed', {
				search_term: searchTerm,
				result_count: resultCount,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #19a075fb103fc10b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/credentialsAppSelection/stores/credentialsAppSelection.store.ts:67
			telemetry.track('App selection completed', {
				connected_count: connectedCount.value,
				connected_apps: connectedApps,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #6e794bc4142cbcf3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/emptyStateBuilderPrompt/stores/emptyStateBuilderPrompt.store.ts:25
		const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #5611983d9acd9e3b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/emptyStateBuilderPrompt/stores/emptyStateBuilderPrompt.store.ts:66
			telemetry.track('User submitted empty state builder prompt', {
				prompt_length: prompt.length,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d189661f9063b8a7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/emptyStateBuilderPrompt/stores/emptyStateBuilderPrompt.store.ts:103
			telemetry.track('User imported workflow from empty state', {
				node_count: workflowData.nodes?.length ?? 0,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #531debe858b9c084 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/evaluationsWizardSidepanel/useEvaluationsWizardSidepanelExperiment.ts:7
	const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e2d1461ece0f1a70 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/instanceAiBrowserCredentialSetup/useInstanceAiBrowserCredentialSetupExperiment.ts:7
	const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #bb0f742318ec1bb1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/instanceAiBrowserUse/useInstanceAiBrowserUseExperiment.ts:7
	const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #de7df054369b3f00 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/instanceAiComputerUse/useInstanceAiComputerUseExperiment.ts:7
	const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #4771e0b1f52bd357 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/instanceAiMcpConnections/useInstanceAiMcpConnectionsExperiment.ts:7
	const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a8efa96f983c348f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/instanceAiPersonalizedPromptSuggestions/useInstanceAiPersonalizedPromptSuggestionsExperiment.ts:9
	const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #8fe6087e078ed7a5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/instanceAiProactiveAgent/useInstanceAiProactiveAgentExperiment.ts:7
	const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b2573ca9ec1e6592 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/instanceAiPromptSuggestionsV2/useInstanceAiPromptSuggestionsV2Experiment.ts:7
	const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #0797500afa62c3fd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/instanceAiSplitEmptyState/useInstanceAiSplitEmptyStateExperiment.ts:6
	const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ee3cc43f3524be1e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/instanceAiTemplateExamples/useInstanceAiTemplateExamplesExperiment.ts:7
	const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #2560d032e5791247 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/personalizedTemplates/stores/personalizedTemplates.store.ts:68
	const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a690fc5dd9c91493 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/personalizedTemplates/stores/personalizedTemplates.store.ts:99
		telemetry.track('User was recommended personalized templates', {
			templateIds,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ec599c1bd81b7f65 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/personalizedTemplates/stores/personalizedTemplates.store.ts:105
		telemetry.track('User clicked on personalized template callout', {
			templateId,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #25d0dae93b2ea422 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/personalizedTemplates/stores/personalizedTemplates.store.ts:111
		telemetry.track('User dismissed personalized template callout', {
			templateId,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #f8406787d89d5c81 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/personalizedTemplatesV3/stores/personalizedTemplatesV3.store.ts:14
	const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d134d1cbf195b91f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/personalizedTemplatesV3/stores/personalizedTemplatesV3.store.ts:74
		telemetry.track('User clicked on personalization card');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #4b1ee55491d6af32 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/personalizedTemplatesV3/stores/personalizedTemplatesV3.store.ts:78
		telemetry.track('User viewed personalization modal');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #abc503e0d3589411 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/personalizedTemplatesV3/stores/personalizedTemplatesV3.store.ts:82
		telemetry.track('User viewed personalization tooltip');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ac8ee8b76c9f4222 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/personalizedTemplatesV3/stores/personalizedTemplatesV3.store.ts:86
		telemetry.track('User dismissed personalization tooltip');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #0c7e07ce611abdf3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/personalizedTemplatesV3/stores/personalizedTemplatesV3.store.ts:90
		telemetry.track('User clicked on template from modal', {
			templateId,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #6411fa6e7073b67f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/personalizedTemplatesV3/stores/personalizedTemplatesV3.store.ts:96
		telemetry.track('User clicked on templates repo from modal');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #04aed61da8e0820e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/personalizedTemplatesV3/stores/personalizedTemplatesV3.store.ts:120
			telemetry.track(TELEMETRY_EVENTS.IS_PART_OF_EXPERIMENT, {
				name: PERSONALIZED_TEMPLATES_V3.name,
				variant,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #15a96faaaf2e8a5a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/readyToRunWorkflows/stores/readyToRunWorkflows.store.ts:27
		const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #6482135656172a5b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/readyToRunWorkflows/stores/readyToRunWorkflows.store.ts:49
			telemetry.track('User created ready to run workflows', {
				source,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #12307ef27d9b6e57 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/readyToRunWorkflows/stores/readyToRunWorkflows.store.ts:55
			telemetry.track('User dismissed ready to run workflows callout');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #4758d966e2e4b799 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/readyToRunWorkflows/stores/readyToRunWorkflows.store.ts:59
			telemetry.track('User opened ready to run workflow', {
				template,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e948e3327bc06a6b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/readyToRunWorkflows/stores/readyToRunWorkflows.store.ts:65
			telemetry.track('User executed ready to run workflow', {
				template,
				status,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #0add63fcd29ceb6c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/readyToRunWorkflowsV2/stores/readyToRunWorkflowsV2.store.ts:14
		const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #af6ba793e2663087 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/resourceCenter/stores/resourceCenter.store.ts:20
	const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #6ae1fbd9d1647a89 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/resourceCenter/stores/resourceCenter.store.ts:69
		telemetry.track('User visited resource center');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a5984993a3f4fc60 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/resourceCenter/stores/resourceCenter.store.ts:73
		telemetry.track('User clicked on resource center tile', { section, type, id });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d1d0bcaae508d284 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/sidebarExpanded/useSidebarExpandedExperiment.ts:7
	const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #6d687cc28319c661 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/surfaceMcpToNewCloudUsers/stores/surfaceMcpToNewCloudUsers.store.ts:28
		const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #689a49e67f7c28d4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/surfaceMcpToNewCloudUsers/stores/surfaceMcpToNewCloudUsers.store.ts:72
			telemetry.track(
				'MCP onboarding entry point viewed',
				getTelemetryPayload({
					surface,
					entry_point: entryPoint,
					mcp_access_enabled: mcpAccessEnabled,
				}),
			);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #2712991a78452e8b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/surfaceMcpToNewCloudUsers/stores/surfaceMcpToNewCloudUsers.store.ts:89
			telemetry.track(
				'MCP onboarding opportunity viewed',
				getTelemetryPayload({
					surface,
					entry_point: entryPoint,
					eligible: true,
					surface_available: surfaceAvailable,
					suppressed_by: suppressedBy,
					mcp_access_enabled: mcpAccessEnabled,
				}),
			);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ca76a3b08a931ca8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/surfaceMcpToNewCloudUsers/stores/surfaceMcpToNewCloudUsers.store.ts:106
			telemetry.track(
				'MCP onboarding opened',
				getTelemetryPayload({
					surface,
					...(payload.entryPoint ? { entry_point: payload.entryPoint } : {}),
					...(payload.mcpAccessEnabled !== undefined
						? { mcp_access_enabled: payload.mcpAccessEnabled }
						: {}),
				}),
			);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #614afbcc1a0427b4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/surfaceMcpToNewCloudUsers/stores/surfaceMcpToNewCloudUsers.store.ts:126
			telemetry.track(
				'MCP onboarding dismissed',
				getTelemetryPayload({
					surface,
					...(payload.activeClient ? { active_client: payload.activeClient } : {}),
					...(payload.enabledDuringThisOpen !== undefined
						? { enabled_during_this_open: payload.enabledDuringThisOpen }
						: {}),
					...(payload.mcpAccessEnabled !== undefined
						? { mcp_access_enabled: payload.mcpAccessEnabled }
						: {}),
				}),
			);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #2a69bd6f62e352e7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/surfaceMcpToNewCloudUsers/stores/surfaceMcpToNewCloudUsers.store.ts:142
			telemetry.track('MCP onboarding enable clicked', getTelemetryPayload({ surface }));

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #df13826da8f7b1fa Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/surfaceMcpToNewCloudUsers/stores/surfaceMcpToNewCloudUsers.store.ts:146
			telemetry.track('MCP onboarding enabled', getTelemetryPayload({ surface }));

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #c11b9a4c5d34c248 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/surfaceMcpToNewCloudUsers/stores/surfaceMcpToNewCloudUsers.store.ts:150
			telemetry.track(
				'MCP onboarding enable failed',
				getTelemetryPayload({ surface, error_type: errorType }),
			);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ccada81f1c6a9fb3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/surfaceMcpToNewCloudUsers/stores/surfaceMcpToNewCloudUsers.store.ts:160
			telemetry.track('MCP onboarding client selected', getTelemetryPayload({ surface, client }));

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #0c70a061c62d769c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/surfaceMcpToNewCloudUsers/stores/surfaceMcpToNewCloudUsers.store.ts:168
			telemetry.track(
				'MCP onboarding setup shown',
				getTelemetryPayload({ surface, client, setup_type: setupType }),
			);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #259c0041905e4bb4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/surfaceMcpToNewCloudUsers/stores/surfaceMcpToNewCloudUsers.store.ts:179
			telemetry.track(
				'MCP onboarding copied parameter',
				getTelemetryPayload({ surface, client, parameter }),
			);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #8ed7e064b4768c00 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/templateRecoV2/stores/templateRecoV2.store.ts:17
		const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b7c4f64285196b9f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/templateRecoV2/stores/templateRecoV2.store.ts:59
			telemetry.track('User clicked on node minicard', {
				tool,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a61289342c183453 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/templateRecoV2/stores/templateRecoV2.store.ts:65
			telemetry.track('User visited template recommendation modal tab', {
				tool,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #2e1868212ade92d9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/templateRecoV2/stores/templateRecoV2.store.ts:71
			telemetry.track('User clicked on template recommendation tile', {
				templateId,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #6db891241a449890 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/templateRecoV2/stores/templateRecoV2.store.ts:77
			telemetry.track('User clicked on template recommendation video', {
				name,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b4c4ef0c50022e3a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/templateRecoV2/stores/templateRecoV2.store.ts:83
			telemetry.track('User clicked on template recommendation see more', {
				type,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b21499053944d8e6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/utils.ts:34
		usePostHog().getVariant(EXTRA_TEMPLATE_LINKS_EXPERIMENT.name) ===

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #9732766d7fc3c06d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/experiments/utils.ts:79
	useTelemetry().track('User clicked on templates', {
		role: useCloudPlanStore().currentUserCloudInfo?.role,
		active_workflow_count: useWorkflowsListStore().activeWorkflows.length,
		source,
	});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e7f4f0ac61cb49b4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/agents/composables/useAgentCreate.ts:57
		telemetry.track('User created agent', {
			agent_id: agent.id,
			source: options.telemetrySource,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #682af033c9887be5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/agents/composables/useAgentTelemetry.ts:31
			telemetry.track(event, props);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #034b8465ab22b78d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/agents/composables/useAgentToolTelemetry.ts:39
		telemetry.track(
			'User started adding agent tool',
			withAgent({ tool_type: toolType, source: 'manual' }),
		);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #90673bc5302a6380 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/agents/composables/useAgentToolTelemetry.ts:47
		telemetry.track(
			'User added agent tool',
			withAgent({
				tool_type: ref.type,
				has_approval: ref.requireApproval ?? false,
				...identityProps(ref),
			}),
		);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #aaffb276fd2d6de8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/agents/composables/useAgentToolTelemetry.ts:59
		telemetry.track(
			'User added agent tool',
			withAgent({
				tool_type: 'mcpServer',
				has_approval: false,
				server_name: server.name,
				authentication: server.authentication,
			}),
		);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #2a67f19785a4b3b5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/agents/composables/useAgentToolTelemetry.ts:72
		telemetry.track(
			'User edited agent tool',
			withAgent({ tool_type: ref.type, ...identityProps(ref) }),
		);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a1f72c6d42e59370 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/agents/composables/useAgentToolTelemetry.ts:80
		telemetry.track(
			'User removed agent tool',
			withAgent({ tool_type: ref.type, ...identityProps(ref) }),
		);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #53cb60bde89272c1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/assistant/assistant.store.test.ts:103
		posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #3578731d09470aba Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/assistant/assistant.store.ts:280
			telemetry.track('Assistant session started', {
				chat_session_id: currentSessionId.value,
				task: chatSessionTask.value,
				node_type: chatSessionError.value?.node.type,
				credential_type: chatSessionCredType.value?.name,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #fbfee8f564b30968 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/assistant/assistant.store.ts:610
			telemetry.track('User executed node after assistant suggestion', {
				task: chatSessionTask.value,
				chat_session_id: currentSessionId.value,
				success: false,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e13a6f4c10e5e6c1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/assistant/assistant.store.ts:621
			telemetry.track('User executed node after assistant suggestion', {
				task: chatSessionTask.value,
				chat_session_id: currentSessionId.value,
				success: true,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #4a7b49034182f94b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/assistant/assistant.store.ts:696
		telemetry.track('User sent message in Assistant', {
			message,
			is_quick_reply: isQuickReply,
			chat_session_id: currentSessionId.value,
			message_number: usersMessages.value.length,
			task: chatSessionTask.value,
			allow_sending_parameter_values: allowSendingParameterValues.value,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #43bd4be9b519f271 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/assistant/assistant.store.ts:733
		telemetry.track('User opened assistant', {
			source,
			task,
			has_existing_session,
			instance_id: rootStore.instanceId,
			workflow_id: workflowId,
			canvas_status: canvasStatus,
			node_type: chatSessionError.value?.node?.type,
			error: chatSessionError.value?.error,
			chat_session_id: currentSessionId.value,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #7d37d43405c8c96b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/assistant/builder.store.test.ts:172
		posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #f8877a724095e901 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/assistant/builder.store.ts:272
	const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #442b0f33d972c7ff Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/assistant/builder.store.ts:510
		telemetry.track('End of response from builder', {
			user_message_id: userMessageId,
			workflow_id: routeWorkflowId.value,
			session_id: trackingSessionId.value,
			tab_visible: document.visibilityState === 'visible',
			code_builder: isCodeBuilder.value,
			mode: builderMode.value,
			...(planApproved ? { plan_approved: true } : {}),
			...getWorkflowModifications(currentStreamingMessage.value),
			...payload,
			...getTodosToTrack(),
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d9aa1554706cef73 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/assistant/builder.store.ts:797
		telemetry.track('User submitted builder message', trackingPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #500e6c85cbe17453 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/assistant/builder.store.ts:804
			telemetry.track('ai.focusedNodes.chatSent', {
				focused_count: focusedCount,
				has_deictic_ref: hasDeicticRef,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d93541e534107efa Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/assistant/builder.store.ts:1543
		telemetry.track('Workflow builder journey', payload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d760835e4d377a1b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/assistant/builder.utils.ts:41
	const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #6480f6ae4d6c0851 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/assistant/chatPanel.store.ts:45
	const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #6e185355a9268290 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/assistant/composables/useAskModeCoachmark.ts:23
	const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ba1e1b82311b6122 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/assistant/composables/useReviewChanges.ts:41
	const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #493b672f5fbf4da4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/assistant/focusedNodes.store.ts:30
	const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b148d246b12736b5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/assistant/focusedNodes.store.ts:121
			telemetry.track('ai.focusedNodes.added', {
				source,
				node_count: nodeTypes.length,
				node_types: nodeTypes,
				...(source === 'mention' && options?.mentionQueryLength !== undefined
					? { mention_query_length: options.mentionQueryLength }
					: {}),
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #35b3a00a034e9009 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/assistant/focusedNodes.store.ts:191
			telemetry.track('ai.focusedNodes.removed', {
				method,
				removed_count: 1,
				remaining_count: confirmedNodes.value.length,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #904bb261baf2c15e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/assistant/focusedNodes.store.ts:204
			telemetry.track('ai.focusedNodes.removed', {
				method: 'clear_all',
				removed_count: previousCount,
				remaining_count: 0,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #6ed2419fd5af61ed Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/assistant/focusedNodes.store.ts:258
			telemetry.track('ai.focusedNodes.removed', {
				method: 'clear_all',
				removed_count: previousCount,
				remaining_count: confirmedNodes.value.length,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #adfc3ab30f93c6a3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/assistant/focusedNodes.store.ts:273
				telemetry.track('ai.focusedNodes.removed', {
					method: 'workflow_changed',
					removed_count: previousCount,
					remaining_count: 0,
				});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #8b67134be0cd00e0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/assistant/focusedNodes.store.ts:301
				telemetry.track('ai.focusedNodes.removed', {
					method: 'node_deleted',
					removed_count: deletedConfirmedCount,
					remaining_count: confirmedNodes.value.length,
				});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a5da609b0b0828c0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/chatHub/chat.store.ts:632
		telemetry.track('User sent chat hub message', {
			...flattenModel(agent.model),
			is_custom: agent.model.provider === 'custom-agent',
			chat_session_id: sessionId,
			mode,
			source,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a9f4842d97832d0f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/chatHub/chat.store.ts:757
		telemetry.track('User edited chat hub message', {
			...flattenModel(agent.model),
			is_custom: agent.model.provider === 'custom-agent',
			chat_session_id: sessionId,
			chat_message_id: editId,
			mode,
			source,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #3818e5dbf83f0982 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/chatHub/chat.store.ts:832
		telemetry.track('User regenerated chat hub message', {
			...flattenModel(agent.model),
			is_custom: agent.model.provider === 'custom-agent',
			chat_session_id: sessionId,
			chat_message_id: retryId,
			mode,
			source,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #cc21c3576f78845b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/chatHub/chat.store.ts:1026
		telemetry.track('User created agent', { ...flattenModel(payload) });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #bd6a756cd647da97 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/chatHub/chatHubPanel.store.ts:21
	const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #342d71bccb693734 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/chatHub/chatHubPanel.store.ts:42
		telemetry.track('User opened floating chat panel', { source: 'canvas' });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #85dad97a717e9d01 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/chatHub/chatHubPanel.store.ts:62
		telemetry.track('User popped out floating chat panel', { source: 'canvas' });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #2156f9f0695c8cb1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/chatHub/components/AgentEditorModal.test.ts:539
			const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #547c68f50b2c2d65 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/evaluation.ee/components/WizardSidepanel/useWizardPersistence.ts:196
			telemetry.track('User ran evaluation', {
				workflow_id: workflowId,
				run_id: dispatched?.testRunId ?? null,
				metric_count: wizardStore.selectedMetricKeys.length,
				custom_check_count: wizardStore.customChecks.length,
				slice_mode: wizardStore.isSliceMode,
				trigger,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #eea9b5755e5effde Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/evaluation.ee/composables/useEvalCollectionsFlag.ts:19
	const postHog = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #dd8030490332c1bd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/instanceAi/composables/useInstanceAiHandoffCapability.ts:132
		telemetry.track('Instance AI opened from editor', {
			source,
			workflow_id: workflowId,
			execution_id: executionId ?? null,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #6687a7cf0458b0ea Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/instanceAi/composables/useInstanceAiHandoffCapability.ts:144
			telemetry.track('Instance AI opened from editor', {
				source,
				workflow_id: null,
				execution_id: null,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #8829ceeada191c95 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/instanceAi/composables/useInstanceAiHandoffCapability.ts:171
		telemetry.track('Instance AI opened from editor', {
			source,
			workflow_id: null,
			execution_id: null,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a8972571c488e98f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/instanceAi/instanceAi.threadRuntime.ts:428
			telemetry.track('User viewed new builder workflow', {
				thread_id: threadId,
				instance_id: rootStore.instanceId,
				workflow_id: workflowId,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #90d51a194cf63151 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/instanceAi/instanceAi.threadRuntime.ts:470
			telemetry.track('Builder generation stalled', { thread_id: threadId });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #4d804f086eac86fc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/instanceAi/instanceAi.threadRuntime.ts:602
					telemetry.track('User finished providing input', {
						thread_id: threadId,
						input_thread_id: conf.inputThreadId ?? '',
						instance_id: rootStore.instanceId,
						type: 'approval',
						provided_inputs: [
							{
								label: conf.message,
								options: ['approve', 'deny', 'approve_always'],
								option_chosen: 'approve_auto',
							},
						],
						skipped_inputs: [],
						auto_resolved: true,
					});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #3388cb972fdf02fe Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/instanceAi/instanceAi.threadRuntime.ts:991
		telemetry.track('User sent builder message', {
			thread_id: threadId,
			instance_id: rootStore.instanceId,
			is_first_message: isFirstMessage,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d4bc567312d22912 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/instanceAi/instanceAiBrowserUse.telemetry.ts:7
			telemetry.track('Instance AI Connect Browser Use modal opened');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #05fe94ae82541e9d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/instanceAi/instanceAiBrowserUse.telemetry.ts:10
			telemetry.track('Instance AI Install Chrome Browser Extension button clicked');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #f173240371766c69 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/instanceAi/instanceAiBrowserUse.telemetry.ts:13
			telemetry.track('Instance AI Open Browser Use Extension button clicked');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #0806388a7a969b9b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/instanceAi/instanceAiMcp.telemetry.ts:7
			telemetry.track('Instance AI mcp modal opened');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #5e3b5a1590587437 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/instanceAi/instanceAiMcp.telemetry.ts:10
			telemetry.track('Instance AI mcp settings opened', { server_slug: serverSlug });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e7ff7979c6ea1a6e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/instanceAi/instanceAiPromptSuggestions.telemetry.ts:76
			telemetry.track('Instance AI prompt suggestions shown', createBasePayload(context));

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #62d6c03adb1e453c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/instanceAi/instanceAiPromptSuggestions.telemetry.ts:80
			telemetry.track('Instance AI quick examples opened', {
				...createBasePayload(context),
				suggestion_id: context.suggestionId,
				position: context.position,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #6433317fa43ccd47 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/instanceAi/instanceAiPromptSuggestions.telemetry.ts:88
			telemetry.track('Instance AI prompt suggestions cycled', {
				...context.telemetryPayload,
				suggestion_catalog_version: resolveSuggestionCatalogVersion(context),
				visible_suggestion_ids: context.visibleSuggestionIds,
				cycle_count: context.cycleCount,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ef5d9f4421021b0f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/instanceAi/instanceAiPromptSuggestions.telemetry.ts:97
			telemetry.track('Instance AI prompt suggestion selected', {
				...createBasePayload(context),
				suggestion_id: context.suggestionId,
				suggestion_kind: context.suggestionKind,
				position: context.position,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #bf227c0c8a5423ef Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/instanceAi/instanceAiPromptSuggestions.telemetry.ts:106
			telemetry.track('Instance AI prompt suggestion submitted', {
				...createBasePayload(context),
				suggestion_id: context.suggestionId,
				suggestion_kind: context.suggestionKind,
				position: context.position,
				prompt_modified: context.promptModified,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a6dee8e2ac9c2ec1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/instanceAi/useResponseFeedback.ts:116
			telemetry.track('User rated workflow generation', {
				thread_id: threadId,
				response_id: responseId,
				helpful: payload.rating === 'up',
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d2a50856a715fb4a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/instanceAi/useResponseFeedback.ts:128
			telemetry.track('User submitted workflow generation feedback', {
				thread_id: threadId,
				response_id: responseId,
				feedback: payload.feedback,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #15d0de5cebcec565 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/instanceAi/workflowSetup/composables/useWorkflowSetupTelemetry.ts:141
		telemetry.track('Instance AI workflow setup step shown', getStepTelemetryPayload(step));

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #79900e5dd46f27a8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/instanceAi/workflowSetup/composables/useWorkflowSetupTelemetry.ts:152
		telemetry.track(
			'Instance AI workflow setup step handled',
			getStepTelemetryPayload(step, outcome),
		);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #7d35cf99d183544a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/instanceAi/workflowSetup/composables/useWorkflowSetupTelemetry.ts:198
		telemetry.track('User finished providing input', {
			...getSetupTelemetryContext(),
			provided_inputs: provided,
			skipped_inputs: skipped,
			explicitly_skipped_inputs: explicitlySkipped,
			num_tasks: deps.sections.value.length,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #fe912e1b73503afd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/mcpAccess/composables/useMcp.ts:7
		telemetry.track('User gave MCP access to workflow', { workflow_id: workflowId });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a025a00b17ada93b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ai/mcpAccess/composables/useMcp.ts:11
		telemetry.track('User toggled MCP access', { state: enabled });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #cf7b620b8772f377 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/core/dataTable/composables/useDataTableOperations.ts:142
			telemetry.track('User deleted data table column', {
				column_id: columnId,
				column_type: columnToDelete.cellDataType,
				data_table_id: dataTableId,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #119e06b4bbc5e292 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/core/dataTable/composables/useDataTableOperations.ts:181
			telemetry.track('User renamed data table column', {
				column_id: columnId,
				column_type: columnToRename.cellDataType,
				data_table_id: dataTableId,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #62e0ecff20a378fb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/core/dataTable/composables/useDataTableOperations.ts:212
			telemetry.track('User added data table column', {
				column_id: newColumn.id,
				column_type: newColumn.type,
				data_table_id: dataTableId,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #eea867b7b8e03b08 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/core/dataTable/composables/useDataTableOperations.ts:266
			telemetry.track('User added row to data table', {
				data_table_id: dataTableId,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #3c28b8be1da10164 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/core/dataTable/composables/useDataTableOperations.ts:302
			telemetry.track('User edited data table content', {
				data_table_id: dataTableId,
				column_id: colDef.colId,
				column_type: colDef.cellDataType,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #666a58f6d95eb102 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/core/dataTable/composables/useDataTableOperations.ts:379
			telemetry.track('User deleted rows in data table', {
				data_table_id: dataTableId,
				deleted_row_count: idsToDelete.length,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #efe5e75173fdf9c7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/credentials/composables/useCredentialOAuth.ts:339
			telemetry.track('User created credentials', {
				credential_type: credential.type,
				credential_id: credential.id,
				workflow_id: workflowsStore.workflowId,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #c2b1a2bfe06247b4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/credentials/composables/useCredentialOAuth.ts:372
		telemetry.track('User saved credentials', trackProperties);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #0544ef25875710c6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/credentials/quickConnect/composables/useQuickConnect.ts:150
		telemetry.track('User clicked quick connect button', {
			source,
			credential_type: credentialTypeName,
			node_type: nodeType,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #4d14da8b14e8af57 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/execution/executions/composables/useExecutionDebugging.ts:154
		telemetry.track('User clicked debug execution button', {
			instance_id: useRootStore().instanceId,
			exec_status: isFullExecutionResponse(execution) ? execution.status : '',
			override_pinned_data: pinnableNodes.length === pinnings,
			all_exec_data_imported: missingNodeNames.length === 0,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #856931d0ed4a9dde Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/execution/executions/composables/useExecutionHelpers.ts:116
		telemetry.track(
			metadata.parentExecution
				? 'User clicked parent execution button'
				: 'User clicked inspect sub-workflow',
			{
				view,
			},
		);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ab17efa04c8dc265 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/execution/executions/composables/useExecutionPreviewDocument.ts:261
			telemetry.track('User opened read-only execution', {
				workflow_id: data.workflowData.id,
				execution_mode: data.mode,
				execution_finished: data.finished,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d2d87c8cc3ef3d76 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/execution/executions/composables/useExecutionRedaction.ts:35
		telemetry.track('User clicked reveal data', {
			workflow_id: workflowDocumentStore.value.workflowId,
			execution_id: workflowExecutionStateStore.value.activeExecution?.id,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #87311686845cef96 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/execution/logs/composables/useLogsPanelLayout.ts:72
			telemetry.track('User toggled log view', { new_state: 'attached' });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #412e92435fbeb1e0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/execution/logs/composables/useLogsPanelLayout.ts:86
		telemetry.track('User toggled log view', {
			new_state: wasOpen ? 'collapsed' : 'attached',
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #62674a57582c23d7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/execution/logs/composables/useLogsPanelLayout.ts:92
		telemetry.track('User toggled log view', { new_state: 'floating' });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #459a90bedbe9932e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/execution/logs/composables/useLogsSelection.ts:66
				telemetry.track('User selected node in log view', {
					node_type: value.node.type,
					node_id: value.node.id,
					execution_id: execution.value?.id,
					workflow_id: execution.value?.workflowData.id,
					subworkflow_depth: getDepth(value),
				});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #92b9208587ec2945 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/execution/logs/composables/useLogsSelection.ts:74
				telemetry.track('User selected canvas group in log view', {
					group_id: value.group.id,
					node_count: value.group.nodeIds.length,
					execution_id: execution.value?.id,
					workflow_id: execution.value?.workflowData.id,
					subworkflow_depth: getDepth(value),
				});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #8bf7b989aeca4001 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/integrations/sourceControl.ee/sourceControl.utils.ts:63
					telemetry.track('User clicked review variables');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #315e9073b335e831 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/integrations/sourceControl.ee/sourceControl.utils.ts:86
					telemetry.track('User clicked review credentials');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #730af86e48a3775f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ndv/runData/components/VirtualSchema.test.ts:678
			const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d581806fac2aad71 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ndv/runData/components/VirtualSchema.test.ts:748
		const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #99a2f41419d8c360 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ndv/runData/components/VirtualSchema.test.ts:1101
			const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ed9a9ab5316ff194 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ndv/runData/schemaPreview.store.ts:67
		telemetry.track('User executed node with schema preview', {
			node_id: id,
			node_type: type,
			node_version: typeVersion,
			node_resource: resource,
			node_operation: operation,
			schema_preview: JSON.stringify(result.result),
			output_schema: JSON.stringify(generateJsonSchema(pushEvent.data.data?.main?.[0]?.[0]?.json)),
			workflow_id: workflowId,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #32e9fb90a38cc158 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/ndv/shared/ndv.utils.ts:29
import { captureException } from '@sentry/vue';

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b52a0f1005415fb4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/roles/composables/useRolesListActions.ts:57
			telemetry.track('User duplicated role', {
				role_id: item.slug,
				role_name: item.displayName,
				permissions: item.scopes,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #7be76e835bcde5a5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/settings/communityNodes/composables/useInstallNode.ts:68
			telemetry.track('user started cnr package install', {
				input_string: props.packageName,
				has_quick_connect: props.telemetry.hasQuickConnect,
				source: props.telemetry.source,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #def6339295ed5e16 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/settings/sso/provisioning/composables/useUserRoleProvisioningForm.ts:111
		telemetry.track('User updated provisioning settings', {
			instance_id: useRootStore().instanceId,
			authentication_method: protocol,
			assignment_method: getTelemetryAssignmentMethod(roleAssignment.value),
			role_mapping_method: getTelemetryRoleMappingMethod(mappingMethod.value),
			instance_rule_count: ruleSaveResult?.instanceRuleCount ?? 0,
			project_rule_count: ruleSaveResult?.projectRuleCount ?? 0,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #af4368e39cd7722e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/setupPanel/setupPanel.store.ts:11
	const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #6bd562ef372442ae Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/shared/commandBar/composables/useCommandBar.ts:245
		telemetry.track('User executed command bar command', {
			command_id: item.id,
			command_section: item.section,
			view,
			parent_command_id: parentItem?.id,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #28f346c4b8a630d1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/shared/commandBar/composables/useExecutionCommands.ts:163
			telemetry.track('User clicked retry execution button', {
				workflow_id: workflowId.value,
				execution_id: activeExecution.value.id,
				retry_type: loadWorkflow ? 'current' : 'original',
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #77bb4221c0d7180d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/shared/commandBar/composables/useWorkflowCommands.ts:368
					telemetry.track('User exported workflow', { workflow_id: workflowData.id });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a948a92410dce5c5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/shared/editors/plugins/codemirror/resolvableHighlighter.ts:6
import { captureException } from '@sentry/vue';

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a89aad72e9b9986b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/shared/nodeCreator/composables/useActionsGeneration.test.ts:37
		posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #141830f178dc089d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/shared/nodeCreator/nodeCreator.store.ts:342
		telemetry.track(event, {
			...properties,
			nodes_panel_session_id: nodePanelSessionId.value,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b57426d9897bc51f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/workflows/canvas/composables/useCanvasNodeGroupTelemetry.ts:35
			telemetry.track('User grouped nodes', buildProperties(group, source));

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #29bae618742f97e2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/workflows/canvas/composables/useCanvasNodeGroupTelemetry.ts:38
			telemetry.track('User ungrouped nodes', buildProperties(group, source));

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #3c30be433a903fbd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/workflows/canvas/composables/useCanvasNodeGroupTelemetry.ts:41
			telemetry.track('User collapsed group', buildProperties(group, source));

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #fe3947fca831d9f3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/workflows/canvas/composables/useCanvasNodeGroupTelemetry.ts:44
			telemetry.track('User expanded group', buildProperties(group, source));

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #cc6313d92e35ec3a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/workflows/canvas/experimental/experimentalNdv.store.ts:18
	const postHogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #3012868006fe6892 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/workflows/readyToRun/stores/readyToRun.store.ts:119
		telemetry.track('User executed ready to run AI workflow', {
			status,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #954b9c39abfb3c3e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/workflows/readyToRun/stores/readyToRun.store.ts:125
		telemetry.track('User executed ready to run AI workflow successfully');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #1931c7f67f152585 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/workflows/readyToRun/stores/readyToRun.store.ts:136
			telemetry.track('User claimed OpenAI credits');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #017385a4e51bf149 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/workflows/readyToRun/stores/readyToRun.store.ts:153
		telemetry.track('User opened ready to run AI workflow', {
			source,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e726b3796a82b73d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/workflows/templates/recommendations/recommendedTemplates.store.ts:22
	const posthogStore = usePostHog();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #589bbec078d7d0fe Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/workflows/templates/recommendations/recommendedTemplates.store.ts:49
		telemetry.track('User viewed template detail', {
			templateId,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #c3961d12b66636c3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/workflows/templates/recommendations/recommendedTemplates.store.ts:55
		telemetry.track('User viewed template cell', {
			tileNumber,
			templateId,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #6616b6784a479cc3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/workflows/templates/setupTemplate.store.ts:159
		telemetry.track('User closed cred setup', {
			completed: false,
			creds_filled: 0,
			creds_needed: credentialUsages.value.length,
			workflow_id: null,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #8ba0c5c2a60885bb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/workflows/templates/setupTemplate.store.ts:196
			telemetry.track('User closed cred setup', {
				completed: true,
				creds_filled: numFilledCredentials.value,
				creds_needed: credentialUsages.value.length,
				workflow_id: createdWorkflow.id,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #913c5b8cb29e4b10 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/workflows/templates/setupTemplate.store.ts:203
			telemetry.track('User inserted workflow template', {
				source: 'workflow',
				template_id: tryToParseNumber(templateId.value),
				wf_template_repo_session_id: templatesStore.currentSessionId,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #31790969432a5623 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/workflows/templates/setupTemplate.store.ts:209
			telemetry.track('User saved new workflow from template', {
				template_id: tryToParseNumber(templateId.value),
				workflow_id: createdWorkflow.id,
				wf_template_repo_session_id: templatesStore.currentSessionId,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #86de66c4ee867e81 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/frontend/editor-ui/src/features/workflows/templates/utils/templateActions.ts:81
	telemetry.track('User opened cred setup', { source });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 11 low-confidence finding(s)
low env_fs production #06ebf3d37988df63 Filesystem access.
repo/packages/frontend/editor-ui/scripts/fetch-node-popularity.mjs:2
import { promises as fs } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #75ce3cabfeee35a9 Environment-variable access.
repo/packages/frontend/editor-ui/scripts/fetch-node-popularity.mjs:8
	process.env.NODE_POPULARITY_ENDPOINT ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #015b4950f64c01e3 Environment-variable access.
repo/packages/frontend/editor-ui/scripts/fetch-node-popularity.mjs:10
const FAIL_ON_ERROR = process.env.N8N_FAIL_ON_POPULARITY_FETCH_ERROR === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd33a7331418b2bd Filesystem access.
repo/packages/frontend/editor-ui/scripts/fetch-node-popularity.mjs:44
		const content = await fs.readFile(OUTPUT_FILE, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2fb88be4fde65eef Filesystem access.
repo/packages/frontend/editor-ui/scripts/fetch-node-popularity.mjs:54
	await fs.writeFile(OUTPUT_FILE, JSON.stringify(data, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #40a1bb438f9d6dd4 Environment-variable access.
repo/packages/frontend/editor-ui/src/__tests__/server/index.ts:24
	server.urlPrefix = process.env.API_URL || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low pii_flow test-only Excluded from app score #b087fb59f99e86d3 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration. Test harness — not production egress.
repo/packages/frontend/editor-ui/src/__tests__/server/index.ts:35 · flow /tmp/closeopen-zwski0h_/repo/packages/frontend/editor-ui/src/__tests__/server/index.ts:24 → /tmp/closeopen-zwski0h_/repo/packages/frontend/editor-ui/src/__tests__/server/index.ts:35
	server.post('/rest/:any', async () => ({}));

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

low env_fs test-only #3e66879f84eb2b1d Environment-variable access.
repo/packages/frontend/editor-ui/src/__tests__/setup.ts:79
process.env.TZ = 'UTC';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #cbe8ea5e0dea9a22 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/frontend/editor-ui/src/app/api/workflow-webhooks.ts:13
	return await post(N8N_API_BASE_URL, CONTACT_EMAIL_SUBMISSION_ENDPOINT, {
		instance_id: instanceId,
		user_id: `${instanceId}#${currentUser.id}`,
		email,
		agree,
		agree_updates: true,
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #7b2af6a68ed227dc Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/frontend/editor-ui/src/app/composables/useBugReporting.ts:31
		const url = new URL(BASE_FORUM_URL);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only #c201b80a9ec3c94e Filesystem access.
repo/packages/frontend/editor-ui/src/features/ai/instanceAi/__tests__/InstanceAiPreviewTabBar.test.ts:139
		const source = readFileSync(
			'src/features/ai/instanceAi/components/InstanceAiPreviewTabBar.vue',
			'utf8',
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/cli

npm first-party
high pii_flow production #23c1ac03a7032aae User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/cli/src/license/license.service.ts:71 · flow /tmp/closeopen-zwski0h_/repo/packages/cli/src/license/license.service.ts:78 → /tmp/closeopen-zwski0h_/repo/packages/cli/src/license/license.service.ts:71
		await this.http.request({
			url: 'https://enterprise.n8n.io/enterprise-trial',
			method: 'POST',
			body: {
				licenseType: 'enterprise',
				firstName: user.firstName,
				lastName: user.lastName,
				email: user.email,
				instanceUrl: this.urlService.getWebhookBaseUrl(),
			},
			json: true,
		});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #e7488c5ff9fca57b User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/cli/src/modules/agents/integrations/integration-action-executor.ts:174 · flow /tmp/closeopen-zwski0h_/repo/packages/cli/src/modules/agents/integrations/integration-action-executor.ts:172 → /tmp/closeopen-zwski0h_/repo/packages/cli/src/modules/agents/integrations/integration-action-executor.ts:174
		const sent = await thread.post(await this.toPostable(params.descriptor, input.message, params));

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #835407c361c0e206 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/cli/src/modules/external-secrets.ee/providers/infisical.ts:277 · flow /tmp/closeopen-zwski0h_/repo/packages/cli/src/modules/external-secrets.ee/providers/infisical.ts:283 → /tmp/closeopen-zwski0h_/repo/packages/cli/src/modules/external-secrets.ee/providers/infisical.ts:277
		return await this.http.request({
			url: '/api/v4/secrets',
			method: 'GET',
			qs: {
				projectId: this.settings.projectId,
				environment: this.settings.environment,
				secretPath: this.settings.secretPath,
			},
			json: true,
		});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #a1464473b2d4da77 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/cli/src/modules/instance-ai/eval/api-docs.ts:33 · flow /tmp/closeopen-zwski0h_/repo/packages/cli/src/modules/instance-ai/eval/api-docs.ts:28 → /tmp/closeopen-zwski0h_/repo/packages/cli/src/modules/instance-ai/eval/api-docs.ts:33
		const res = await fetch(url, { signal: AbortSignal.timeout(FETCH_TIMEOUT_MS), headers });

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #50cecc9971788461 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/cli/src/modules/instance-ai/eval/api-docs.ts:81 · flow /tmp/closeopen-zwski0h_/repo/packages/cli/src/modules/instance-ai/eval/api-docs.ts:76 → /tmp/closeopen-zwski0h_/repo/packages/cli/src/modules/instance-ai/eval/api-docs.ts:81
		const res = await fetch(url, { signal: AbortSignal.timeout(FETCH_TIMEOUT_MS), headers });

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #d1fcb6ff26662120 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/cli/src/modules/log-streaming.ee/destinations/message-event-bus-destination-webhook.ee.ts:401 · flow /tmp/closeopen-zwski0h_/repo/packages/cli/src/modules/log-streaming.ee/destinations/message-event-bus-destination-webhook.ee.ts:380 → /tmp/closeopen-zwski0h_/repo/packages/cli/src/modules/log-streaming.ee/destinations/message-event-bus-destination-webhook.ee.ts:401
			const requestResponse = await this.outboundHttp
				.requests({ ssrf: 'disabled' }) // The destination URL is admin-configured, so SSRF protection is disabled.
				.request(request);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #efc4adc93b46f22d User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/cli/src/oauth/oauth.service.ts:1096 · flow /tmp/closeopen-zwski0h_/repo/packages/cli/src/oauth/oauth.service.ts:1067 → /tmp/closeopen-zwski0h_/repo/packages/cli/src/oauth/oauth.service.ts:1096
		const registerResult = await this.http.request({
			url: registration_endpoint,
			method: 'POST',
			body: registerPayload,
			json: true,
		});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium telemetry production #7a3493553afd91c0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/concurrency/concurrency-control.service.ts:138
				this.telemetry.track('User hit concurrency limit', {
					threshold: CLOUD_TEMP_PRODUCTION_LIMIT - capacity,
					concurrencyQueue: type,
				});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only #f4a395e03567ae36 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/controllers/__tests__/posthog.controller.test.ts:17
		expect(maskIp(input)).toBe(expected);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only #1baebe3347a9e616 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/controllers/__tests__/posthog.controller.test.ts:36
		setPostHogProxyHeaders(proxyReq, createReq({ ip: '203.0.113.7', method: 'GET' }));

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only #7bbc232513086d84 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/controllers/__tests__/posthog.controller.test.ts:45
		setPostHogProxyHeaders(proxyReq, createReq({ method: 'GET' }));

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only #c9ef665dfc161d77 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/controllers/__tests__/posthog.controller.test.ts:54
		setPostHogProxyHeaders(proxyReq, createReq({ ip: '203.0.113.7', method: 'POST', rawBody }));

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only #9bbbc0b9a47a91c6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/controllers/__tests__/telemetry.controller.test.ts:122
		await controller.track(req, res, next);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #8884335fee060ce9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/evaluation.ee/evaluation-collection.service.ts:187
		this.telemetry.track('Eval collection created', {
			user_id: user.id,
			workflow_id: workflowId,
			collection_id: collection.id,
			evaluation_config_id: input.evaluationConfigId,
			version_count: input.versions.length,
			existing_run_count: existingRunIds.length,
			new_run_count: runsStartedIds.length,
			dataset_id: this.extractDatasetId(config),
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d34331d6dcfa53b1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/evaluation.ee/evaluation-collection.service.ts:264
		this.telemetry.track('Eval collection deleted', {
			user_id: user.id,
			workflow_id: workflowId,
			collection_id: collectionId,
			runs_unlinked: runsUnlinked,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #780d09ec53604956 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/evaluation.ee/insights/eval-insights.service.ts:143
		this.telemetry.track('Eval collection insights generated', {
			user_id: user.id,
			workflow_id: workflowId,
			collection_id: collectionId,
			model_used: response.modelUsed,
			duration_ms: Date.now() - startMs,
			status: response.status,
			regressions_found: response.insights.regressions.length,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ee145a8a25859c93 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/evaluation.ee/test-runner/test-runner.service.ee.ts:736
			this.telemetry.track('User ran test', {
				user_id: user.id,
				run_id: testRun.id,
				workflow_id: workflowId,
				run_type: runType,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #73e4e1f7cd1ffa58 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/evaluation.ee/test-runner/test-runner.service.ee.ts:1201
			this.telemetry.track('Test run finished', telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #c4ad183f320deb0d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/evaluation.ee/test-runs.controller.ee.ts:107
		this.telemetry.track('User deleted a run', { run_id: testRunId });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a7e083d46cba8c82 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/evaluation.ee/test-runs.controller.ee.ts:145
		this.telemetry.track('User cancelled a test case', {
			run_id: req.params.id,
			case_id: caseId,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #710a20843b62a28c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:224
		this.telemetry.track('Instance AI mcp connected', {
			user_id: userId,
			server_slug: serverSlug,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #8be3e6869907d2a5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:234
		this.telemetry.track('Instance AI mcp disconnected', {
			user_id: userId,
			server_slug: serverSlug,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #8e918a0edc9a6454 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:253
		this.telemetry.track('Project settings updated', {
			user_id: userId,
			role,
			project_id: projectId,
			members: members?.map(({ userId: user_id, role }) => ({ user_id, role })),
			otel_project_custom_tags_count: otelProjectCustomTagsCount,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ccec5e0343c78118 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:269
		this.telemetry.track('User deleted project', {
			user_id: userId,
			role,
			project_id: projectId,
			removal_type: removalType,
			target_project_id: targetProjectId,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #82c2bb9b9fb1359c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:279
		this.telemetry.track('User created project', {
			user_id: userId,
			role,
			uiContext,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #3e3a939300ab6bb3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:297
		this.telemetry.track('User updated source control settings', {
			branch_name: branchName,
			read_only_instance: readOnlyInstance,
			repo_type: repoType,
			connected,
			connection_type: connectionType,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #4e01a97019be8485 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:312
		this.telemetry.track('User started pull via UI', {
			user_id: userId,
			workflow_updates: workflowUpdates,
			workflow_conflicts: workflowConflicts,
			cred_conflicts: credConflicts,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #65bc98564adbce48 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:324
		this.telemetry.track('User finished pull via UI', {
			user_id: userId,
			workflow_updates: workflowUpdates,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #4696c3154dcc7750 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:334
		this.telemetry.track('User pulled via API', {
			workflow_updates: workflowUpdates,
			forced,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #5b650b9656828177 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:348
		this.telemetry.track('User started push via UI', {
			user_id: userId,
			workflows_eligible: workflowsEligible,
			workflows_eligible_with_conflicts: workflowsEligibleWithConflicts,
			creds_eligible: credsEligible,
			creds_eligible_with_conflicts: credsEligibleWithConflicts,
			variables_eligible: variablesEligible,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #fd0a75735bb0f39a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:365
		this.telemetry.track('User finished push via UI', {
			user_id: userId,
			workflows_eligible: workflowsEligible,
			workflows_pushed: workflowsPushed,
			creds_pushed: credsPushed,
			variables_pushed: variablesPushed,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #5f7384ac3eb2dcf2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:379
		this.telemetry.track('Instance attempted to refresh license', {
			success,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #fc09384897627a63 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:389
		this.telemetry.track('User registered for license community plus', {
			user_id: userId,
			email,
			licenseKey,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #35ab1c57b4c28481 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:401
		this.telemetry.track('User created variable', {
			user_id: user.id,
			...(projectId && { project_id: projectId }),
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #6f1ab5a7a446bc0f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:408
		this.telemetry.track('User updated variable', {
			user_id: user.id,
			...(projectId && { project_id: projectId }),
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #1ab220375cd3fdf6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:415
		this.telemetry.track('User deleted variable', {
			user_id: user.id,
			...(projectId && { project_id: projectId }),
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #2ce76eef4332cad4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:432
		this.telemetry.track('User updated external secrets settings', {
			user_id: userId,
			vault_type: vaultType,
			is_valid: isValid,
			is_new: isNew,
			error_message: errorMessage,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e93565fa65f4d859 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:444
		this.telemetry.track('User reloaded external secrets', {
			vault_type: vaultType,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d91fd3d75691952c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:455
		this.telemetry.track('User created external secrets connection', {
			user_id: userId,
			user_role: userRole,
			vault_type: vaultType,
			scope: projects.length === 0 ? 'global' : 'project',
			project_ids: projects.map((project) => project.id),
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e02f71f18e2c6f7b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:470
		this.telemetry.track('User updated external secrets connection', {
			user_id: userId,
			user_role: userRole,
			vault_type: vaultType,
			scope: projects.length === 0 ? 'global' : 'project',
			project_ids: projects.map((project) => project.id),
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #5dc14e5bfe2dddaf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:485
		this.telemetry.track('User deleted external secrets connection', {
			user_id: userId,
			user_role: userRole,
			vault_type: vaultType,
			scope: projects.length === 0 ? 'global' : 'project',
			project_ids: projects.map((project) => project.id),
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #9a5f209b2a014f95 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:498
		this.telemetry.track('User toggled external secrets system roles', {
			user_id: userId,
			enabled,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a197fac0d3a81ed1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:527
		this.telemetry.track('API key created', {
			user_id: user.id,
			public_api: publicApi,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #4276a4e9168e29b0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:536
		this.telemetry.track('API key deleted', {
			user_id: user.id,
			public_api: publicApi,
			is_own: isOwn,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #0cb4e363e5042494 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:546
		this.telemetry.track('API key rotated', {
			user_id: user.id,
			public_api: publicApi,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #8d8ea65dc057e3b8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:567
		this.telemetry.track('cnr package install finished', {
			user_id: user.id,
			input_string: inputString,
			package_name: packageName,
			success,
			package_version: packageVersion,
			package_node_names: packageNodeNames,
			package_author: packageAuthor,
			package_author_email: packageAuthorEmail,
			failure_reason: failureReason,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #bc6b775de6712c3e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:589
		this.telemetry.track('cnr package updated', {
			user_id: user.id,
			package_name: packageName,
			package_version_current: packageVersionCurrent,
			package_version_new: packageVersionNew,
			package_node_names: packageNodeNames,
			package_author: packageAuthor,
			package_author_email: packageAuthorEmail,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #eaf27b95a7016d63 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:608
		this.telemetry.track('cnr package deleted', {
			user_id: user.id,
			package_name: packageName,
			package_version: packageVersion,
			package_node_names: packageNodeNames,
			package_author: packageAuthor,
			package_author_email: packageAuthorEmail,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #422b9313203e19c9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:635
		this.telemetry.track('User created credentials', {
			user_id: user.id,
			user_role: user.role?.slug,
			credential_type: credentialType,
			credential_id: credentialId,
			project_id: projectId,
			project_type: projectType,
			uiContext,
			is_private: isDynamic ?? false,
			uses_external_secrets: usesExternalSecrets ?? false,
			jwe_enabled: jweEnabled ?? false,
			credential_supports_managed_auth: supportsManagedAuth ?? false,
			credential_uses_managed_auth: usesManagedAuth ?? false,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #24dc18808db3365e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:659
		this.telemetry.track('User updated cred sharing', {
			user_id: user.id,
			user_role: user.role?.slug,
			credential_type: credentialType,
			credential_id: credentialId,
			user_id_sharer: userIdSharer,
			user_ids_sharees_added: userIdsShareesAdded,
			sharees_removed: shareesRemoved,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #be6f47fff2caaec7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:680
		this.telemetry.track('User updated credentials', {
			user_id: user.id,
			user_role: user.role?.slug,
			credential_type: credentialType,
			credential_id: credentialId,
			is_private: isDynamic ?? false,
			uses_external_secrets: usesExternalSecrets ?? false,
			jwe_enabled: jweEnabled ?? false,
			credential_supports_managed_auth: supportsManagedAuth ?? false,
			credential_uses_managed_auth: usesManagedAuth ?? false,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d21950b913c4120a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:698
		this.telemetry.track('User deleted credentials', {
			user_id: user.id,
			user_role: user.role?.slug,
			credential_type: credentialType,
			credential_id: credentialId,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #08157b014736c04c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:711
		this.telemetry.track('User disconnected own credential connection', {
			user_id: user.id,
			user_role: user.role?.slug,
			credential_type: credentialType,
			credential_id: credentialId,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #829f9ad41b4a6a5f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:726
		this.telemetry.track('User created end-user credential', {
			user_id: user.id,
			user_role: user.role?.slug,
			credential_type: credentialType,
			credential_id: credentialId,
			project_id: projectId,
			project_type: projectType,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ee9e95db7ec0db9e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:741
		this.telemetry.track('User made credential end-user', {
			user_id: user.id,
			user_role: user.role?.slug,
			credential_type: credentialType,
			credential_id: credentialId,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e9966b3f9e446e44 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:754
		this.telemetry.track('User made credential fixed', {
			user_id: user.id,
			user_role: user.role?.slug,
			credential_type: credentialType,
			credential_id: credentialId,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #f2b41c807e6da37f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:767
		this.telemetry.track('User cleared end-user credential connections', {
			user_id: user.id,
			user_role: user.role?.slug,
			credential_type: credentialType,
			credential_id: credentialId,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #7c48723f1e0e63f6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:780
		this.telemetry.track('User deleted end-user credential', {
			user_id: user.id,
			user_role: user.role?.slug,
			credential_type: credentialType,
			credential_id: credentialId,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #909574d5892a46d9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:795
		this.telemetry.track('User connected to end-user credential', {
			user_id: user.id,
			user_role: user.role?.slug,
			credential_type: credentialType,
			credential_id: credentialId,
			credential_supports_managed_auth: supportsManagedAuth ?? false,
			credential_uses_managed_auth: usesManagedAuth ?? false,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #188717755f83eb33 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:815
		this.telemetry.track('Ldap general sync finished', {
			type,
			succeeded,
			users_synced: usersSynced,
			error,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #6bb3fc4edba79f6f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:837
		this.telemetry.track('User updated Ldap settings', {
			user_id: userId,
			loginIdAttribute,
			firstNameAttribute,
			lastNameAttribute,
			emailAttribute,
			ldapIdAttribute,
			searchPageSize,
			searchTimeout,
			synchronizationEnabled,
			synchronizationInterval,
			loginLabel,
			loginEnabled,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #75bfa94de4637ea3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:854
		this.telemetry.track('Ldap login sync failed', { error });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #f93e982fb8c85d48 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:860
		this.telemetry.track('User login failed since ldap disabled', { user_ud: userId });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ec3c94aa5b04cf34 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:872
		this.telemetry.track('Sso user project access update', {
			user_id: userId,
			projects_removed: projectsRemoved,
			projects_added: projectsAdded,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e9a8a7bb4ae89c37 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:883
		this.telemetry.track('Sso user instance role update', { user_id: userId, role });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #514be9732314ed55 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:901
		this.telemetry.track('User created workflow', {
			user_id: user.id,
			workflow_id: workflow.id,
			node_graph_string: limitNodeGraphStringSize(JSON.stringify(nodeGraph)),
			public_api: publicApi,
			project_id: projectId,
			project_type: projectType,
			meta: JSON.stringify(workflow.meta),
			otel_workflow_custom_tags_count: countWorkflowCustomTelemetryTags(workflow),
			otel_nodes_with_custom_tags_count: countNodesWithCustomTelemetryTags(workflow.nodes),
			otel_node_custom_tags_count: countNodeCustomTelemetryTags(workflow.nodes),
			uiContext,
			source,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #6c7a7c18619dcc82 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:918
		this.telemetry.track('User archived workflow', {
			user_id: user.id,
			workflow_id: workflowId,
			public_api: publicApi,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #4cbea18d61ee551c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:930
		this.telemetry.track('User unarchived workflow', {
			user_id: user.id,
			workflow_id: workflowId,
			public_api: publicApi,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #2542b8cae87343f0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:938
		this.telemetry.track('User deleted workflow', {
			user_id: user.id,
			workflow_id: workflowId,
			public_api: publicApi,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #344afafea0d6d0fd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:997
		this.telemetry.track('User activated workflow', {
			user_id: user.id,
			workflow_id: workflowId,
			public_api: publicApi,
			source,
			private_credentials_count: privateCredentialsCount,
			private_credential_types: privateCredentialTypes,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #7b2ce94034b7f1a0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1014
		this.telemetry.track('User deactivated workflow', {
			user_id: user.id,
			workflow_id: workflowId,
			public_api: publicApi,
			deactivated_version_id: deactivatedVersionId,
			source,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e78859d3c36eff6d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1028
		this.telemetry.track('User updated workflow sharing', {
			workflow_id: workflowId,
			user_id_sharer: userIdSharer,
			user_id_list: userIdList,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #c5578638078ac28d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1036
		this.telemetry.track('User imported n8n package', {
			user_id: user.id,
			workflow_conflict_policy: options.workflowConflictPolicy,
			workflow_id_policy: options.workflowIdPolicy,
			credential_matching_mode: options.credentialMatchingMode,
			credential_missing_mode: options.credentialMissingMode,
			workflow_publishing_policy: options.workflowPublishingPolicy,
			workflows_created: counts.workflows.created,
			workflows_updated: counts.workflows.updated,
			workflows_skipped: counts.workflows.skipped,
			credentials_matched: counts.credentials.matched,
			credentials_created: counts.credentials.created,
			credentials_required: counts.credentials.requirements,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d4a191c7f92c2b21 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1053
		this.telemetry.track('User exported n8n package', {
			user_id: user.id,
			workflow_count: counts.workflows,
			folder_count: counts.folders,
			credential_count: counts.credentials,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #24c4ca13808a1c04 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1068
		this.telemetry.track('User package export failed', {
			user_id: user.id,
			reason,
			workflow_count: workflowIds?.length ?? 0,
			folder_count: folderIds?.length ?? 0,
			project_count: projectIds?.length ?? 0,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #fa04646ee078e3df Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1078
		this.telemetry.track('User package import failed', {
			user_id: user.id,
			reason,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #072b66848764d7ee Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1162
		this.telemetry.track('User saved workflow', {
			user_id: user.id,
			workflow_id: workflow.id,
			node_graph_string: limitNodeGraphStringSize(JSON.stringify(nodeGraph)),
			notes_count_overlapping: overlappingCount,
			notes_count_non_overlapping: notesCount - overlappingCount,
			version_cli: N8N_VERSION,
			num_tags: workflow.tags?.length ?? 0,
			public_api: publicApi,
			sharing_role: userRole,
			meta: JSON.stringify(workflow.meta),
			workflow_edited_no_pos: workflowEditedNoPos,
			credential_edited: credentialEdited,
			ai_builder_assisted: aiBuilderAssisted ?? false,
			credential_resolver_id: credentialResolverId,
			identity_extractor_changed: identityExtractorChanged,
			redaction_policy: redactionPolicy,
			private_credentials_count: privateCredentialsCount,
			private_credential_types: privateCredentialTypes,
			otel_workflow_custom_tags_count: countWorkflowCustomTelemetryTags(workflow),
			otel_nodes_with_custom_tags_count: countNodesWithCustomTelemetryTags(workflow.nodes),
			otel_node_custom_tags_count: countNodeCustomTelemetryTags(workflow.nodes),
			source,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #24d5c0ab9524ec27 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1258
					this.telemetry.track('User ran out of free AI credits');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #f0cb85afb55f0799 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1386
					this.telemetry.track('Manual node exec finished', telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #671bdf08f7c168f4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1399
					this.telemetry.track('Manual workflow exec finished', manualExecEventProperties);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d5649ba2a9a8a39d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1541
		this.telemetry.track('Instance started', {
			...info,
			earliest_workflow_created: firstWorkflow?.createdAt,
			otel,
			settings_managed_by_env_vars: settingsManagedByEnvVars,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #f63ca6fcf124b291 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1624
		this.telemetry.track('Session started', { session_id: pushRef });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #4958916f6095722a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1628
		this.telemetry.track('User instance stopped');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #9d7dafae11a5e004 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1637
		this.telemetry.track('Owner finished instance setup', { user_id: userId });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #74347a157840bc1b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1645
		this.telemetry.track('Workflow first prod success', {
			project_id: projectId,
			workflow_id: workflowId,
			user_id: userId ?? undefined,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #530a4f48a3173625 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1657
		this.telemetry.track('Instance first prod failure', {
			project_id: projectId,
			workflow_id: workflowId,
			user_id: userId,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #619ffe3b1f5dba19 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1672
		this.telemetry.track('Workflow first data fetched', {
			user_id: userId,
			workflow_id: workflowId,
			node_type: nodeType,
			node_id: nodeId,
			credential_type: credentialType,
			credential_id: credentialId,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #dfd8a9fff1e1c1de Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1699
		this.telemetry.track('User changed role', {
			user_id: userId,
			target_user_id: targetUserId,
			target_user_new_role: targetUserNewRole,
			public_api: publicApi,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #202905aba4243dc6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1708
		this.telemetry.track('User retrieved user', {
			user_id: userId,
			public_api: publicApi,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #3ef028598867c920 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1715
		this.telemetry.track('User retrieved all users', {
			user_id: userId,
			public_api: publicApi,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #1b79fb381729991f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1722
		this.telemetry.track('User retrieved execution', {
			user_id: userId,
			public_api: publicApi,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #00152b6df0714c11 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1732
		this.telemetry.track('User retrieved all executions', {
			user_id: userId,
			public_api: publicApi,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #5e166acab1552fed Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1739
		this.telemetry.track('User retrieved workflow', {
			user_id: userId,
			public_api: publicApi,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #9761651a81fedd68 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1749
		this.telemetry.track('User retrieved workflow version', {
			user_id: userId,
			public_api: publicApi,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #47142ff603b491c6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1759
		this.telemetry.track('User retrieved all workflows', {
			user_id: userId,
			public_api: publicApi,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #c88f5b3e06be6f8b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1774
		this.telemetry.track('User changed personal settings', {
			user_id: user.id,
			fields_changed: fieldsChanged,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #005f3d1e25770cc5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1788
		this.telemetry.track('User deleted user', {
			user_id: user.id,
			public_api: publicApi,
			target_user_old_status: targetUserOldStatus,
			migration_strategy: migrationStrategy,
			target_user_id: targetUserId,
			migration_user_id: migrationUserId,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #522358c31bf23e5f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1812
		this.telemetry.track('User invited new user', {
			user_id: user.id,
			target_user_id: targetUserId,
			public_api: publicApi,
			email_sent: emailSent,
			invitee_role: inviteeRole,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #3a72042ef638b029 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1839
		this.telemetry.track('User signed up', payload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ba7767d799039066 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1854
		this.telemetry.track('User responded to personalization questions', personalizationSurveyData);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #10059e199c6569be Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1862
		this.telemetry.track('Instance failed to send transactional email to user', {
			user_id: user.id,
			message_type: messageType,
			public_api: publicApi,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #5379bb34dba16e15 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1874
		this.telemetry.track('User sent transactional email', {
			user_id: userId,
			message_type: messageType,
			public_api: publicApi,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #dbbfb18bc5dbc4f8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1973
		this.telemetry.track('User clicked invite link from email', {
			user_id: invitee.id,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #fff128d0871de9a5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1979
		this.telemetry.track('User clicked password reset link from email', {
			user_id: user.id,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b5d50875d429a270 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:1987
		this.telemetry.track('User requested password reset while logged out', {
			user_id: user.id,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #1ea554f44e75d8ac Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:2004
		this.telemetry.track('Instance compacted workflow history', {
			workflows_processed: workflowsProcessed,
			total_versions_seen: totalVersionsSeen,
			total_versions_deleted: totalVersionsDeleted,
			window_start_iso: new Date(windowStartIso),
			window_end_iso: new Date(windowEndIso),
			error_count: errorCount,
			compaction_start_time_iso: compactionStartTime,
			compaction_duration_ms: durationMs,
			compaction_batch_delay_ms: this.globalConfig.workflowHistoryCompaction.batchDelayMs,
			compaction_batch_size: this.globalConfig.workflowHistoryCompaction.batchSize,
			compaction_trimming_optimizing_time_window_hours:
				this.globalConfig.workflowHistoryCompaction.optimizingTimeWindowHours,
			compaction_trimming_time_window_days:
				this.globalConfig.workflowHistoryCompaction.trimmingTimeWindowDays,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a2abf7de767c7779 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:2030
		this.telemetry.track('User updated instance policies', {
			user_id: user.id,
			[settingName]: value,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ad2bb8b924f5e040 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:2042
		this.telemetry.track('User confirmed reveal data', {
			user_id: user.id,
			execution_id: executionId,
			workflow_id: workflowId,
			redaction_policy: redactionPolicy,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #789f3d1721286ae2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:2055
		this.telemetry.track('User created custom role', {
			user_id: userId,
			role_slug: roleSlug,
			scopes,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #cca3d8d675ab8b93 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:2063
		this.telemetry.track('User updated custom role', {
			user_id: userId,
			role_slug: roleSlug,
			scopes,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ab7bca303bb98edb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:2071
		this.telemetry.track('User deleted custom role', {
			user_id: userId,
			role_slug: roleSlug,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #36e0780a78f68a52 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:2086
		this.telemetry.track('User imported workflows via server cli', {
			active_state: activeState,
			workflow_count: workflowCount,
			separate,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #85b13ba6cd896f3f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/events/relays/telemetry.event-relay.ts:2100
		this.telemetry.track('User exported workflows via server cli', {
			selector,
			published,
			separate,
			backup,
			workflow_count: workflowCount,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #77fa4ef2c2362e69 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/data-table/data-table-size-validator.service.ts:62
			this.telemetry.track('User hit data table storage limit', {
				total_bytes: size.totalBytes,
				max_bytes: this.globalConfig.dataTable.maxSize,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d7537ef653ca970e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/browser/instance-ai-browser-session.service.ts:224
		this.telemetry.track('Instance AI Browser connected', { user_id: userId });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #fcf0594fa191434e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai-credit.service.ts:108
			this.telemetry.track('Builder credits claimed', {
				instance_id: this.instanceSettings.instanceId,
				user_id: user.id,
				thread_id: threadId,
				agent_run_id: dedupeId,
				status,
				success: false,
				error_message: getErrorMessage(error),
				attempted_usage: usage,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #89c776da60819df9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai-credit.service.ts:176
		this.telemetry.track('Builder credits claimed', {
			instance_id: this.instanceSettings.instanceId,
			user_id: user.id,
			thread_id: threadId,
			agent_run_id: dedupeId,
			status,
			success: true,
			credits_used: delta,
			credits_claimed_total: creditsClaimed,
			credits_quota: creditsQuota,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #c0faa751f77ffd66 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai-credit.service.ts:194
				this.telemetry.track('User exhausted assistant quota', {
					instance_id: this.instanceSettings.instanceId,
					user_id: user.id,
				});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d8cc983cf50d8b43 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai-gateway.service.ts:81
		this.telemetry.track('User connected to Computer Use', {
			user_id: userId,
			tool_groups: data.toolCategories.filter((c) => c.enabled).map((c) => c.name),
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a36c0166f52a9ca7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai-terminal-outcome.service.ts:270
		this.telemetry.track('instance_ai_terminal_response_decision', {
			thread_id: threadId,
			run_id: runId,
			message_group_id: messageGroupId,
			source: 'terminal_guard',
			status: decision.status,
			action: decision.action,
			reason: decision.reason,
			visibility_source: decision.visibilitySource,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #2fb755c6c944afa4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai-terminal-outcome.service.ts:398
					this.telemetry.track('instance_ai_terminal_response_decision', {
						thread_id: threadId,
						run_id: outcome.runId,
						message_group_id: outcome.messageGroupId,
						task_id: outcome.taskId,
						source: 'terminal_outcome_replay',
						status: outcome.status,
						action: published ? 'replay_event' : 'already-emitted',
						visibility_source: 'background-outcome',
					});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #cfa463931a4d425f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai-terminal-outcome.service.ts:433
			this.telemetry.track('instance_ai_terminal_response_decision', {
				thread_id: threadId,
				run_id: outcome.runId,
				message_group_id: outcome.messageGroupId,
				task_id: outcome.taskId,
				source: 'terminal_outcome_replay',
				status: outcome.status,
				action,
				visibility_source: 'background-outcome',
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #7fa06e9e37601397 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai-terminal-outcome.service.ts:509
			this.telemetry.track('instance_ai_terminal_outcome_persistence_failure', {
				thread_id: task.threadId,
				run_id: task.runId,
				task_id: task.taskId,
				status: outcome.status,
				phase: 'metadata',
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #0ce8b7a63f698be4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai-terminal-outcome.service.ts:521
		this.telemetry.track('instance_ai_terminal_response_decision', {
			thread_id: task.threadId,
			run_id: task.runId,
			message_group_id: task.messageGroupId,
			task_id: task.taskId,
			source: 'background_outcome',
			status: outcome.status,
			action: published ? 'emit' : 'already-emitted',
			visibility_source: 'background-outcome',
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b8a0d3315988293d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai-terminal-outcome.service.ts:542
			this.telemetry.track('instance_ai_terminal_outcome_persistence_failure', {
				thread_id: task.threadId,
				run_id: task.runId,
				task_id: task.taskId,
				status: outcome.status,
				phase: 'snapshot',
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e8089958461261df Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai.adapter.service.ts:525
					telemetry.track('Builder published workflow', {
						thread_id: threadId,
						workflow_id: workflowId,
						executed_by: 'ai',
					});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #baecea64dbb59992 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai.adapter.service.ts:698
					telemetry.track('Builder created workflow', {
						thread_id: threadId,
						workflow_id: updated.id,
					});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #45d10af558c632b6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai.adapter.service.ts:775
					telemetry.track('Builder modified workflow', {
						thread_id: threadId,
						workflow_id: workflowId,
					});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #59437f7f4dfaaf89 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai.adapter.service.ts:1074
					telemetry.track('Builder executed workflow', {
						thread_id: threadId,
						workflow_id: workflowId,
						executed_by: 'ai',
						pinned_node_count: Object.keys(runData.pinData ?? {}).length,
						exec_type: runData.executionMode,
						status,
						...(error ? { error } : {}),
					});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #550de31252b21030 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai.service.ts:1646
			this.telemetry?.track('instance_ai_workflow_verification_obligation', {
				event,
				thread_id: obligation.threadId,
				run_id: obligation.runId,
				task_id: obligation.taskId,
				planned_task_id: obligation.plannedTaskId,
				work_item_id: obligation.workItemId,
				workflow_id: obligation.workflowId,
				source: obligation.source,
				policy: obligation.policy,
				status: obligation.status,
				readiness_status: obligation.readiness?.status,
				setup_status: obligation.setupRequirement?.status,
				has_evidence: obligation.evidence?.attempted === true,
				evidence_success: obligation.evidence?.success,
				blocking_reason: obligation.blockingReason,
				...extra,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a8e3457e89b45957 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai.service.ts:2042
			this.telemetry.track(eventName, properties);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b7c34a69082ea13e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai.service.ts:2059
				this.telemetry.track(eventName, properties);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ede0276d89161979 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai.service.ts:3328
					this.telemetry.track('Builder sent message', {
						thread_id: threadId,
						message: intermediateText,
						is_intermediate: true,
					});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #2d8a80f0d6c2ce65 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai.service.ts:3482
				this.telemetry.track('Builder sent message', {
					thread_id: threadId,
					message: outputText,
				});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #fcbc62057f1dcc56 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai.service.ts:3486
				this.telemetry.track('Builder satisfied user intent', {
					thread_id: threadId,
				});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #fa896d98d5351e5b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai.service.ts:4456
					this.telemetry.track('Builder sent message', {
						thread_id: opts.threadId,
						message: intermediateText,
						is_intermediate: true,
					});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #073186cf8b3f18d4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai.service.ts:4606
				this.telemetry.track('Builder sent message', {
					thread_id: opts.threadId,
					message: outputText,
				});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #c5bd05483e0860aa Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai.service.ts:4610
				this.telemetry.track('Builder satisfied user intent', {
					thread_id: opts.threadId,
				});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #8daf0e1c55512874 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai.service.ts:5045
		this.telemetry.track('Builder asked for input', {
			thread_id: threadId,
			input_thread_id: inputThreadId,
			type,
			num_steps: numSteps,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #19d25b9be3710cad Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai.service.ts:5130
		this.telemetry.track('instance_ai_run_finished', {
			thread_id: threadId,
			run_id: runId,
			status: effectiveStatus,
			...(userId ? { user_id: userId } : {}),
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #2ee522887aa1c7ba Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/instance-ai/instance-ai.service.ts:5387
			this.telemetry.track('Instance AI mcp tool called', {
				user_id: userId,
				server_slug: serverSlug,
				tool_name: toolName,
				success,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a98a4cbf9d63ee09 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/log-streaming.ee/destinations/message-event-bus-destination-sentry.ee.ts:1
import * as Sentry from '@sentry/node';

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #8c2f0fef9b232c11 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/mcp-server-middleware.service.ts:139
		this.telemetry.track(USER_CONNECTED_TO_MCP_EVENT, payload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #0fe933cae66aeb24 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/mcp.controller.ts:216
		this.telemetry.track(USER_CONNECTED_TO_MCP_EVENT, payload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #44042d93e2676c71 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/mcp.service.ts:509
					this.telemetry.track(MCP_PREVIEW_RENDER_REQUESTED_EVENT, {
						user_id: user.id,
						client_name: clientInfo?.name,
						client_version: clientInfo?.version,
					});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #02d9cf81f50f7cc9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/data-table/add-data-table-column.tool.ts:74
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #0c86d89b9a931fa3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/data-table/add-data-table-column.tool.ts:83
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #75f6b15614450ca2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/data-table/add-data-table-rows.tool.ts:76
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #4248bc3e77a8040d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/data-table/add-data-table-rows.tool.ts:88
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d0f189e67a872ee2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/data-table/create-data-table.tool.ts:90
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #70f69c8932769155 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/data-table/create-data-table.tool.ts:102
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d861c4c9f7974bad Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/data-table/delete-data-table-column.tool.ts:59
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #767d2178d8b7ea33 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/data-table/delete-data-table-column.tool.ts:68
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e3a1c36bcb1e91ec Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/data-table/rename-data-table-column.tool.ts:75
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #35a78a1c3c0cb86d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/data-table/rename-data-table-column.tool.ts:84
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #4f8e6c9bf8ca2646 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/data-table/rename-data-table.tool.ts:58
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #75de8d6a8595b8e5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/data-table/rename-data-table.tool.ts:67
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #1b9608cc096e8dfc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/data-table/search-data-tables.tool.ts:91
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #95024cab8084008e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/data-table/search-data-tables.tool.ts:104
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #214f630dac3a582c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/execute-workflow.tool.ts:147
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #3d3d886c148df39a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/execute-workflow.tool.ts:181
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #8aefb00a3cffbb67 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/get-execution.tool.ts:157
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #77ea0f97736094e1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/get-execution.tool.ts:195
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e1266fde073f7bda Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/get-workflow-details.tool.ts:87
				telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #189bc4db20fdd4fa Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/get-workflow-details.tool.ts:99
				telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ccbed65066e772e9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/get-workflow-history.tool.ts:102
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #cf60db1f20a019a6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/get-workflow-history.tool.ts:125
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #f030982edf2dfb20 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/get-workflow-version.tool.ts:110
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #65283d7f49c5ea8e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/get-workflow-version.tool.ts:140
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a3567e344e39de0e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/list-credentials.tool.ts:135
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e2e42ed311bc7765 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/list-credentials.tool.ts:147
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #0817c159df3dcf08 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/list-tags.tool.ts:96
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #451afc820d0ceea3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/list-tags.tool.ts:107
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #2405de16fe4cf5ee Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/prepare-workflow-pin-data.tool.ts:100
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d4681bb5af3251e0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/prepare-workflow-pin-data.tool.ts:109
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #1d29e92016739e45 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/publish-workflow.tool.ts:93
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #851b4888dba52480 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/publish-workflow.tool.ts:115
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #8f4a3113026e90ce Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/search-executions.tool.ts:150
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #dd8c7394d90409dc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/search-executions.tool.ts:165
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #1bdd60b0e0848d84 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/search-folders.tool.ts:75
				telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #28ae88a8f8be3c82 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/search-folders.tool.ts:103
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #78dbed7be7686e52 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/search-folders.tool.ts:116
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #807262b32ec5d730 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/search-projects.tool.ts:166
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #c207eebe963b1029 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/search-projects.tool.ts:179
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #9b691bdb8269dc1b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/search-workflows.tool.ts:130
				telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #f03b5970cc7e2eb1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/search-workflows.tool.ts:148
				telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #4ed9254c5b05b2da Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/test-workflow.tool.ts:112
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #51d1031322e56741 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/test-workflow.tool.ts:136
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #75faaeba89abd312 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/unpublish-workflow.tool.ts:82
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #477bc3ca067aa1b3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/unpublish-workflow.tool.ts:103
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #9f267053bd045584 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/workflow-builder/connection-structure-check.ts:174
	telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a53a6f31393a89d5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/workflow-builder/create-workflow-from-code.tool.ts:211
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e012215cfff66b70 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/workflow-builder/create-workflow-from-code.tool.ts:328
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #3542f0ca6ad5dd2a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/workflow-builder/create-workflow-from-code.tool.ts:389
					telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #dc1d3487630d7584 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/workflow-builder/create-workflow-from-code.tool.ts:416
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b4b2cc8b754cb469 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/workflow-builder/delete-workflow.tool.ts:71
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #20cfe7e5203fc3f9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/workflow-builder/delete-workflow.tool.ts:90
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #bc3fb899e180186d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/workflow-builder/explore-node-resources.tool.ts:128
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #8264f657fbcaeff4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/workflow-builder/explore-node-resources.tool.ts:141
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ae970e6c9845c6d3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/workflow-builder/get-workflow-best-practices.tool.ts:140
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #cb3a6dfcf635e259 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/workflow-builder/get-workflow-best-practices.tool.ts:151
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #da4ba2e26ea5b02f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/workflow-builder/get-workflow-node-types.tool.ts:68
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ab4b3fbc9bfd094b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/workflow-builder/get-workflow-node-types.tool.ts:79
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #0b4f6ca61945373c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/workflow-builder/get-workflow-sdk-reference.tool.ts:68
		telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #758d155e35447de0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/workflow-builder/restore-workflow-version.tool.ts:128
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #7abb431f96c50e06 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/workflow-builder/restore-workflow-version.tool.ts:151
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #f1d69a924e95f4d5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/workflow-builder/search-workflow-nodes.tool.ts:67
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #3b766f56bb1acc07 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/workflow-builder/search-workflow-nodes.tool.ts:78
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #90a3be9933a54c3a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/workflow-builder/update-workflow.tool.ts:744
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #f469bf5e8db4423d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/workflow-builder/update-workflow.tool.ts:771
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ed37bf14a17f8ae9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/workflow-builder/validate-node.tool.ts:133
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #03650f52cf65da1a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/workflow-builder/validate-node.tool.ts:148
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #28094e16ec9ec93c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/workflow-builder/validate-workflow-code.tool.ts:104
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #1723b71df941a5ff Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/modules/mcp/tools/workflow-builder/validate-workflow-code.tool.ts:126
			telemetry.track(USER_CALLED_MCP_TOOL_EVENT, telemetryPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only #5518c583daabb5ec Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/posthog/__tests__/posthog.test.ts:5
import { PostHog } from 'posthog-node';

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only #de43b4d1159f3332 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/posthog/__tests__/posthog.test.ts:52
		ph.track({
			userId: 'test',
			event: 'test',
			properties: {},
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only #a88aceaaf0383a05 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/posthog/__tests__/posthog.test.ts:72
		ph.track({
			userId,
			event,
			properties,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only #d42c512760c5cab8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/posthog/__tests__/posthog.test.ts:89
		ph.track({
			userId: instanceId,
			event: 'Instance started',
			properties: { instance_id: instanceId },
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only #15ba22b01e2ec355 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/posthog/__tests__/posthog.test.ts:102
		ph.track({
			userId: '',
			event: 'Some event',
			properties: {},
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ad1d11062c9fced8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/posthog/index.ts:7
import type { PostHog, FeatureFlagEvaluations } from 'posthog-node';

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #10fc6b754b0231f0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/services/ai-workflow-builder.service.ts:122
			this.telemetry.track(event, properties);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #7d9210d795c5b9ce Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/services/user.service.ts:173
			publicUser.featureFlags = await posthog.getFeatureFlags(publicUser);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only #e68c68cd3fa8ede6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/telemetry/__tests__/telemetry.test.ts:990
			telemetry.track(eventName, properties);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only #010081b0ddb5531f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/telemetry/__tests__/telemetry.test.ts:1006
			telemetry.track(eventName, properties);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only #61b99e8e2d1f3831 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/telemetry/__tests__/telemetry.test.ts:1025
			telemetry.track(eventName, properties);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only #bf7ee33e71231e24 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/telemetry/__tests__/telemetry.test.ts:1037
			telemetry.track(eventName, {});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only #32a27347ce033b12 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/telemetry/__tests__/telemetry.test.ts:1049
			telemetry.track(eventName, {});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #40270570f361aa08 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/telemetry/index.ts:230
				this.track('Public API usage', {
					user_id: userId,
					total_calls: entry.total_calls,
					first: entry.first,
					endpoints: JSON.stringify(entry.endpoints),
					user_agents: JSON.stringify(entry.user_agents),
				});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d04e1ee3b9de7ac1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/telemetry/index.ts:258
		this.track('pulse', pulsePacket);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #1250062dd246cd10 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/telemetry/index.ts:276
			this.track('Workflow execution count', {
				event_version: '2',
				workflow_id: workflowId,
				...this.executionCountsBuffer[workflowId],
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #31d91f8b28a63e74 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/telemetry/index.ts:300
			this.track('Agent execution count', {
				event_version: '1',
				agent_id,
				...(user_id ? { user_id } : {}),
				...counts,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #9af2d0d684126428 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/telemetry/index.ts:334
			this.track('Agent session metrics', {
				event_version: '1',
				agent_id: bucket.agent_id,
				...bucket.configuration,
				run_type: bucket.run_type,
				turn_status: bucket.turn_status,
				session_count: sessions.length,
				turn_count: turnCount,
				latency_ms_sum: latencyMsSum,
				cost_sum: costSum,
				tool_call_count_sum: toolCallCountSum,
				num_skills_sum: numSkillsSum,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e8549ab380075889 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/telemetry/index.ts:386
				this.track('Workflow execution with end-user credentials', properties);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #13fc898029a79ee2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/telemetry/index.ts:394
				this.track('Workflow execution errored', properties);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #914e5dbb85c7d5e3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/telemetry/index.ts:588
		this.postHog?.track(payload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #cdc0d8b4f81b01c1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/cli/src/telemetry/index.ts:590
		return this.rudderStack.track(rudderStackPayload);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 668 low-confidence finding(s)
low env_fs production #a5552aefd388e970 Environment-variable access.
repo/packages/cli/bin/n8n:7
process.env.NODE_CONFIG_DIR = process.env.NODE_CONFIG_DIR || path.join(__dirname, 'config');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #269e154b6e84b4f0 Environment-variable access.
repo/packages/cli/bin/n8n:38
if (process.env.E2E_TESTS !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6c13ea6c03c190f7 Environment-variable access.
repo/packages/cli/bin/n8n:48
if (process.env.NODEJS_PREFER_IPV4 === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6519843effaa04a9 Filesystem access.
repo/packages/cli/scripts/agent-integration-recordings.mjs:1
import { mkdir, readFile, readdir, writeFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c285f548769e02fe Environment-variable access.
repo/packages/cli/scripts/agent-integration-recordings.mjs:28
		process.env.N8N_AGENT_INTEGRATION_RECORDING_DIR ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2dda12e35cb5afdf Filesystem access.
repo/packages/cli/scripts/agent-integration-recordings.mjs:51
				const contents = await readFile(join(dir, file), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fac52202a97c9c14 Filesystem access.
repo/packages/cli/scripts/agent-integration-recordings.mjs:63
	const contents = await readFile(file, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c76a67266d41c102 Filesystem access.
repo/packages/cli/scripts/agent-integration-recordings.mjs:73
	await writeFile(outputPath, `${JSON.stringify(records, null, 2)}\n`, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9001d674334ca9ca Filesystem access.
repo/packages/cli/scripts/build.mjs:2
import { writeFileSync, existsSync, mkdirSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #64b515dc210bf255 Environment-variable access.
repo/packages/cli/scripts/build.mjs:15
const publicApiEnabled = process.env.N8N_PUBLIC_API_DISABLED !== 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #89da2c0fd04f9c8a Filesystem access.
repo/packages/cli/scripts/build.mjs:110
	writeFileSync(path.resolve(ROOT_DIR, 'dist/timezones.json'), JSON.stringify({ data }));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1284f3e4ce81a1b1 Filesystem access.
repo/packages/cli/scripts/bundle-agent-library.mjs:16
import { writeFileSync, mkdirSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #187da0ec9abb189e Filesystem access.
repo/packages/cli/scripts/bundle-agent-library.mjs:71
	writeFileSync(OUTPUT_FILE, bundle, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e20ba0524db4df08 Filesystem access.
repo/packages/cli/src/__tests__/external-hooks.test.ts:21
	const { mkdtempSync, writeFileSync } = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8712eebf6297670c Filesystem access.
repo/packages/cli/src/__tests__/external-hooks.test.ts:28
	writeFileSync(
		p,
		'module.exports = { workflow: { create: [(...args) => globalThis.__extHookFn(...args)] } };',
	);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6f84be79e2a91cb0 Filesystem access.
repo/packages/cli/src/__tests__/load-nodes-and-credentials.test.ts:4
import fs from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2ebb858ec092395b Environment-variable access.
repo/packages/cli/src/__tests__/load-nodes-and-credentials.test.ts:47
	const originalNodePath = process.env.NODE_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a3ce851e15e99702 Environment-variable access.
repo/packages/cli/src/__tests__/load-nodes-and-credentials.test.ts:56
			delete process.env.NODE_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #28737a1455399315 Environment-variable access.
repo/packages/cli/src/__tests__/load-nodes-and-credentials.test.ts:58
			process.env.NODE_PATH = originalNodePath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #da8db05e874c76b7 Environment-variable access.
repo/packages/cli/src/__tests__/load-nodes-and-credentials.test.ts:64
		process.env.NODE_PATH = existingPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a0cd4d490ca72527 Environment-variable access.
repo/packages/cli/src/__tests__/load-nodes-and-credentials.test.ts:68
		process.env.NODE_PATH = [modulePaths.join(delimiter), process.env.NODE_PATH]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4e3b7a95c292bec1 Environment-variable access.
repo/packages/cli/src/__tests__/load-nodes-and-credentials.test.ts:72
		expect(process.env.NODE_PATH).toContain(existingPath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b565fd88340f7a6e Environment-variable access.
repo/packages/cli/src/__tests__/load-nodes-and-credentials.test.ts:73
		expect(process.env.NODE_PATH?.endsWith(existingPath)).toBe(true);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5a297e7004405451 Environment-variable access.
repo/packages/cli/src/__tests__/load-nodes-and-credentials.test.ts:77
		delete process.env.NODE_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #eb147d9164febfbf Environment-variable access.
repo/packages/cli/src/__tests__/load-nodes-and-credentials.test.ts:80
		process.env.NODE_PATH = [modulePaths.join(delimiter), process.env.NODE_PATH]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8b875ef4ff1b0102 Environment-variable access.
repo/packages/cli/src/__tests__/load-nodes-and-credentials.test.ts:84
		expect(process.env.NODE_PATH).toBe(modulePaths.join(delimiter));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ad57a3a7dfdd4909 Environment-variable access.
repo/packages/cli/src/__tests__/load-nodes-and-credentials.test.ts:85
		expect(process.env.NODE_PATH).not.toContain('undefined');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2ef30e89cea7ff0d Environment-variable access.
repo/packages/cli/src/__tests__/load-nodes-and-credentials.test.ts:215
			process.env.N8N_ENV_FEAT_DYNAMIC_CREDENTIALS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #120a87b1a66e6b12 Environment-variable access.
repo/packages/cli/src/__tests__/load-nodes-and-credentials.test.ts:235
			delete process.env.N8N_ENV_FEAT_DYNAMIC_CREDENTIALS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9882fbb997219a41 Environment-variable access.
repo/packages/cli/src/__tests__/load-nodes-and-credentials.test.ts:240
			delete process.env.N8N_ENV_FEAT_DYNAMIC_CREDENTIALS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #83952a640468a6db Environment-variable access.
repo/packages/cli/src/__tests__/load-nodes-and-credentials.test.ts:275
			process.env.N8N_ENV_FEAT_DYNAMIC_CREDENTIALS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #59040562d9959adf Environment-variable access.
repo/packages/cli/src/__tests__/utils.test.ts:258
		delete process.env.ENABLE_OBSERVABILITY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #50e66776a107a438 Environment-variable access.
repo/packages/cli/src/__tests__/utils.test.ts:262
		expect(process.env.ENABLE_OBSERVABILITY).toBe('true');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0f4397244bcdfd3a Environment-variable access.
repo/packages/cli/src/__tests__/utils.test.ts:266
		process.env.ENABLE_OBSERVABILITY = '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #eb83a6950cfcaec4 Environment-variable access.
repo/packages/cli/src/__tests__/utils.test.ts:270
		expect(process.env.ENABLE_OBSERVABILITY).toBe('true');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #351a5d4296bc0244 Environment-variable access.
repo/packages/cli/src/__tests__/utils.test.ts:274
		process.env.ENABLE_OBSERVABILITY = 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f9568ac8a4346d83 Environment-variable access.
repo/packages/cli/src/__tests__/utils.test.ts:278
		expect(process.env.ENABLE_OBSERVABILITY).toBe('false');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1b3fa907bf2c126f Environment-variable access.
repo/packages/cli/src/__tests__/utils.test.ts:282
		delete process.env.ENABLE_A365_OBSERVABILITY_EXPORTER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #03df23bb7b97f1f0 Environment-variable access.
repo/packages/cli/src/__tests__/utils.test.ts:286
		expect(process.env.ENABLE_A365_OBSERVABILITY_EXPORTER).toBe('true');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f9c2701848cf3175 Environment-variable access.
repo/packages/cli/src/__tests__/utils.test.ts:290
		process.env.ENABLE_A365_OBSERVABILITY_EXPORTER = '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #acb0ca7214a33fc0 Environment-variable access.
repo/packages/cli/src/__tests__/utils.test.ts:294
		expect(process.env.ENABLE_A365_OBSERVABILITY_EXPORTER).toBe('true');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #80f448491d4a142b Environment-variable access.
repo/packages/cli/src/__tests__/utils.test.ts:298
		process.env.ENABLE_A365_OBSERVABILITY_EXPORTER = 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #03de08782268502e Environment-variable access.
repo/packages/cli/src/__tests__/utils.test.ts:302
		expect(process.env.ENABLE_A365_OBSERVABILITY_EXPORTER).toBe('false');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #907a9cea537b70e5 Environment-variable access.
repo/packages/cli/src/__tests__/utils.test.ts:306
		delete process.env.ENABLE_OBSERVABILITY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5af32d5e2c12e538 Environment-variable access.
repo/packages/cli/src/__tests__/utils.test.ts:307
		delete process.env.ENABLE_A365_OBSERVABILITY_EXPORTER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7cdba869ed9919d8 Environment-variable access.
repo/packages/cli/src/__tests__/utils.test.ts:311
		expect(process.env.ENABLE_OBSERVABILITY).toBe('true');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #aee8bd5791bd069d Environment-variable access.
repo/packages/cli/src/__tests__/utils.test.ts:312
		expect(process.env.ENABLE_A365_OBSERVABILITY_EXPORTER).toBe('true');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2bc2684c32a569b5 Environment-variable access.
repo/packages/cli/src/__tests__/utils.test.ts:316
		process.env.ENABLE_OBSERVABILITY = '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #740736be9c9caa66 Environment-variable access.
repo/packages/cli/src/__tests__/utils.test.ts:317
		process.env.ENABLE_A365_OBSERVABILITY_EXPORTER = '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3914b1e112c84fdc Environment-variable access.
repo/packages/cli/src/__tests__/utils.test.ts:321
		expect(process.env.ENABLE_OBSERVABILITY).toBe('true');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #17ee2d54e0e65d80 Environment-variable access.
repo/packages/cli/src/__tests__/utils.test.ts:322
		expect(process.env.ENABLE_A365_OBSERVABILITY_EXPORTER).toBe('true');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #580bf517a467c2ee Environment-variable access.
repo/packages/cli/src/__tests__/utils.test.ts:326
		process.env.ENABLE_OBSERVABILITY = 'custom-value';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #af39f65f0213bef7 Environment-variable access.
repo/packages/cli/src/__tests__/utils.test.ts:327
		delete process.env.ENABLE_A365_OBSERVABILITY_EXPORTER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #015ba742f17b371a Environment-variable access.
repo/packages/cli/src/__tests__/utils.test.ts:331
		expect(process.env.ENABLE_OBSERVABILITY).toBe('custom-value');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #47fe59d9b1cacfe3 Environment-variable access.
repo/packages/cli/src/__tests__/utils.test.ts:332
		expect(process.env.ENABLE_A365_OBSERVABILITY_EXPORTER).toBe('true');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #39cb9feb64b087a6 Filesystem access.
repo/packages/cli/src/abstract-server.ts:8
import { readFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b5e3ad8a28de664c Filesystem access.
repo/packages/cli/src/abstract-server.ts:179
					key: await readFile(this.sslKey, 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c226665f1caefef9 Filesystem access.
repo/packages/cli/src/abstract-server.ts:180
					cert: await readFile(this.sslCert, 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #568c9ec9c869f36b Environment-variable access.
repo/packages/cli/src/auth/__tests__/auth.service.test.ts:212
				originalPreviewMode = process.env.N8N_PREVIEW_MODE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3eaeb0f25a32f178 Environment-variable access.
repo/packages/cli/src/auth/__tests__/auth.service.test.ts:221
					delete process.env.N8N_PREVIEW_MODE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #465a86c24825a6d7 Environment-variable access.
repo/packages/cli/src/auth/__tests__/auth.service.test.ts:223
					process.env.N8N_PREVIEW_MODE = originalPreviewMode;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a559157be48bb96c Environment-variable access.
repo/packages/cli/src/auth/__tests__/auth.service.test.ts:228
				process.env.N8N_PREVIEW_MODE = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #29457c152af1903a Environment-variable access.
repo/packages/cli/src/auth/__tests__/auth.service.test.ts:246
				process.env.N8N_PREVIEW_MODE = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #55e1a28e3b75d932 Environment-variable access.
repo/packages/cli/src/auth/__tests__/auth.service.test.ts:264
				process.env.N8N_PREVIEW_MODE = 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fc84d40f8d7b6193 Environment-variable access.
repo/packages/cli/src/auth/__tests__/auth.service.test.ts:282
				delete process.env.N8N_PREVIEW_MODE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6a74241e2a2ae528 Environment-variable access.
repo/packages/cli/src/auth/__tests__/auth.service.test.ts:300
				process.env.N8N_PREVIEW_MODE = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8b8becb6a03d4a9d Environment-variable access.
repo/packages/cli/src/auth/__tests__/auth.service.test.ts:321
				process.env.N8N_PREVIEW_MODE = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #829e8257e9691967 Environment-variable access.
repo/packages/cli/src/auth/__tests__/auth.service.test.ts:485
				const originalPreviewMode = process.env.N8N_PREVIEW_MODE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #22c2d951d0e77db6 Environment-variable access.
repo/packages/cli/src/auth/__tests__/auth.service.test.ts:486
				process.env.N8N_PREVIEW_MODE = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0389c0e80031c9c8 Environment-variable access.
repo/packages/cli/src/auth/__tests__/auth.service.test.ts:507
					delete process.env.N8N_PREVIEW_MODE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #313e6fc61c3b7d20 Environment-variable access.
repo/packages/cli/src/auth/__tests__/auth.service.test.ts:509
					process.env.N8N_PREVIEW_MODE = originalPreviewMode;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #336e33b2313502d8 Environment-variable access.
repo/packages/cli/src/auth/auth.service.ts:155
			const isPreviewMode = process.env.N8N_PREVIEW_MODE === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3fad6d4e2bded3a5 Filesystem access.
repo/packages/cli/src/binary-data/__tests__/database.manager.integration.test.ts:294
		await writeFile(tempFilePath, buffer);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #62f50e924b26fbcd Filesystem access.
repo/packages/cli/src/binary-data/__tests__/database.manager.integration.test.ts:324
		await writeFile(tempFilePath, oversizedBuffer);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #98bcfb1bbc78aa9d Filesystem access.
repo/packages/cli/src/binary-data/database.manager.ts:135
		const buffer = await readFile(sourcePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3799661f5186cee6 Filesystem access.
repo/packages/cli/src/blob-storage/__tests__/fs-byte-store.integration.test.ts:58
		const onDisk = await fs.readFile(join(storagePath, 'a/b/c/blob.json'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fef9cdee7de5b268 Filesystem access.
repo/packages/cli/src/blob-storage/fs-byte-store.ts:30
			await fs.writeFile(tempPath, body);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #776da89b8b3c2f26 Filesystem access.
repo/packages/cli/src/blob-storage/fs-byte-store.ts:44
			return await fs.readFile(readPath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #75cbcd0c5ac36bdb Environment-variable access.
repo/packages/cli/src/commands/base-command.ts:170
		if (process.env.EXECUTIONS_PROCESS === 'own') process.exit(-1);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #46898c523f296eb6 Filesystem access.
repo/packages/cli/src/commands/execute-batch.ts:5
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #869a9d396c9e9bed Filesystem access.
repo/packages/cli/src/commands/execute-batch.ts:246
				const contents = fs.readFileSync(flags.ids, { encoding: 'utf-8' });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0e108e0c9c7413b5 Filesystem access.
repo/packages/cli/src/commands/execute-batch.ts:270
				const contents = fs.readFileSync(flags.skipList, { encoding: 'utf-8' });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #24fa5519680cd3e8 Filesystem access.
repo/packages/cli/src/commands/execute-batch.ts:337
			fs.writeFileSync(flags.output, this.formatJsonOutput(results));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #369ffd21cfdb0d46 Environment-variable access.
repo/packages/cli/src/commands/execute-batch.ts:534
		const output = process.env.GITHUB_OUTPUT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #29e2db0ccad537c5 Filesystem access.
repo/packages/cli/src/commands/execute-batch.ts:811
								const contents = fs.readFileSync(fileName, { encoding: 'utf-8' });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1295aa721d012821 Filesystem access.
repo/packages/cli/src/commands/execute-batch.ts:854
							fs.writeFileSync(fileName, serializedData);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #99db97c8aec33d2e Filesystem access.
repo/packages/cli/src/commands/export/credentials.ts:5
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e6aa8c53b03e7f08 Filesystem access.
repo/packages/cli/src/commands/export/credentials.ts:148
				fs.writeFileSync(filename, fileContents);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b5e50de638c062dc Filesystem access.
repo/packages/cli/src/commands/export/credentials.ts:154
				fs.writeFileSync(flags.output, fileContents);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a634bdaccc009705 Filesystem access.
repo/packages/cli/src/commands/export/nodes.ts:3
import { createWriteStream } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e8749bcd239dd193 Filesystem access.
repo/packages/cli/src/commands/export/nodes.ts:4
import { mkdir } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ddd22a70f1da407f Filesystem access.
repo/packages/cli/src/commands/export/workflow.ts:5
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #de13983318629ca7 Filesystem access.
repo/packages/cli/src/commands/export/workflow.ts:158
				fs.writeFileSync(filename, fileContents);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c2063358b1a753dc Filesystem access.
repo/packages/cli/src/commands/export/workflow.ts:164
				fs.writeFileSync(flags.output, fileContents);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #983672758257f533 Filesystem access.
repo/packages/cli/src/commands/import/credentials.ts:15
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d646e657c3519e2d Filesystem access.
repo/packages/cli/src/commands/import/credentials.ts:248
				jsonParse<Partial<CredentialsEntity>>(fs.readFileSync(file, { encoding: 'utf8' })),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5b15d822554fba49 Filesystem access.
repo/packages/cli/src/commands/import/credentials.ts:252
				fs.readFileSync(inputPath, { encoding: 'utf8' }),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b75af18e4f838946 Filesystem access.
repo/packages/cli/src/commands/import/workflow.ts:13
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fcec8ea855499202 Filesystem access.
repo/packages/cli/src/commands/import/workflow.ts:253
				fs.readFileSync(path, { encoding: 'utf8' }),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b988cd314fcaccb1 Filesystem access.
repo/packages/cli/src/commands/import/workflow.ts:269
			const workflow = jsonParse<IWorkflowToImport>(fs.readFileSync(file, { encoding: 'utf8' }));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a2cc49883b6bceaf Filesystem access.
repo/packages/cli/src/commands/start.ts:14
import { createReadStream, createWriteStream, existsSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b8b78f272b41836a Filesystem access.
repo/packages/cli/src/commands/start.ts:15
import { mkdir } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #85d919393816c5aa Environment-variable access.
repo/packages/cli/src/commands/start.ts:136
			environment: process.env.ENVIRONMENT || 'development',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #209db87ee658ff4c Environment-variable access.
repo/packages/cli/src/commands/start.ts:137
			serverName: process.env.DEPLOYMENT_NAME,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3f077711c7817a0b Environment-variable access.
repo/packages/cli/src/commands/start.ts:208
			if (process.env.OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #df3f7ce814455a3c Environment-variable access.
repo/packages/cli/src/concurrency/__tests__/concurrency-control.service.test.ts:51
	const originalEvalEnv = process.env.N8N_CONCURRENCY_EVALUATION_LIMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #14bdda473ef1e05f Environment-variable access.
repo/packages/cli/src/concurrency/__tests__/concurrency-control.service.test.ts:53
		process.env.N8N_CONCURRENCY_EVALUATION_LIMIT = '-1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0e24ae5a233dba0b Environment-variable access.
repo/packages/cli/src/concurrency/__tests__/concurrency-control.service.test.ts:56
		if (originalEvalEnv === undefined) delete process.env.N8N_CONCURRENCY_EVALUATION_LIMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9a53a2669296352c Environment-variable access.
repo/packages/cli/src/concurrency/__tests__/concurrency-control.service.test.ts:57
		else process.env.N8N_CONCURRENCY_EVALUATION_LIMIT = originalEvalEnv;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #53f75f24991def8e Environment-variable access.
repo/packages/cli/src/concurrency/__tests__/concurrency-control.service.test.ts:221
			delete process.env.N8N_CONCURRENCY_EVALUATION_LIMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8676208c256c48f6 Environment-variable access.
repo/packages/cli/src/concurrency/__tests__/concurrency-control.service.test.ts:226
			process.env.N8N_CONCURRENCY_EVALUATION_LIMIT = '-1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e510bf72d984817f Environment-variable access.
repo/packages/cli/src/concurrency/__tests__/concurrency-control.service.test.ts:297
			process.env.N8N_CONCURRENCY_EVALUATION_LIMIT = '-1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0db8b82644233d0c Filesystem access.
repo/packages/cli/src/config/index.ts:5
import { readFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #449362bb3326cc5c Environment-variable access.
repo/packages/cli/src/config/index.ts:17
	process.env.EXTERNAL_FRONTEND_HOOKS_URLS = '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e11774cd935548b6 Environment-variable access.
repo/packages/cli/src/config/index.ts:18
	process.env.N8N_PERSONALIZATION_ENABLED = 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9c438fb67d14165a Environment-variable access.
repo/packages/cli/src/config/index.ts:19
	process.env.N8N_AI_ENABLED = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b13eb7dd6e1211e0 Environment-variable access.
repo/packages/cli/src/config/index.ts:23
	process.env.SKIP_STATISTICS_EVENTS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fa47a6a52dcc868c Environment-variable access.
repo/packages/cli/src/config/index.ts:25
	process.env.N8N_SKIP_AUTH_ON_OAUTH_CALLBACK = 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d0ad0d0a34beb656 Filesystem access.
repo/packages/cli/src/config/index.ts:47
					value = readFileSync(fileName, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #92208600358e856b Filesystem access.
repo/packages/cli/src/constants.ts:2
import { readFileSync, statSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #609dfb28d728a2c9 Filesystem access.
repo/packages/cli/src/constants.ts:28
const n8nPackageJson = jsonParse<n8n.PackageJson>(readFileSync(packageJsonPath, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0088ff002a4fb363 Filesystem access.
repo/packages/cli/src/constants.ts:30
	readFileSync(aiAssistantPackageJsonPath, 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8911c72bdc9023fc Filesystem access.
repo/packages/cli/src/constants.ts:33
	readFileSync(workflowSdkPackageJsonPath, 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #050b2ed0a15aa23c Environment-variable access.
repo/packages/cli/src/constants/workflow-reviews.ts:6
	return process.env[WORKFLOW_REVIEWS_ENV_FEATURE_FLAG] === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4ec246fe197410e4 Filesystem access.
repo/packages/cli/src/controllers/__tests__/translation.controller.test.ts:15
	const { mkdtempSync, writeFileSync } = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #adb33270033c526f Filesystem access.
repo/packages/cli/src/controllers/__tests__/translation.controller.test.ts:22
	writeFileSync(p, JSON.stringify({ translation: 'string' }));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3de3eb4339bb473f Filesystem access.
repo/packages/cli/src/controllers/instance-ai-examples.controller.ts:101
		const raw = readFileSync(filePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0b69405a35d85835 Filesystem access.
repo/packages/cli/src/controllers/third-party-licenses.controller.ts:3
import { readFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #80fbf05592de9d95 Filesystem access.
repo/packages/cli/src/controllers/third-party-licenses.controller.ts:19
			const content = await readFile(licenseFile, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9cf7e09b5e810f13 Filesystem access.
repo/packages/cli/src/controllers/translation.controller.ts:5
import { access } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #66886b97145ca62a Filesystem access.
repo/packages/cli/src/crash-journal.ts:3
import { existsSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #35fef71dbbe92608 Filesystem access.
repo/packages/cli/src/crash-journal.ts:4
import { mkdir, utimes, open, rm } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #66ca441fd733b4d5 Environment-variable access.
repo/packages/cli/src/databases/repositories/__tests__/workflow-statistics.integration.test.ts:10
const runOnSqlite = (process.env.DB_TYPE ?? 'sqlite') === 'sqlite';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c82ec51d415b720a Environment-variable access.
repo/packages/cli/src/deprecation/__tests__/deprecation.service.test.ts:31
		const originalEnv = process.env[envVar];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7ffdea98b40f6c2c Environment-variable access.
repo/packages/cli/src/deprecation/__tests__/deprecation.service.test.ts:35
				process.env[envVar] = value;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #393e052e8c6dab04 Environment-variable access.
repo/packages/cli/src/deprecation/__tests__/deprecation.service.test.ts:37
				delete process.env[envVar];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7b4eaa575fa675d3 Environment-variable access.
repo/packages/cli/src/deprecation/__tests__/deprecation.service.test.ts:53
				process.env[envVar] = originalEnv;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e466352b829ae6ac Environment-variable access.
repo/packages/cli/src/deprecation/__tests__/deprecation.service.test.ts:55
				delete process.env[envVar];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1cd7e5ee96ff8c86 Environment-variable access.
repo/packages/cli/src/deprecation/__tests__/deprecation.service.test.ts:85
					process.env[envVar] = 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7f70990618810ec9 Environment-variable access.
repo/packages/cli/src/deprecation/__tests__/deprecation.service.test.ts:108
					process.env[envVar] = envValue;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #605497d171ee935c Environment-variable access.
repo/packages/cli/src/deprecation/__tests__/deprecation.service.test.ts:124
					process.env[envVar] = envValue;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d105f8b9e56b9380 Environment-variable access.
repo/packages/cli/src/deprecation/__tests__/deprecation.service.test.ts:140
					process.env[envVar] = envValue;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b24c89b9ef5b1d82 Environment-variable access.
repo/packages/cli/src/deprecation/__tests__/deprecation.service.test.ts:147
					process.env[envVar] = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #234a459b2c2a52f1 Environment-variable access.
repo/packages/cli/src/deprecation/__tests__/deprecation.service.test.ts:156
					delete process.env[envVar];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7cd74d301acab2c4 Environment-variable access.
repo/packages/cli/src/deprecation/__tests__/deprecation.service.test.ts:176
			delete process.env[envVar];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0e5811990f2770e5 Environment-variable access.
repo/packages/cli/src/deprecation/__tests__/deprecation.service.test.ts:187
			process.env[envVar] = value;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8383bd6df9c70eb5 Environment-variable access.
repo/packages/cli/src/deprecation/deprecation.service.ts:129
			const envValue = process.env[d.envVar];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #05b6a2e5a2bda7db Environment-variable access.
repo/packages/cli/src/evaluation.ee/__tests__/evaluation-concurrency.helper.test.ts:28
	const originalEnv = process.env[ENV_VAR];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #febcc931c0564e70 Environment-variable access.
repo/packages/cli/src/evaluation.ee/__tests__/evaluation-concurrency.helper.test.ts:31
		if (originalEnv === undefined) delete process.env[ENV_VAR];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #03a58bec33fe4123 Environment-variable access.
repo/packages/cli/src/evaluation.ee/__tests__/evaluation-concurrency.helper.test.ts:32
		else process.env[ENV_VAR] = originalEnv;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #67cbecefd88a21ea Environment-variable access.
repo/packages/cli/src/evaluation.ee/__tests__/evaluation-concurrency.helper.test.ts:41
			process.env[ENV_VAR] = envValue;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4e77b1667f0360ea Environment-variable access.
repo/packages/cli/src/evaluation.ee/__tests__/evaluation-concurrency.helper.test.ts:52
			process.env[ENV_VAR] = '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #aa0e7cbc11ae1a9d Environment-variable access.
repo/packages/cli/src/evaluation.ee/__tests__/evaluation-concurrency.helper.test.ts:66
			delete process.env[ENV_VAR];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #283eec49b050c740 Environment-variable access.
repo/packages/cli/src/evaluation.ee/__tests__/evaluation-concurrency.helper.test.ts:96
			delete process.env[ENV_VAR];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dafe637493c16648 Environment-variable access.
repo/packages/cli/src/evaluation.ee/__tests__/evaluation-concurrency.helper.test.ts:135
	const originalEnv = process.env[ENV_VAR];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #32a68dc6e82ff04a Environment-variable access.
repo/packages/cli/src/evaluation.ee/__tests__/evaluation-concurrency.helper.test.ts:138
		if (originalEnv === undefined) delete process.env[ENV_VAR];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b9053b38e3b88b78 Environment-variable access.
repo/packages/cli/src/evaluation.ee/__tests__/evaluation-concurrency.helper.test.ts:139
		else process.env[ENV_VAR] = originalEnv;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #084ce66d710dd11a Environment-variable access.
repo/packages/cli/src/evaluation.ee/__tests__/evaluation-concurrency.helper.test.ts:143
		process.env[ENV_VAR] = '3';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3faf575ba1345b63 Environment-variable access.
repo/packages/cli/src/evaluation.ee/__tests__/evaluation-concurrency.helper.test.ts:148
		delete process.env[ENV_VAR];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e6d4ecf06fda753c Environment-variable access.
repo/packages/cli/src/evaluation.ee/__tests__/evaluation-concurrency.helper.test.ts:153
		delete process.env[ENV_VAR];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #92608de75b5e43fc Environment-variable access.
repo/packages/cli/src/evaluation.ee/__tests__/evaluation-concurrency.helper.test.ts:158
		delete process.env[ENV_VAR];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3cdaf1f9d7a2b48e Environment-variable access.
repo/packages/cli/src/evaluation.ee/evaluation-concurrency.helper.ts:68
	if (process.env[EVALUATION_CONCURRENCY_ENV_VAR] !== undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #121709aefc2462da Environment-variable access.
repo/packages/cli/src/evaluation.ee/evaluation-concurrency.helper.ts:87
	if (process.env[EVALUATION_CONCURRENCY_ENV_VAR] !== undefined) return 'env';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3dc99c233bd479d5 Filesystem access.
repo/packages/cli/src/evaluation.ee/test-runner/__tests__/test-runner.service.ee.test.ts:12
import { readFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5e54671564c7c232 Filesystem access.
repo/packages/cli/src/evaluation.ee/test-runner/__tests__/test-runner.service.ee.test.ts:54
	readFileSync(path.join(__dirname, './mock-data/workflow.under-test.json'), { encoding: 'utf-8' }),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a100c94e20538c65 Environment-variable access.
repo/packages/cli/src/evaluation.ee/test-runner/__tests__/test-runner.service.ee.test.ts:550
			process.env.OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c4ae7d3261449c1d Environment-variable access.
repo/packages/cli/src/evaluation.ee/test-runner/__tests__/test-runner.service.ee.test.ts:621
			delete process.env.OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #225200a45123b30c Environment-variable access.
repo/packages/cli/src/evaluation.ee/test-runner/__tests__/test-runner.service.ee.test.ts:2340
			const originalEnv = process.env.N8N_CONCURRENCY_EVALUATION_LIMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7b1252356e14ea25 Environment-variable access.
repo/packages/cli/src/evaluation.ee/test-runner/__tests__/test-runner.service.ee.test.ts:2341
			process.env.N8N_CONCURRENCY_EVALUATION_LIMIT = '5';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7d6a37d794786b5e Environment-variable access.
repo/packages/cli/src/evaluation.ee/test-runner/__tests__/test-runner.service.ee.test.ts:2349
				if (originalEnv === undefined) delete process.env.N8N_CONCURRENCY_EVALUATION_LIMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #46665cfd82249da9 Environment-variable access.
repo/packages/cli/src/evaluation.ee/test-runner/__tests__/test-runner.service.ee.test.ts:2350
				else process.env.N8N_CONCURRENCY_EVALUATION_LIMIT = originalEnv;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9d00e36d3cd56e8c Environment-variable access.
repo/packages/cli/src/evaluation.ee/test-runner/__tests__/test-runner.service.ee.test.ts:2379
			const originalEnv = process.env.N8N_CONCURRENCY_EVALUATION_LIMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #31a4d73903f6c980 Environment-variable access.
repo/packages/cli/src/evaluation.ee/test-runner/__tests__/test-runner.service.ee.test.ts:2380
			delete process.env.N8N_CONCURRENCY_EVALUATION_LIMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ce99c30f71274a17 Environment-variable access.
repo/packages/cli/src/evaluation.ee/test-runner/__tests__/test-runner.service.ee.test.ts:2392
				if (originalEnv === undefined) delete process.env.N8N_CONCURRENCY_EVALUATION_LIMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5c827672394e50d0 Environment-variable access.
repo/packages/cli/src/evaluation.ee/test-runner/__tests__/test-runner.service.ee.test.ts:2393
				else process.env.N8N_CONCURRENCY_EVALUATION_LIMIT = originalEnv;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7f6b271051b25924 Environment-variable access.
repo/packages/cli/src/evaluation.ee/test-runner/__tests__/test-runner.service.ee.test.ts:2462
			const originalEnv = process.env.N8N_CONCURRENCY_EVALUATION_LIMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f66f41d1014c3958 Environment-variable access.
repo/packages/cli/src/evaluation.ee/test-runner/__tests__/test-runner.service.ee.test.ts:2463
			process.env.N8N_CONCURRENCY_EVALUATION_LIMIT = '2';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cbcef5580961a7b3 Environment-variable access.
repo/packages/cli/src/evaluation.ee/test-runner/__tests__/test-runner.service.ee.test.ts:2480
				if (originalEnv === undefined) delete process.env.N8N_CONCURRENCY_EVALUATION_LIMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8767e6839f5f4986 Environment-variable access.
repo/packages/cli/src/evaluation.ee/test-runner/__tests__/test-runner.service.ee.test.ts:2481
				else process.env.N8N_CONCURRENCY_EVALUATION_LIMIT = originalEnv;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #efcd2fd464264c52 Environment-variable access.
repo/packages/cli/src/evaluation.ee/test-runner/test-runner.service.ee.ts:404
			process.env.OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #833b6cc3f4ca2c9e Filesystem access.
repo/packages/cli/src/eventbus/message-event-bus-writer/__tests__/message-event-bus-log-writer.test.ts:43
		writeFileSync(path, lines.join('\n') + '\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #acdf99184f0bd8d2 Filesystem access.
repo/packages/cli/src/eventbus/message-event-bus-writer/message-event-bus-log-writer-worker.ts:1
import { appendFileSync, existsSync, rmSync, renameSync, openSync, closeSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #54dfa4191c1432f9 Filesystem access.
repo/packages/cli/src/eventbus/message-event-bus-writer/message-event-bus-log-writer-worker.ts:2
import { stat } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #db730a18bceecf8b Filesystem access.
repo/packages/cli/src/eventbus/message-event-bus-writer/message-event-bus-log-writer.ts:5
import { createReadStream, existsSync, rmSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c0fd574ba7880c7c Filesystem access.
repo/packages/cli/src/eventbus/message-event-bus/__tests__/message-event-bus.test.ts:112
		writeFileSync(stalePath, '');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #515f3b21fcc85b64 Filesystem access.
repo/packages/cli/src/executions/execution-data/__tests__/fs-store.integration.test.ts:78
		const content = await fs.readFile(filePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #16a474ddefd455d5 Filesystem access.
repo/packages/cli/src/executions/execution-data/__tests__/fs-store.integration.test.ts:96
		const onDisk = await fs.readFile(filePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c45811a305edb856 Filesystem access.
repo/packages/cli/src/executions/execution-data/__tests__/fs-store.integration.test.ts:165
		await fs.writeFile(bundlePath, 'invalid json{{{', 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #407d06317a601db0 Filesystem access.
repo/packages/cli/src/executions/execution-data/__tests__/fs-store.integration.test.ts:204
		await fs.writeFile(badPath, 'invalid json{{{', 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b4095c40dd3284b4 Filesystem access.
repo/packages/cli/src/executions/execution-data/fs-store.ts:43
			await fs.writeFile(tempPath, serialized, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8b023c88d835277e Filesystem access.
repo/packages/cli/src/executions/execution-data/fs-store.ts:61
			content = await fs.readFile(bundlePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #edf94255036135db Filesystem access.
repo/packages/cli/src/load-nodes-and-credentials.ts:7
import fsPromises from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f960067521b4c39f Environment-variable access.
repo/packages/cli/src/load-nodes-and-credentials.ts:76
		process.env.NODE_PATH = [module.paths.join(delimiter), process.env.NODE_PATH]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8e51d6dfad45e778 Environment-variable access.
repo/packages/cli/src/load-nodes-and-credentials.ts:89
		if (process.env.N8N_ENV_FEAT_DYNAMIC_CREDENTIALS !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ce7362e1d52c509e Environment-variable access.
repo/packages/cli/src/load-nodes-and-credentials.ts:281
		if (process.env[CUSTOM_EXTENSION_ENV] !== undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #51dba684a956171e Environment-variable access.
repo/packages/cli/src/load-nodes-and-credentials.ts:282
			const customExtensionFolders = process.env[CUSTOM_EXTENSION_ENV].split(';');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9708f7277a32c220 Environment-variable access.
repo/packages/cli/src/load-nodes-and-credentials.ts:366
		return process.env.N8N_ENV_FEAT_DYNAMIC_CREDENTIALS === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #37ae868223a58599 Filesystem access.
repo/packages/cli/src/metrics/prometheus/pss-metrics.service.ts:29
					const content = readFileSync('/proc/self/smaps_rollup', 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c7bbec96595ab46a Filesystem access.
repo/packages/cli/src/metrics/prometheus/pss-metrics.service.ts:43
			readFileSync('/proc/self/smaps_rollup', 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #caf6ac856ca9bec7 Filesystem access.
repo/packages/cli/src/modules/agents/__tests__/agent-knowledge.service.test.ts:174
		await writeFile(textFilePath, 'hello world');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #54b1619631f6374a Filesystem access.
repo/packages/cli/src/modules/agents/__tests__/agent-knowledge.service.test.ts:175
		await writeFile(pdfFilePath, '%PDF-1.4');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #294c6e1cfb0afd9d Filesystem access.
repo/packages/cli/src/modules/agents/__tests__/agent-knowledge.service.test.ts:252
		await writeFile(firstPath, 'hello');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b06b507fbee6503f Filesystem access.
repo/packages/cli/src/modules/agents/__tests__/agent-knowledge.service.test.ts:253
		await writeFile(secondPath, 'world');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1195499fb9a13a23 Filesystem access.
repo/packages/cli/src/modules/agents/__tests__/agent-knowledge.service.test.ts:287
		await writeFile(filePath, 'hello');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f9c7f97d39026594 Filesystem access.
repo/packages/cli/src/modules/agents/__tests__/agent-knowledge.service.test.ts:331
		await writeFile(tempFilePath, 'x');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fc7b87cb8cd89c8b Filesystem access.
repo/packages/cli/src/modules/agents/__tests__/agent-knowledge.service.test.ts:512
		await writeFile(tempFilePath, 'hello world');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #22feceff10ea35c0 Filesystem access.
repo/packages/cli/src/modules/agents/__tests__/agent-secure-runtime.test.ts:2
import { existsSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #18cc56cf55a7d8b7 Environment-variable access.
repo/packages/cli/src/modules/agents/builder/__tests__/agents-builder-settings.service.test.ts:23
	for (const key of ENV_KEYS) delete process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d1c4626810046f9e Environment-variable access.
repo/packages/cli/src/modules/agents/builder/__tests__/agents-builder-settings.service.test.ts:114
			process.env.N8N_AI_ANTHROPIC_KEY = 'sk-env';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c808966be1708fe6 Environment-variable access.
repo/packages/cli/src/modules/agents/builder/__tests__/agents-builder-settings.service.test.ts:224
			process.env.N8N_AI_ANTHROPIC_KEY = 'sk-env';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6982a589a17226ba Environment-variable access.
repo/packages/cli/src/modules/agents/builder/__tests__/agents-builder-settings.service.test.ts:244
			process.env.N8N_AI_ANTHROPIC_KEY = 'sk-env';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4094cda41ed26adc Environment-variable access.
repo/packages/cli/src/modules/agents/builder/__tests__/agents-builder-settings.service.test.ts:293
			process.env.N8N_AI_ANTHROPIC_KEY = 'sk-env';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #051ee86b5fde59bd Environment-variable access.
repo/packages/cli/src/modules/agents/builder/__tests__/agents-builder-settings.service.test.ts:301
			process.env.ANTHROPIC_API_KEY = 'sk-env';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ec54de30c26e11d6 Environment-variable access.
repo/packages/cli/src/modules/agents/builder/agents-builder-settings.service.ts:40
	const key = process.env.N8N_AI_ANTHROPIC_KEY ?? process.env.ANTHROPIC_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #529125c867868400 Filesystem access.
repo/packages/cli/src/modules/agents/integrations/__tests__/channel-integration-contract.test.ts:1
import { readFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ee8dd5097e1134cf Filesystem access.
repo/packages/cli/src/modules/agents/integrations/__tests__/channel-integration-contract.test.ts:16
	readFileSync(join(__dirname, 'fixtures/slack/basic.json'), 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a78a9e2cc10694d7 Filesystem access.
repo/packages/cli/src/modules/agents/integrations/__tests__/channel-integration-contract.test.ts:19
	readFileSync(join(__dirname, 'fixtures/telegram/basic.json'), 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #841de64373a6408a Filesystem access.
repo/packages/cli/src/modules/agents/integrations/__tests__/channel-integration-recorder.test.ts:1
import { mkdtemp, rm, writeFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only #54cc50e9ba472df3 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/modules/agents/integrations/__tests__/channel-integration-recorder.test.ts:76
			await fetch('https://api.telegram.org/bot123456:secret/sendMessage', {
				method: 'POST',
				headers: requestHeaders,
				body: '{}',
			});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only #20f814ab991e3c29 Filesystem access.
repo/packages/cli/src/modules/agents/integrations/__tests__/channel-integration-recorder.test.ts:136
		await writeFile(filePath, 'x', 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8e6aa42dcc5cc176 Filesystem access.
repo/packages/cli/src/modules/agents/integrations/platforms/__tests__/linear/recorded-integration.test.ts:1
import { readFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #268c8a167f81afed Filesystem access.
repo/packages/cli/src/modules/agents/integrations/platforms/__tests__/linear/recorded-integration.test.ts:13
	readFileSync(join(__dirname, '../../../__tests__/fixtures/linear/recorded-session.json'), 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7727c77214ad5b8e Filesystem access.
repo/packages/cli/src/modules/agents/integrations/platforms/__tests__/slack/recorded-integration.test.ts:1
import { readFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b4b39bfa4b8fbddf Filesystem access.
repo/packages/cli/src/modules/agents/integrations/platforms/__tests__/slack/recorded-integration.test.ts:12
	readFileSync(join(__dirname, '../../../__tests__/fixtures/slack/recorded-session.json'), 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #176d06a12d408542 Filesystem access.
repo/packages/cli/src/modules/agents/integrations/platforms/__tests__/telegram/recorded-integration.test.ts:1
import { readFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #667810bde645f9b4 Filesystem access.
repo/packages/cli/src/modules/agents/integrations/platforms/__tests__/telegram/recorded-integration.test.ts:25
	readFileSync(join(__dirname, '../../../__tests__/fixtures/telegram/basic.json'), 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1d1af22ef31b45ef Filesystem access.
repo/packages/cli/src/modules/agents/integrations/platforms/__tests__/telegram/recorded-integration.test.ts:28
	readFileSync(
		join(__dirname, '../../../__tests__/fixtures/telegram/recorded-session.json'),
		'utf8',
	),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d53c1aa5c68c4a26 Filesystem access.
repo/packages/cli/src/modules/agents/integrations/recording/channel-integration-recorder.ts:1
import { mkdir, readFile, readdir, rm } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #34e96d26c3f6a4ba Environment-variable access.
repo/packages/cli/src/modules/agents/integrations/recording/channel-integration-recorder.ts:161
	const ref = process.env.N8N_AGENT_INTEGRATION_RECORDING_REF ?? 'local';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #29f668d5d9e144d6 Environment-variable access.
repo/packages/cli/src/modules/agents/integrations/recording/channel-integration-recorder.ts:247
			options.enabled ?? process.env.N8N_AGENT_INTEGRATION_RECORDING_ENABLED === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #31ee910982860494 Environment-variable access.
repo/packages/cli/src/modules/agents/integrations/recording/channel-integration-recorder.ts:250
				process.env.N8N_AGENT_INTEGRATION_RECORDING_SESSION_ID ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a53f092278331c30 Environment-variable access.
repo/packages/cli/src/modules/agents/integrations/recording/channel-integration-recorder.ts:255
			process.env.N8N_AGENT_INTEGRATION_RECORDING_DIR ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c659349a9cd72432 Filesystem access.
repo/packages/cli/src/modules/agents/integrations/recording/channel-integration-recorder.ts:385
					const contents = await readFile(join(this.recordingDir, file), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #68eb78c0cb049ee4 Filesystem access.
repo/packages/cli/src/modules/agents/integrations/recording/channel-integration-recorder.ts:398
		const contents = await readFile(filePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #40991715ea207294 Filesystem access.
repo/packages/cli/src/modules/agents/runtime/agent-secure-runtime.ts:4
import { readFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #396e7a304270161f Filesystem access.
repo/packages/cli/src/modules/agents/runtime/agent-secure-runtime.ts:139
			this.libraryBundle = readFileSync(LIBRARY_BUNDLE_PATH, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #95e2938b5af2afb9 Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v2/__tests__/dotenv-upgrade.rule.test.ts:33
			delete process.env.DOTENV_CONFIG_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #792552436536e93e Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v2/__tests__/oauth-callback-auth.rule.test.ts:18
			delete process.env.N8N_SKIP_AUTH_ON_OAUTH_CALLBACK;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b5580109672744b4 Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v2/__tests__/oauth-callback-auth.rule.test.ts:30
				process.env.N8N_SKIP_AUTH_ON_OAUTH_CALLBACK = value;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ce1b4d8e807b232e Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v2/__tests__/process-env-access.rule.test.ts:49
			const originalValue = process.env.N8N_BLOCK_ENV_ACCESS_IN_NODE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7bc5bad13670457e Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v2/__tests__/process-env-access.rule.test.ts:51
				process.env.N8N_BLOCK_ENV_ACCESS_IN_NODE = 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6fd1bb1dbc6f4fed Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v2/__tests__/process-env-access.rule.test.ts:67
					delete process.env.N8N_BLOCK_ENV_ACCESS_IN_NODE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #24405d84f3cb9a42 Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v2/__tests__/process-env-access.rule.test.ts:69
					process.env.N8N_BLOCK_ENV_ACCESS_IN_NODE = originalValue;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0502ecd461704a3d Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v2/__tests__/queue-worker-max-stalled-count.rule.test.ts:12
			delete process.env.QUEUE_WORKER_MAX_STALLED_COUNT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2fd99c062aade597 Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v2/__tests__/queue-worker-max-stalled-count.rule.test.ts:21
			process.env.QUEUE_WORKER_MAX_STALLED_COUNT = '10';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5351a0972249671a Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v2/__tests__/settings-file-permissions.rule.test.ts:15
		originalEnvValue = process.env.N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2091354ea05de8c7 Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v2/__tests__/settings-file-permissions.rule.test.ts:17
		delete process.env.N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #02de475a99e5935e Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v2/__tests__/settings-file-permissions.rule.test.ts:22
			delete process.env.N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #90136237b0f29fcf Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v2/__tests__/settings-file-permissions.rule.test.ts:24
			process.env.N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS = originalEnvValue;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bb56cffb349aa622 Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v2/__tests__/settings-file-permissions.rule.test.ts:43
			process.env.N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS = 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #65eef12fa5554336 Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v2/__tests__/settings-file-permissions.rule.test.ts:53
			process.env.N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c822feb5a73cbce0 Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v2/disabled-nodes.rule.ts:56
		if (process.env.NODES_EXCLUDE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #825c1503c6f6d006 Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v2/oauth-callback-auth.rule.ts:30
		if (process.env.N8N_SKIP_AUTH_ON_OAUTH_CALLBACK) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #97f93bedda5842c8 Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v2/process-env-access.rule.ts:34
		if (process.env.N8N_BLOCK_ENV_ACCESS_IN_NODE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #60368aa837db8271 Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v2/queue-worker-max-stalled-count.rule.ts:36
		if (!process.env.QUEUE_WORKER_MAX_STALLED_COUNT) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4fd40738023759f7 Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v2/settings-file-permissions.rule.ts:42
		if (process.env.N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #50a38fc132ce5dfe Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v3/__tests__/compression-node-limits.rule.test.ts:9
		delete process.env.N8N_COMPRESSION_NODE_MAX_DECOMPRESSED_SIZE_BYTES;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0de7af9e62f46994 Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v3/__tests__/compression-node-limits.rule.test.ts:10
		delete process.env.N8N_COMPRESSION_NODE_MAX_ZIP_ENTRIES;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5deeac92f9470a27 Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v3/__tests__/compression-node-limits.rule.test.ts:28
			process.env.N8N_COMPRESSION_NODE_MAX_DECOMPRESSED_SIZE_BYTES = '2147483648';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #601a94597e0cef6c Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v3/__tests__/compression-node-limits.rule.test.ts:38
			process.env.N8N_COMPRESSION_NODE_MAX_ZIP_ENTRIES = '5000';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e79037a70766d86c Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v3/__tests__/compression-node-limits.rule.test.ts:48
			process.env.N8N_COMPRESSION_NODE_MAX_DECOMPRESSED_SIZE_BYTES = '2147483648';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2ee7a5b1648abe3b Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v3/__tests__/compression-node-limits.rule.test.ts:49
			process.env.N8N_COMPRESSION_NODE_MAX_ZIP_ENTRIES = '5000';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dbc5b3325809ec93 Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v3/__tests__/offload-manual-executions.rule.test.ts:13
		delete process.env.OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #aaa93f1701430776 Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v3/__tests__/offload-manual-executions.rule.test.ts:33
			process.env.OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a0f12c43f72b8bb2 Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v3/__tests__/offload-manual-executions.rule.test.ts:53
			process.env.OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS = 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ccee4f64e81b20fe Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v3/__tests__/task-runner-task-timeout.rule.test.ts:9
		delete process.env.N8N_RUNNERS_TASK_TIMEOUT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #36449fc54f7e0e80 Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v3/__tests__/task-runner-task-timeout.rule.test.ts:28
			process.env.N8N_RUNNERS_TASK_TIMEOUT = '300';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a4677d0805ff5084 Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v3/__tests__/unverified-packages.rule.test.ts:13
		delete process.env.N8N_UNVERIFIED_PACKAGES_ENABLED;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #246faf660331bc6a Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v3/__tests__/unverified-packages.rule.test.ts:33
			process.env.N8N_UNVERIFIED_PACKAGES_ENABLED = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #da4ba6f5d9802373 Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v3/__tests__/unverified-packages.rule.test.ts:41
			process.env.N8N_UNVERIFIED_PACKAGES_ENABLED = 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4ceb9449d456b3ca Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v3/compression-node-limits.rule.ts:28
		if (process.env.N8N_COMPRESSION_NODE_MAX_DECOMPRESSED_SIZE_BYTES === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b3653b60229814e2 Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v3/compression-node-limits.rule.ts:37
		if (process.env.N8N_COMPRESSION_NODE_MAX_ZIP_ENTRIES === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d7507f2a196343a3 Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v3/offload-manual-executions.rule.ts:31
			process.env.OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS !== 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ab42400e3f300aff Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v3/task-runner-task-timeout.rule.ts:26
		if (process.env.N8N_RUNNERS_TASK_TIMEOUT !== undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #078d2c9587d46a9d Environment-variable access.
repo/packages/cli/src/modules/breaking-changes/rules/v3/unverified-packages.rule.ts:31
			process.env.N8N_UNVERIFIED_PACKAGES_ENABLED === undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bda3fd8945bf8035 Filesystem access.
repo/packages/cli/src/modules/chat-hub/chat-hub-agent.service.ts:12
import { readFile, unlink } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f3d0a02da30b7822 Filesystem access.
repo/packages/cli/src/modules/chat-hub/chat-hub-agent.service.ts:449
			const buffer = file.buffer ?? (await readFile(file.path));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7fdd018ecd9909e1 Environment-variable access.
repo/packages/cli/src/modules/chat-hub/chat-hub-workflow.service.ts:101
		if (process.env.N8N_SKIP_CHAT_WORKFLOW_CLEANUP !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e8b48c86ab63a4bf Environment-variable access.
repo/packages/cli/src/modules/community-packages/__tests__/community-node-types.service.test.ts:29
		delete process.env.ENVIRONMENT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #02cf1f3c01c943e9 Environment-variable access.
repo/packages/cli/src/modules/community-packages/__tests__/community-node-types.service.test.ts:52
			process.env.ENVIRONMENT = 'staging';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b1df58dda4bec698 Environment-variable access.
repo/packages/cli/src/modules/community-packages/__tests__/community-node-types.service.test.ts:64
			process.env.ENVIRONMENT = 'production';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #af329e143e5b1212 Environment-variable access.
repo/packages/cli/src/modules/community-packages/__tests__/community-node-types.service.test.ts:70
			process.env.ENVIRONMENT = 'staging';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4efddcd9af18e3b8 Environment-variable access.
repo/packages/cli/src/modules/community-packages/__tests__/community-packages.config.test.ts:22
		process.env.N8N_DISABLED_MODULES = 'community-packages';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6f432f945ccf0d5a Environment-variable access.
repo/packages/cli/src/modules/community-packages/__tests__/community-packages.config.test.ts:28
		process.env.N8N_DISABLED_MODULES = 'insights,community-packages,mcp';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cbfb7cdc287a026e Environment-variable access.
repo/packages/cli/src/modules/community-packages/__tests__/community-packages.config.test.ts:34
		process.env.N8N_DISABLED_MODULES = 'insights,mcp';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6cc2ca189cdcd5c7 Environment-variable access.
repo/packages/cli/src/modules/community-packages/__tests__/community-packages.config.test.ts:40
		process.env.N8N_COMMUNITY_PACKAGES_ENABLED = 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0debda1e1a5d5e47 Environment-variable access.
repo/packages/cli/src/modules/community-packages/__tests__/community-packages.service.test.ts:1100
			const originalEnv = process.env.ENVIRONMENT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #db414f597c0ffb7b Environment-variable access.
repo/packages/cli/src/modules/community-packages/__tests__/community-packages.service.test.ts:1108
			process.env.ENVIRONMENT = 'staging';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #be13922409519cd8 Environment-variable access.
repo/packages/cli/src/modules/community-packages/__tests__/community-packages.service.test.ts:1124
					delete process.env.ENVIRONMENT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5f8eb79d940b68cd Environment-variable access.
repo/packages/cli/src/modules/community-packages/__tests__/community-packages.service.test.ts:1126
					process.env.ENVIRONMENT = originalEnv;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5d1a70e6b147af9a Environment-variable access.
repo/packages/cli/src/modules/community-packages/community-node-types.service.ts:128
		const environment = process.env.ENVIRONMENT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0b1b9ae174d306e7 Filesystem access.
repo/packages/cli/src/modules/community-packages/community-packages.service.ts:269
			await writeFile(this.packageJsonPath, JSON.stringify(packageJson, null, 2), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b5f9f7ba9144a57f Environment-variable access.
repo/packages/cli/src/modules/community-packages/community-packages.service.ts:298
			const environment = process.env.ENVIRONMENT === 'staging' ? 'staging' : 'production';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6345f72f94fcd6d4 Filesystem access.
repo/packages/cli/src/modules/community-packages/community-packages.service.ts:649
			const packageJsonContent = await readFile(packageJsonPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #842bf9832e527295 Filesystem access.
repo/packages/cli/src/modules/community-packages/community-packages.service.ts:662
			await writeFile(packageJsonPath, JSON.stringify(packageJson, null, 2), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2006f3af7c044c31 Filesystem access.
repo/packages/cli/src/modules/community-packages/community-packages.service.ts:704
		const existingContent = await readFile(this.packageJsonPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bc6af2f6b2dcd3fa Filesystem access.
repo/packages/cli/src/modules/community-packages/community-packages.service.ts:707
		await writeFile(this.packageJsonPath, JSON.stringify(packageJson, null, 2), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #242aa4303d5e660a Filesystem access.
repo/packages/cli/src/modules/data-table/__tests__/csv-parser.service.test.ts:3
import { mkdtempSync, writeFileSync, rmSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a4fe7f1f99e2f341 Filesystem access.
repo/packages/cli/src/modules/data-table/__tests__/csv-parser.service.test.ts:31
		writeFileSync(join(tempDir, filename), content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #98a68944d9d07720 Filesystem access.
repo/packages/cli/src/modules/data-table/__tests__/data-table-file-cleanup.service.test.ts:2
import { promises as fs } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6de6051007451b7a Filesystem access.
repo/packages/cli/src/modules/data-table/__tests__/multer-upload-middleware.test.ts:5
import * as fsPromises from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9eaec70d3f0bff78 Filesystem access.
repo/packages/cli/src/modules/data-table/csv-parser.service.ts:5
import { createReadStream } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0d678b83032a61c0 Filesystem access.
repo/packages/cli/src/modules/data-table/data-table-file-cleanup.service.ts:4
import { promises as fs } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c58fda37bf52bd72 Filesystem access.
repo/packages/cli/src/modules/data-table/multer-upload-middleware.ts:6
import { mkdir, readdir, stat, unlink } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b6c46e02c3c5c1c0 Environment-variable access.
repo/packages/cli/src/modules/dynamic-credentials.ee/__tests__/dynamic-credentials-cors.integration.test.ts:18
process.env.N8N_ENV_FEAT_DYNAMIC_CREDENTIALS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a5a950e7739bac1b Environment-variable access.
repo/packages/cli/src/modules/dynamic-credentials.ee/__tests__/dynamic-credentials-rate-limit.integration.test.ts:27
process.env.N8N_ENV_FEAT_DYNAMIC_CREDENTIALS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b5cfe4eefc14fff0 Environment-variable access.
repo/packages/cli/src/modules/dynamic-credentials.ee/dynamic-credentials.module.ts:13
	return process.env.N8N_ENV_FEAT_DYNAMIC_CREDENTIALS === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #689adbcd9906f7d8 Environment-variable access.
repo/packages/cli/src/modules/encryption-key-manager/encryption-key-manager.module.ts:7
	return process.env.N8N_ENV_FEAT_ENCRYPTION_KEY_ROTATION === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #36459388411c61d5 Environment-variable access.
repo/packages/cli/src/modules/instance-ai/__tests__/instance-ai-test.controller.test.ts:75
			delete process.env.E2E_TESTS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ce84b5eaad7071a7 Environment-variable access.
repo/packages/cli/src/modules/instance-ai/__tests__/instance-ai-test.controller.test.ts:82
			process.env.NODE_ENV = 'production';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fbbb5b6f75540116 Environment-variable access.
repo/packages/cli/src/modules/instance-ai/__tests__/instance-ai-test.controller.test.ts:103
			delete process.env.E2E_TESTS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6da27f15c3ebe8b9 Environment-variable access.
repo/packages/cli/src/modules/instance-ai/__tests__/instance-ai-test.controller.test.ts:131
			delete process.env.E2E_TESTS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #beae1f4f7fa61178 Environment-variable access.
repo/packages/cli/src/modules/instance-ai/__tests__/instance-ai-test.controller.test.ts:149
			delete process.env.E2E_TESTS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fd7a052588eb4f39 Environment-variable access.
repo/packages/cli/src/modules/instance-ai/__tests__/instance-ai-test.controller.test.ts:223
			delete process.env.E2E_TESTS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a4b614836f219e8c Environment-variable access.
repo/packages/cli/src/modules/instance-ai/__tests__/instance-ai.adapter.service.test.ts:3150
		const original = process.env.OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ffa6963b6578a438 Environment-variable access.
repo/packages/cli/src/modules/instance-ai/__tests__/instance-ai.adapter.service.test.ts:3151
		process.env.OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9a905a93cc91207f Environment-variable access.
repo/packages/cli/src/modules/instance-ai/__tests__/instance-ai.adapter.service.test.ts:3181
			if (original === undefined) delete process.env.OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d9c331f3cab49e86 Environment-variable access.
repo/packages/cli/src/modules/instance-ai/__tests__/instance-ai.adapter.service.test.ts:3182
			else process.env.OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS = original;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9566c30719f3d48b Filesystem access.
repo/packages/cli/src/modules/instance-ai/__tests__/node-definition-resolver.test.ts:14
		writeFileSync(join(setDir, 'mode_manual.ts'), '// manual mode def');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0ebe8f576e9b7551 Filesystem access.
repo/packages/cli/src/modules/instance-ai/__tests__/node-definition-resolver.test.ts:15
		writeFileSync(join(setDir, 'mode_raw.ts'), '// raw mode def');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a6951121272586aa Filesystem access.
repo/packages/cli/src/modules/instance-ai/__tests__/node-definition-resolver.test.ts:54
		writeFileSync(join(msgDir, 'operation_post.ts'), '// slack post def');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9e7cb950717b3a94 Filesystem access.
repo/packages/cli/src/modules/instance-ai/__tests__/node-definition-resolver.test.ts:55
		writeFileSync(join(msgDir, 'operation_update.ts'), '// slack update def');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f6b8cbd2c6ed564d Environment-variable access.
repo/packages/cli/src/modules/instance-ai/__tests__/trace-replay-state.test.ts:291
			delete process.env.E2E_TESTS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6dd5f79b4d41ee83 Environment-variable access.
repo/packages/cli/src/modules/instance-ai/__tests__/trace-replay-state.test.ts:301
			process.env.E2E_TESTS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #455a18ed1117a303 Environment-variable access.
repo/packages/cli/src/modules/instance-ai/__tests__/trace-replay-state.test.ts:314
			process.env.E2E_TESTS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a683f3eadaec8c45 Environment-variable access.
repo/packages/cli/src/modules/instance-ai/__tests__/trace-replay-state.test.ts:326
			process.env.E2E_TESTS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #71fda7b0cdfaf938 Environment-variable access.
repo/packages/cli/src/modules/instance-ai/__tests__/trace-replay-state.test.ts:338
			process.env.E2E_TESTS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5a916eccfa3c7399 Environment-variable access.
repo/packages/cli/src/modules/instance-ai/__tests__/trace-replay-state.test.ts:350
			process.env.E2E_TESTS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4d5878015a118c2b Environment-variable access.
repo/packages/cli/src/modules/instance-ai/__tests__/trace-replay-state.test.ts:365
			process.env.E2E_TESTS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #35b4b5003b7ef72a Environment-variable access.
repo/packages/cli/src/modules/instance-ai/__tests__/trace-replay-state.test.ts:379
			process.env.E2E_TESTS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4b23aeb2d260c668 Environment-variable access.
repo/packages/cli/src/modules/instance-ai/__tests__/trace-replay-state.test.ts:397
			process.env.E2E_TESTS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #82982ddb0e193660 Environment-variable access.
repo/packages/cli/src/modules/instance-ai/eval/__tests__/api-docs.test.ts:44
	savedApiKey = process.env.CONTEXT7_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9bb6e7205df0b8dc Environment-variable access.
repo/packages/cli/src/modules/instance-ai/eval/__tests__/api-docs.test.ts:45
	delete process.env.CONTEXT7_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fd4e036af84ff523 Environment-variable access.
repo/packages/cli/src/modules/instance-ai/eval/__tests__/api-docs.test.ts:50
		process.env.CONTEXT7_API_KEY = savedApiKey;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #00d2816391a0ccb6 Environment-variable access.
repo/packages/cli/src/modules/instance-ai/eval/__tests__/api-docs.test.ts:52
		delete process.env.CONTEXT7_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #292de3ea688dd7fa Environment-variable access.
repo/packages/cli/src/modules/instance-ai/eval/__tests__/api-docs.test.ts:225
		process.env.CONTEXT7_API_KEY = 'test-api-key-123';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #93817c1bd1428a58 Environment-variable access.
repo/packages/cli/src/modules/instance-ai/eval/__tests__/api-docs.test.ts:241
		delete process.env.CONTEXT7_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b36e3811be839dde Environment-variable access.
repo/packages/cli/src/modules/instance-ai/eval/__tests__/eval-timings.test.ts:8
	const original = process.env.N8N_INSTANCE_AI_EVAL_TIMING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ba61d32db6a96b4f Environment-variable access.
repo/packages/cli/src/modules/instance-ai/eval/__tests__/eval-timings.test.ts:11
		if (original === undefined) delete process.env.N8N_INSTANCE_AI_EVAL_TIMING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ffa6d06800e5907c Environment-variable access.
repo/packages/cli/src/modules/instance-ai/eval/__tests__/eval-timings.test.ts:12
		else process.env.N8N_INSTANCE_AI_EVAL_TIMING = original;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #62500893d668e2d1 Environment-variable access.
repo/packages/cli/src/modules/instance-ai/eval/__tests__/eval-timings.test.ts:17
			delete process.env.N8N_INSTANCE_AI_EVAL_TIMING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8e42826a723a394f Environment-variable access.
repo/packages/cli/src/modules/instance-ai/eval/__tests__/eval-timings.test.ts:33
			process.env.N8N_INSTANCE_AI_EVAL_TIMING = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ae68047f10011593 Environment-variable access.
repo/packages/cli/src/modules/instance-ai/eval/api-docs.ts:28
		const apiKey = process.env.CONTEXT7_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7f99ac5dc277b837 Environment-variable access.
repo/packages/cli/src/modules/instance-ai/eval/api-docs.ts:76
		const apiKey = process.env.CONTEXT7_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9f27ba86ec50751a Environment-variable access.
repo/packages/cli/src/modules/instance-ai/eval/eval-timings.ts:23
	readonly enabled = process.env.N8N_INSTANCE_AI_EVAL_TIMING === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fd257821858b7091 Environment-variable access.
repo/packages/cli/src/modules/instance-ai/eval/eval-timings.ts:56
			process.env.N8N_INSTANCE_AI_EVAL_MODEL ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a34c5de74c358dff Environment-variable access.
repo/packages/cli/src/modules/instance-ai/eval/eval-timings.ts:57
			process.env.N8N_INSTANCE_AI_MODEL ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9d65ab676c23531b Filesystem access.
repo/packages/cli/src/modules/instance-ai/eval/pin-data-generator.ts:15
import { existsSync, readFileSync, readdirSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #019f50e631f9572c Filesystem access.
repo/packages/cli/src/modules/instance-ai/eval/pin-data-generator.ts:129
							const content = readFileSync(join(entryPath, nodeFile), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #127a3170acc08670 Filesystem access.
repo/packages/cli/src/modules/instance-ai/eval/pin-data-generator.ts:204
				return JSON.parse(readFileSync(schemaFile, 'utf-8')) as Record<string, unknown>;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #31b91185a3041b38 Environment-variable access.
repo/packages/cli/src/modules/instance-ai/instance-ai-model.service.ts:124
		const hasHttpProxy = Boolean(process.env.HTTPS_PROXY || process.env.HTTP_PROXY);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #83ddeb43be2efb86 Environment-variable access.
repo/packages/cli/src/modules/instance-ai/instance-ai-test.controller.ts:117
		if (process.env.E2E_TESTS !== 'true' || process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0160e28c23c3998e Filesystem access.
repo/packages/cli/src/modules/instance-ai/instance-ai.adapter.service.ts:207
		const promise = readFile(filePath, 'utf-8').then((json) =>

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dcac469b77bd072b Environment-variable access.
repo/packages/cli/src/modules/instance-ai/instance-ai.adapter.service.ts:1051
					process.env.OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #62f69e91adb4105d Environment-variable access.
repo/packages/cli/src/modules/instance-ai/instance-ai.module.ts:29
		if (process.env.E2E_TESTS === 'true' && process.env.NODE_ENV !== 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #230e1d26969ed04e Environment-variable access.
repo/packages/cli/src/modules/instance-ai/instance-ai.service.ts:3071
			if (!tracing && process.env.E2E_TESTS === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #00f2b37f00d7e53b Filesystem access.
repo/packages/cli/src/modules/instance-ai/node-definition-resolver.ts:375
${readFileSync(variant.filePath, 'utf-8')}`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8a80f49ac951c7b1 Filesystem access.
repo/packages/cli/src/modules/instance-ai/node-definition-resolver.ts:382
		const content = readFileSync(filePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e7201bfc9ed9b674 Environment-variable access.
repo/packages/cli/src/modules/instance-ai/trace-replay-state.ts:154
		if (process.env.E2E_TESTS !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6e74f235dc78d5e2 Environment-variable access.
repo/packages/cli/src/modules/mcp-registry/__tests__/mcp-registry-test.controller.test.ts:66
			delete process.env.E2E_TESTS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e041f9e2887d483a Environment-variable access.
repo/packages/cli/src/modules/mcp-registry/__tests__/mcp-registry-test.controller.test.ts:72
			process.env.NODE_ENV = 'production';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #29fcdb53f389ea92 Environment-variable access.
repo/packages/cli/src/modules/mcp-registry/mcp-registry-test.controller.ts:39
		if (process.env.E2E_TESTS !== 'true' || process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0bd4e26c135b1c90 Environment-variable access.
repo/packages/cli/src/modules/mcp-registry/mcp-registry.module.ts:16
		if (process.env.E2E_TESTS === 'true' && process.env.NODE_ENV !== 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bb084f9e4faaf419 Environment-variable access.
repo/packages/cli/src/modules/mcp-registry/registry/__tests__/mcp-registry-api.client.test.ts:19
	const originalEnv = process.env.ENVIRONMENT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #267ec3a9cd6c96a8 Environment-variable access.
repo/packages/cli/src/modules/mcp-registry/registry/__tests__/mcp-registry-api.client.test.ts:20
	const originalDevUrl = process.env.N8N_MCP_SERVERS_DEV_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4f08974f77cfee41 Environment-variable access.
repo/packages/cli/src/modules/mcp-registry/registry/__tests__/mcp-registry-api.client.test.ts:24
		delete process.env.ENVIRONMENT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #800702748192b092 Environment-variable access.
repo/packages/cli/src/modules/mcp-registry/registry/__tests__/mcp-registry-api.client.test.ts:25
		delete process.env.N8N_MCP_SERVERS_DEV_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #70b4fa95f3521702 Environment-variable access.
repo/packages/cli/src/modules/mcp-registry/registry/__tests__/mcp-registry-api.client.test.ts:31
			process.env.ENVIRONMENT = originalEnv;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7ee538ba4b5b2a81 Environment-variable access.
repo/packages/cli/src/modules/mcp-registry/registry/__tests__/mcp-registry-api.client.test.ts:33
			delete process.env.ENVIRONMENT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d01ef520945b8270 Environment-variable access.
repo/packages/cli/src/modules/mcp-registry/registry/__tests__/mcp-registry-api.client.test.ts:36
			process.env.N8N_MCP_SERVERS_DEV_URL = originalDevUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1ec5185a1a265a80 Environment-variable access.
repo/packages/cli/src/modules/mcp-registry/registry/__tests__/mcp-registry-api.client.test.ts:38
			delete process.env.N8N_MCP_SERVERS_DEV_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #83b54066b19d4399 Environment-variable access.
repo/packages/cli/src/modules/mcp-registry/registry/__tests__/mcp-registry-api.client.test.ts:56
			process.env.ENVIRONMENT = 'staging';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a6dfc5fe32aecfe5 Environment-variable access.
repo/packages/cli/src/modules/mcp-registry/registry/__tests__/mcp-registry-api.client.test.ts:69
			process.env.ENVIRONMENT = 'production';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cd3ee434b7084554 Environment-variable access.
repo/packages/cli/src/modules/mcp-registry/registry/__tests__/mcp-registry-api.client.test.ts:82
			process.env.ENVIRONMENT = 'dev';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3835c8dfdaff16f5 Environment-variable access.
repo/packages/cli/src/modules/mcp-registry/registry/__tests__/mcp-registry-api.client.test.ts:95
			process.env.ENVIRONMENT = 'dev';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #37931bf7ec501a2c Environment-variable access.
repo/packages/cli/src/modules/mcp-registry/registry/__tests__/mcp-registry-api.client.test.ts:96
			process.env.N8N_MCP_SERVERS_DEV_URL = 'http://localhost:9999/api/mcp-servers';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3f267173a2d93d70 Environment-variable access.
repo/packages/cli/src/modules/mcp-registry/registry/__tests__/mcp-registry-api.client.test.ts:109
			process.env.N8N_MCP_SERVERS_DEV_URL = 'http://localhost:9999/api/mcp-servers';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #49bf9df6ad44108e Environment-variable access.
repo/packages/cli/src/modules/mcp-registry/registry/mcp-registry-api.client.ts:68
		switch (process.env.ENVIRONMENT) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bc58ecee5ae94978 Environment-variable access.
repo/packages/cli/src/modules/mcp-registry/registry/mcp-registry-api.client.ts:70
				return process.env.N8N_MCP_SERVERS_DEV_URL || MCP_SERVERS_DEV_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #59cfc1fce07743ba Environment-variable access.
repo/packages/cli/src/modules/mcp/__tests__/mcp.config.test.ts:11
		delete process.env.N8N_MCP_SERVER_RATE_LIMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bfe9cb5f3bbd4198 Environment-variable access.
repo/packages/cli/src/modules/mcp/__tests__/mcp.config.test.ts:21
		process.env.N8N_MCP_SERVER_RATE_LIMIT = '500';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #07c8338cbe960ab2 Environment-variable access.
repo/packages/cli/src/modules/mcp/__tests__/mcp.config.test.ts:29
		process.env.N8N_MCP_SERVER_RATE_LIMIT = '0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #945b06cbd3fdae28 Environment-variable access.
repo/packages/cli/src/modules/mcp/__tests__/mcp.config.test.ts:39
			process.env.N8N_MCP_SERVER_RATE_LIMIT = value;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ad4d0dc3a0d6a2dc Environment-variable access.
repo/packages/cli/src/modules/mcp/__tests__/mcp.settings.controller.test.ts:453
			const originalEnv = process.env.NODE_ENV;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f5e404c09a8279bc Environment-variable access.
repo/packages/cli/src/modules/mcp/__tests__/mcp.settings.controller.test.ts:454
			process.env.NODE_ENV = 'production';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a4368f24ebcde6ad Environment-variable access.
repo/packages/cli/src/modules/mcp/__tests__/mcp.settings.controller.test.ts:461
				process.env.NODE_ENV = originalEnv;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #65ecc18bcac4c365 Environment-variable access.
repo/packages/cli/src/modules/mcp/__tests__/mcp.settings.controller.test.ts:466
			const originalEnv = process.env.NODE_ENV;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5cea0804a3578725 Environment-variable access.
repo/packages/cli/src/modules/mcp/__tests__/mcp.settings.controller.test.ts:467
			process.env.NODE_ENV = 'production';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #397f976125f6a00c Environment-variable access.
repo/packages/cli/src/modules/mcp/__tests__/mcp.settings.controller.test.ts:479
				process.env.NODE_ENV = originalEnv;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2cb1c1abf40b84b7 Environment-variable access.
repo/packages/cli/src/modules/mcp/__tests__/mcp.settings.controller.test.ts:484
			const originalEnv = process.env.NODE_ENV;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2249381578009609 Environment-variable access.
repo/packages/cli/src/modules/mcp/__tests__/mcp.settings.controller.test.ts:485
			process.env.NODE_ENV = 'production';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #45ea4c1d52f0da05 Environment-variable access.
repo/packages/cli/src/modules/mcp/__tests__/mcp.settings.controller.test.ts:494
				process.env.NODE_ENV = originalEnv;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #01234d335538d8ef Environment-variable access.
repo/packages/cli/src/modules/mcp/dto/update-allowed-redirect-uris.dto.ts:22
		const requiresHttps = process.env.NODE_ENV !== 'development' && !isLocalhost(hostname);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d32e516de8a485f4 Filesystem access.
repo/packages/cli/src/modules/n8n-packages/__tests__/fixtures/package-fixtures.ts:143
	writer.writeFile('manifest.json', JSON.stringify(manifest));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6d6c3ec3e1fc3fd8 Filesystem access.
repo/packages/cli/src/modules/n8n-packages/__tests__/fixtures/package-fixtures.ts:146
		writer.writeFile(`workflows/wf-${idx}/workflow.json`, JSON.stringify(wf));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6bb5d5c3f3cc7f5a Filesystem access.
repo/packages/cli/src/modules/n8n-packages/__tests__/import-pipeline.integration.test.ts:1008
		writer.writeFile(
			'manifest.json',
			JSON.stringify({
				packageFormatVersion: '99',
				exportedAt: new Date().toISOString(),
				sourceN8nVersion: '1.0.0',
				sourceId: 'bad-manifest',
			}),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9e625c6449246b7c Filesystem access.
repo/packages/cli/src/modules/n8n-packages/__tests__/import-pipeline.integration.test.ts:1073
		writer.writeFile(
			'manifest.json',
			JSON.stringify({
				packageFormatVersion: '99',
				exportedAt: new Date().toISOString(),
				sourceN8nVersion: '1.0.0',
				sourceId: 'integration-test-source',
				workflows: [{ id: 'wf-x', name: 'X', target: 'workflows/wf-x' }],
			}),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #71a7b0fb26cb21ca Filesystem access.
repo/packages/cli/src/modules/n8n-packages/__tests__/import-pipeline.integration.test.ts:1084
		writer.writeFile(
			'workflows/wf-x/workflow.json',
			JSON.stringify(serializedWorkflow({ id: 'wf-x', name: 'X' })),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d687110f96d74d27 Filesystem access.
repo/packages/cli/src/modules/n8n-packages/__tests__/import-pipeline.integration.test.ts:1100
		writer.writeFile(
			'manifest.json',
			JSON.stringify({
				packageFormatVersion: FORMAT_VERSION,
				exportedAt: new Date().toISOString(),
				sourceN8nVersion: '1.0.0',
				sourceId: 'integration-test-source',
				workflows: [{ id: 'wf-missing', name: 'Missing', target: 'workflows/nowhere-to-be-found' }],
			}),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #21a72330d96efd4f Filesystem access.
repo/packages/cli/src/modules/n8n-packages/engine/n8n-package-parser.ts:55
			content = await reader.readFile(path);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a539bd0937dd8395 Filesystem access.
repo/packages/cli/src/modules/n8n-packages/entities/credential/credential.exporter.ts:74
				request.writer.writeFile(
					`${target}/credential.json`,
					JSON.stringify(this.credentialSerializer.serialize(credential), null, '\t'),
				);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ca4333c159a50de3 Filesystem access.
repo/packages/cli/src/modules/n8n-packages/entities/folder/folder.exporter.ts:168
		writer.writeFile(`${target}/folder.json`, JSON.stringify(serialized, null, '\t'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1f8f1efdace78d2e Filesystem access.
repo/packages/cli/src/modules/n8n-packages/entities/project/project.exporter.ts:91
		writer.writeFile(`${target}/project.json`, JSON.stringify(serialized, null, '\t'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b8d8159798b13647 Filesystem access.
repo/packages/cli/src/modules/n8n-packages/entities/workflow/workflow.exporter.ts:64
			request.writer.writeFile(`${target}/workflow.json`, JSON.stringify(serialized, null, '\t'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0590322ff59c884b Filesystem access.
repo/packages/cli/src/modules/n8n-packages/io/__tests__/tar-package-reader.test.ts:38
				writer.writeFile('manifest.json', JSON.stringify(manifest));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e0a23e6a750bc3c0 Filesystem access.
repo/packages/cli/src/modules/n8n-packages/io/__tests__/tar-package-reader.test.ts:40
				writer.writeFile('workflows/my-workflow-abc/workflow.json', workflowJson);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c3c554578e726c80 Filesystem access.
repo/packages/cli/src/modules/n8n-packages/io/__tests__/tar-package-reader.test.ts:46
			await expect(reader.readFile('workflows/my-workflow-abc/workflow.json')).resolves.toEqual(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f298247a52415ddf Filesystem access.
repo/packages/cli/src/modules/n8n-packages/io/__tests__/tar-package-reader.test.ts:53
				writer.writeFile('manifest.json', '{"packageFormatVersion":"1"}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f7dbb3e3a32e3ac8 Filesystem access.
repo/packages/cli/src/modules/n8n-packages/io/__tests__/tar-package-reader.test.ts:55
				writer.writeFile('workflows/a/workflow.json', '{}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f2e2987748711ba3 Filesystem access.
repo/packages/cli/src/modules/n8n-packages/io/__tests__/tar-package-reader.test.ts:57
				writer.writeFile('workflows/b/workflow.json', '{}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5a153ea40ce719ac Filesystem access.
repo/packages/cli/src/modules/n8n-packages/io/__tests__/tar-package-reader.test.ts:83
				writer.writeFile('manifest.json', '{not-json');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a192a697794750d4 Filesystem access.
repo/packages/cli/src/modules/n8n-packages/io/__tests__/tar-package-reader.test.ts:208
				writer.writeFile('manifest.json', '{"packageFormatVersion":"1"}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ec4a7cbfb5044c4e Filesystem access.
repo/packages/cli/src/modules/n8n-packages/io/__tests__/tar-package-reader.test.ts:209
				writer.writeFile('oversized.bin', 'x'.repeat(500));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e225115880b18259 Filesystem access.
repo/packages/cli/src/modules/n8n-packages/io/__tests__/tar-package-reader.test.ts:224
				writer.writeFile('manifest.json', '{"packageFormatVersion":"1"}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bb4d107e8db10161 Filesystem access.
repo/packages/cli/src/modules/n8n-packages/io/__tests__/tar-package-reader.test.ts:225
				writer.writeFile('oversized.bin', 'x'.repeat(500));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1d9b3f94e810fbf4 Filesystem access.
repo/packages/cli/src/modules/n8n-packages/io/__tests__/tar-package-reader.test.ts:239
				writer.writeFile('manifest.json', '{"packageFormatVersion":"1"}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d057340bf2fa65a4 Filesystem access.
repo/packages/cli/src/modules/n8n-packages/io/__tests__/tar-package-reader.test.ts:241
					writer.writeFile(`workflows/wf-${i}/workflow.json`, '{}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4c6738e44e743c09 Filesystem access.
repo/packages/cli/src/modules/n8n-packages/io/__tests__/tar-package-writer.test.ts:49
		writer.writeFile('workflows/wf-abc/workflow.json', '{"id":"abc"}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #aa0b45995b255a5d Filesystem access.
repo/packages/cli/src/modules/n8n-packages/io/__tests__/tar-package-writer.test.ts:50
		writer.writeFile('manifest.json', '{"packageFormatVersion":"1"}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #89ce6a0921c4a596 Filesystem access.
repo/packages/cli/src/modules/n8n-packages/io/__tests__/tar-package-writer.test.ts:62
			writer.writeFile('manifest.json', '{}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #35f08f2fdeca2301 Filesystem access.
repo/packages/cli/src/modules/n8n-packages/io/__tests__/tar-package-writer.test.ts:64
			writer.writeFile('workflows/x/workflow.json', '{"id":"x"}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a1b70e5c3c212591 Filesystem access.
repo/packages/cli/src/modules/n8n-packages/io/__tests__/tar-package-writer.test.ts:83
		writer.writeFile('manifest.json', '{}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b03a0f1e3f74aef4 Filesystem access.
repo/packages/cli/src/modules/n8n-packages/io/__tests__/tar-package-writer.test.ts:84
		writer.writeFile('./workflows/wf/workflow.json', '{}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee53d8acb6f61f8d Filesystem access.
repo/packages/cli/src/modules/n8n-packages/n8n-packages.service.ts:114
		writer.writeFile('manifest.json', JSON.stringify(manifest, null, '\t'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #64d5d81d3ca8403c Environment-variable access.
repo/packages/cli/src/modules/oauth-jwe/oauth-jwe.module.ts:9
	return process.env.N8N_ENV_FEAT_OAUTH2_JWE === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d0dfd12d404eefba Environment-variable access.
repo/packages/cli/src/modules/oauth-server/__tests__/oauth-server.config.test.ts:11
		delete process.env.N8N_OAUTH_SERVER_REGISTER_RATE_LIMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #41b4b19a789fbefe Environment-variable access.
repo/packages/cli/src/modules/oauth-server/__tests__/oauth-server.config.test.ts:12
		delete process.env.N8N_OAUTH_SERVER_AUTHORIZE_RATE_LIMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #35f6f6bfdf273ca7 Environment-variable access.
repo/packages/cli/src/modules/oauth-server/__tests__/oauth-server.config.test.ts:13
		delete process.env.N8N_OAUTH_SERVER_TOKEN_RATE_LIMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cbf36b7382c61540 Environment-variable access.
repo/packages/cli/src/modules/oauth-server/__tests__/oauth-server.config.test.ts:14
		delete process.env.N8N_OAUTH_SERVER_REVOKE_RATE_LIMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a7bde5f6d7f73f32 Environment-variable access.
repo/packages/cli/src/modules/oauth-server/__tests__/oauth-server.config.test.ts:15
		delete process.env.N8N_OAUTH_SERVER_WELL_KNOWN_RATE_LIMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #17db1cfd596d629a Environment-variable access.
repo/packages/cli/src/modules/oauth-server/__tests__/oauth-server.config.test.ts:29
		process.env.N8N_OAUTH_SERVER_REGISTER_RATE_LIMIT = '100';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5418cac0d57ffd1c Environment-variable access.
repo/packages/cli/src/modules/oauth-server/__tests__/oauth-server.config.test.ts:30
		process.env.N8N_OAUTH_SERVER_AUTHORIZE_RATE_LIMIT = '200';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7d7e6dcbac0a00a9 Environment-variable access.
repo/packages/cli/src/modules/oauth-server/__tests__/oauth-server.config.test.ts:31
		process.env.N8N_OAUTH_SERVER_TOKEN_RATE_LIMIT = '300';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #30f75d19e03e7bb3 Environment-variable access.
repo/packages/cli/src/modules/oauth-server/__tests__/oauth-server.config.test.ts:32
		process.env.N8N_OAUTH_SERVER_REVOKE_RATE_LIMIT = '400';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f9e8f3631486140d Environment-variable access.
repo/packages/cli/src/modules/oauth-server/__tests__/oauth-server.config.test.ts:33
		process.env.N8N_OAUTH_SERVER_WELL_KNOWN_RATE_LIMIT = '500';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5d2ce75dceaedb6c Environment-variable access.
repo/packages/cli/src/modules/oauth-server/__tests__/oauth-server.config.test.ts:45
		process.env.N8N_OAUTH_SERVER_TOKEN_RATE_LIMIT = '0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1c5341d6c148e3b1 Environment-variable access.
repo/packages/cli/src/modules/oauth-server/__tests__/oauth-server.config.test.ts:55
			process.env.N8N_OAUTH_SERVER_TOKEN_RATE_LIMIT = value;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only #6be0ceb2fbe087b8 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/modules/oauth-server/__tests__/oauth-server.service.test.ts:233
				resource: new URL('https://n8n.example.com/mcp-server/http'),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only #24b6da23da06e23c Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/modules/oauth-server/__tests__/oauth-server.service.test.ts:470
				resource: new URL('https://attacker.example.com/mcp-server/http'),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only #dd497fe5628559ed Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/modules/oauth-server/__tests__/oauth-server.service.test.ts:505
				resource: new URL('https://n8n.example.com/mcp-server/http/'),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only #4a709ea15ca8254d Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/modules/oauth-server/__tests__/oauth-server.service.test.ts:759
				new URL('https://n8n.example.com/mcp-server/http'),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only #338772e8a460a880 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/modules/oauth-server/__tests__/oauth-server.service.test.ts:817
					new URL('https://attacker.example.com/mcp-server/http'),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only #8bb5a0b5c0a53c06 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/modules/oauth-server/__tests__/oauth-server.service.test.ts:847
				new URL('https://n8n.example.com/mcp-server/http/'),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #188a553e253352a3 Environment-variable access.
repo/packages/cli/src/modules/oauth-server/oauth-session.service.ts:36
			secure: process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8ab83ba6d08515cf Environment-variable access.
repo/packages/cli/src/modules/otel/__tests__/otel-settings.service.test.ts:21
			if (key.startsWith('N8N_OTEL_')) delete process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fb602365b5b6fb1e Environment-variable access.
repo/packages/cli/src/modules/otel/__tests__/otel-settings.service.test.ts:81
			process.env.N8N_OTEL_EXPORTER_OTLP_ENDPOINT = 'https://from-env';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a5ee22495ff67939 Environment-variable access.
repo/packages/cli/src/modules/otel/__tests__/otel-settings.service.test.ts:100
			process.env.N8N_OTEL_ENABLED = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e1f11606beb4b561 Environment-variable access.
repo/packages/cli/src/modules/otel/__tests__/otel-settings.service.test.ts:101
			process.env.N8N_OTEL_EXPORTER_OTLP_ENDPOINT = 'https://from-env';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3b0e98f95ddb7456 Environment-variable access.
repo/packages/cli/src/modules/otel/__tests__/otel-settings.service.test.ts:172
			process.env.N8N_OTEL_EXPORTER_OTLP_ENDPOINT = 'https://from-env';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c90954dbee19c7db Environment-variable access.
repo/packages/cli/src/modules/otel/__tests__/otel-settings.service.test.ts:203
			process.env.N8N_OTEL_EXPORTER_OTLP_ENDPOINT = 'https://from-env';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #255b275abd386a0a Filesystem access.
repo/packages/cli/src/modules/otel/__tests__/support/otel-integration-utils.ts:7
import { readFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b6723de616164ea5 Filesystem access.
repo/packages/cli/src/modules/otel/__tests__/support/otel-integration-utils.ts:27
		readFileSync(path.join(BASE_DIR, 'nodes-base/dist/known/nodes.json'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e00368b838b413b1 Environment-variable access.
repo/packages/cli/src/modules/otel/__tests__/support/otel-integration-utils.ts:86
		saved[key] = process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7767a00d2fb68957 Environment-variable access.
repo/packages/cli/src/modules/otel/__tests__/support/otel-integration-utils.ts:87
		process.env[key] = value;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f749f9684f7eb18c Environment-variable access.
repo/packages/cli/src/modules/otel/__tests__/support/otel-integration-utils.ts:95
			delete process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c96269ae7cd1697c Environment-variable access.
repo/packages/cli/src/modules/otel/__tests__/support/otel-integration-utils.ts:97
			process.env[key] = value;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #329c08f7b82db1b8 Environment-variable access.
repo/packages/cli/src/modules/otel/otel-settings.service.ts:95
		return process.env[OTEL_ENV_VARS[key]] !== undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #511cd50fdfb11401 Environment-variable access.
repo/packages/cli/src/modules/quick-connect/__tests__/quick-connect.config.test.ts:11
		delete process.env.N8N_QUICK_CONNECT_OPTIONS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a0e4ded3661238e8 Environment-variable access.
repo/packages/cli/src/modules/quick-connect/__tests__/quick-connect.config.test.ts:29
		process.env.N8N_QUICK_CONNECT_OPTIONS = JSON.stringify(testConfig);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #31f6ef49a7ee4ddc Environment-variable access.
repo/packages/cli/src/modules/quick-connect/__tests__/quick-connect.config.test.ts:49
		process.env.N8N_QUICK_CONNECT_OPTIONS = JSON.stringify(testConfig);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9f76fc0991ba9871 Environment-variable access.
repo/packages/cli/src/modules/quick-connect/__tests__/quick-connect.config.test.ts:72
		process.env.N8N_QUICK_CONNECT_OPTIONS = JSON.stringify(testConfig);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ae7ae8e31e37da8c Environment-variable access.
repo/packages/cli/src/modules/quick-connect/__tests__/quick-connect.config.test.ts:93
		process.env.N8N_QUICK_CONNECT_OPTIONS = JSON.stringify(testConfig);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c8c8848cd3ce5b3a Environment-variable access.
repo/packages/cli/src/modules/quick-connect/__tests__/quick-connect.config.test.ts:101
		process.env.N8N_QUICK_CONNECT_OPTIONS = '[]';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b4c5030f8f1eeb32 Environment-variable access.
repo/packages/cli/src/modules/quick-connect/__tests__/quick-connect.config.test.ts:127
		process.env.N8N_QUICK_CONNECT_OPTIONS = JSON.stringify(testConfig);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2f5650d259181ee3 Environment-variable access.
repo/packages/cli/src/modules/quick-connect/__tests__/quick-connect.config.test.ts:249
		process.env.N8N_QUICK_CONNECT_OPTIONS = config;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bc8c85dcc63c6092 Environment-variable access.
repo/packages/cli/src/modules/quick-connect/__tests__/quick-connect.module.test.ts:15
		delete process.env.N8N_QUICK_CONNECT_OPTIONS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #00ad4391aaaaf56d Environment-variable access.
repo/packages/cli/src/modules/quick-connect/__tests__/quick-connect.module.test.ts:32
			process.env.N8N_QUICK_CONNECT_OPTIONS = JSON.stringify(testConfig);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #70f722ef95f68b7f Environment-variable access.
repo/packages/cli/src/modules/quick-connect/__tests__/quick-connect.module.test.ts:55
			process.env.N8N_QUICK_CONNECT_OPTIONS = JSON.stringify(testConfig);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #76f450c0ae392637 Environment-variable access.
repo/packages/cli/src/modules/quick-connect/__tests__/quick-connect.module.test.ts:83
			process.env.N8N_QUICK_CONNECT_OPTIONS = JSON.stringify(testConfig);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #24af0ce829ef0b07 Environment-variable access.
repo/packages/cli/src/modules/quick-connect/__tests__/quick-connect.module.test.ts:105
			process.env.N8N_QUICK_CONNECT_OPTIONS = JSON.stringify(testConfig);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2bf31382eb6c319f Environment-variable access.
repo/packages/cli/src/modules/quick-connect/__tests__/quick-connect.module.test.ts:140
			process.env.N8N_QUICK_CONNECT_OPTIONS = JSON.stringify(testConfig);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3f3bc73a1e5740cc Environment-variable access.
repo/packages/cli/src/modules/quick-connect/__tests__/quick-connect.service.test.ts:107
			process.env.N8N_QUICK_CONNECT_OPTIONS = JSON.stringify(testConfig);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #afaa9a08cc80cc85 Environment-variable access.
repo/packages/cli/src/modules/quick-connect/__tests__/quick-connect.service.test.ts:129
			process.env.N8N_QUICK_CONNECT_OPTIONS = JSON.stringify(testConfig);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e1d8cf73b84d7c76 Environment-variable access.
repo/packages/cli/src/modules/quick-connect/__tests__/quick-connect.service.test.ts:141
			process.env.N8N_QUICK_CONNECT_OPTIONS = '[]';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #31b3cafa3f8c5309 Environment-variable access.
repo/packages/cli/src/modules/quick-connect/__tests__/quick-connect.service.test.ts:165
			process.env.N8N_QUICK_CONNECT_OPTIONS = JSON.stringify(testConfig);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #19e280ca8089610e Environment-variable access.
repo/packages/cli/src/modules/quick-connect/__tests__/quick-connect.service.test.ts:177
		delete process.env.N8N_QUICK_CONNECT_OPTIONS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d95e022fb8deb0cd Environment-variable access.
repo/packages/cli/src/modules/runtime-credentials/__tests__/runtime-credentials.module.test.ts:14
		delete process.env.N8N_ENV_FEAT_RUNTIME_CREDENTIALS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3e89710a1e16aede Environment-variable access.
repo/packages/cli/src/modules/runtime-credentials/__tests__/runtime-credentials.module.test.ts:23
			process.env.N8N_ENV_FEAT_RUNTIME_CREDENTIALS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9649df8dbc986c3f Environment-variable access.
repo/packages/cli/src/modules/runtime-credentials/runtime-credentials.module.ts:8
	return process.env.N8N_ENV_FEAT_RUNTIME_CREDENTIALS === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b604ee1b06b2b4bd Environment-variable access.
repo/packages/cli/src/modules/source-control.ee/__tests__/source-control-git.service.test.ts:395
				delete process.env.HTTP_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d41604b4aceb7f78 Environment-variable access.
repo/packages/cli/src/modules/source-control.ee/__tests__/source-control-git.service.test.ts:396
				delete process.env.HTTPS_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5ddb62996634384a Environment-variable access.
repo/packages/cli/src/modules/source-control.ee/__tests__/source-control-git.service.test.ts:397
				delete process.env.http_proxy;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #59062ea522b3d50e Environment-variable access.
repo/packages/cli/src/modules/source-control.ee/__tests__/source-control-git.service.test.ts:398
				delete process.env.https_proxy;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f35f64032919ec16 Environment-variable access.
repo/packages/cli/src/modules/source-control.ee/__tests__/source-control-git.service.test.ts:399
				delete process.env.NO_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0080b4feee39f100 Environment-variable access.
repo/packages/cli/src/modules/source-control.ee/__tests__/source-control-git.service.test.ts:400
				delete process.env.no_proxy;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5d552fbc2b3cc5a4 Environment-variable access.
repo/packages/cli/src/modules/source-control.ee/__tests__/source-control-git.service.test.ts:401
				delete process.env.ALL_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #51531636576fc9f4 Environment-variable access.
repo/packages/cli/src/modules/source-control.ee/__tests__/source-control-git.service.test.ts:402
				delete process.env.all_proxy;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0cce39dc1d8391f7 Environment-variable access.
repo/packages/cli/src/modules/source-control.ee/__tests__/source-control-git.service.test.ts:415
				process.env.HTTPS_PROXY = proxyUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9dffc6cbb6d68414 Environment-variable access.
repo/packages/cli/src/modules/source-control.ee/__tests__/source-control-git.service.test.ts:439
				process.env.HTTP_PROXY = proxyUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cb04fdcb4d4432ab Environment-variable access.
repo/packages/cli/src/modules/source-control.ee/__tests__/source-control-git.service.test.ts:483
				process.env.HTTPS_PROXY = proxyUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #afee7cf851d2ab12 Environment-variable access.
repo/packages/cli/src/modules/source-control.ee/__tests__/source-control-git.service.test.ts:484
				process.env.NO_PROXY = 'github.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6279abbbecd2431b Filesystem access.
repo/packages/cli/src/modules/source-control.ee/__tests__/source-control-helper.ee.test.ts:3
import { accessSync, constants as fsConstants } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #23fbec1987dfa7f5 Filesystem access.
repo/packages/cli/src/modules/source-control.ee/__tests__/source-control-preferences.service.ee.test.ts:4
import { readFile, writeFile, access, mkdir } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ac8282ecba8b013d Filesystem access.
repo/packages/cli/src/modules/source-control.ee/__tests__/source-control-preferences.service.ee.test.ts:99
			const fileContent = await readFile(tempFilePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #878bf573a60e57c6 Filesystem access.
repo/packages/cli/src/modules/source-control.ee/__tests__/source-control-preferences.service.ee.test.ts:131
			const fileContent = await readFile(tempFilePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2a0e1689f9a1b156 Filesystem access.
repo/packages/cli/src/modules/source-control.ee/__tests__/source-control-preferences.service.ee.test.ts:165
			const fileContent = await readFile(tempFilePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #831984a2a61e5e32 Filesystem access.
repo/packages/cli/src/modules/source-control.ee/__tests__/source-control-preferences.service.ee.test.ts:205
			const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #040c5f9237a533a2 Filesystem access.
repo/packages/cli/src/modules/source-control.ee/__tests__/source-control-preferences.service.ee.test.ts:266
			const fileContent = await readFile(tempFilePath2, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b5464131f7bfbff5 Filesystem access.
repo/packages/cli/src/modules/source-control.ee/__tests__/source-control-preferences.service.ee.test.ts:437
			await writeFile(knownHostsPath, 'github.com ssh-rsa AAAA...\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e740277297f9e792 Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-export.service.ee.ts:146
					return await fsWriteFile(fileName, JSON.stringify(sanitizedWorkflow, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f9d07e8ff71eb8c0 Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-export.service.ee.ts:238
			await fsWriteFile(fileName, JSON.stringify(sanitizedVariables, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd86b7cfa19196f8 Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-export.service.ee.ts:359
				await fsWriteFile(filePath, JSON.stringify(exportableDataTable, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c72e5201b2561c07 Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-export.service.ee.ts:429
			await fsWriteFile(
				fileName,
				JSON.stringify(
					{
						folders: newFolders,
					},
					null,
					2,
				),
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #16d926d63422423b Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-export.service.ee.ts:462
				await fsWriteFile(fileName, JSON.stringify({ tags: [], mappings: [] }, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #55fb7f3d6a46c7a0 Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-export.service.ee.ts:492
			await fsWriteFile(
				fileName,
				JSON.stringify(
					{
						// overwrite all tags
						tags: tags.map((tag) => ({ id: tag.id, name: tag.name })),
						mappings: mappingsToKeep.concat(mappingsOfAllowedWorkflows),
					},
					null,
					2,
				),
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d38233365dcd54a1 Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-export.service.ee.ts:580
					return await fsWriteFile(filePath, JSON.stringify(stub, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #efc69087f2a884cf Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-export.service.ee.ts:640
					return await fsWriteFile(fileName, JSON.stringify(sanitizedProject, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fa0df437e4a89b9d Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-helper.ee.ts:6
import { accessSync, constants as fsConstants, mkdirSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b9d49b4bb46da16e Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-helper.ee.ts:191
			await fsReadFile(file, { encoding: 'utf8' }),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #698ad2fbd0bd19ef Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-helper.ee.ts:214
		return jsonParse<ExportedFolders>(await fsReadFile(file, { encoding: 'utf8' }), {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2835529b01c96075 Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-helper.ee.ts:229
		return jsonParse<ExportableDataTable[]>(await fsReadFile(file, { encoding: 'utf8' }), {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e1800dc88c81d657 Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-import.service.ee.ts:308
					await fsReadFile(file, { encoding: 'utf8' }),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #16d08a49d2220c7c Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-import.service.ee.ts:418
				await fsReadFile(variablesFile[0], { encoding: 'utf8' }),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #70ec47767567a46f Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-import.service.ee.ts:448
				const fileContent = await fsReadFile(file, { encoding: 'utf8' });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #365f306e8e163abf Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-import.service.ee.ts:548
			}>(await fsReadFile(foldersFile[0], { encoding: 'utf8' }), {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #161eaa0d3a0012cf Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-import.service.ee.ts:599
				await fsReadFile(tagsFile[0], { encoding: 'utf8' }),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0ce078224caaa756 Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-import.service.ee.ts:645
				const fileContent = await fsReadFile(file, { encoding: 'utf8' });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1244fe253f2c10cd Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-import.service.ee.ts:867
			const fileContent = await fsReadFile(file, { encoding: 'utf8' });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0acde04effc6e1fc Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-import.service.ee.ts:971
					await fsReadFile(candidate.file, { encoding: 'utf8' }),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #72db8b3cd34737f7 Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-import.service.ee.ts:1043
				await fsReadFile(candidate.file, { encoding: 'utf8' }),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #09be66bd13d15e76 Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-import.service.ee.ts:1141
			}>(await fsReadFile(candidate.file, { encoding: 'utf8' }), {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0cd9147dca80aa62 Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-import.service.ee.ts:1257
				await fsReadFile(candidate.file, { encoding: 'utf8' }),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9866aaf344bc04a9 Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-import.service.ee.ts:1295
					await fsReadFile(candidate.file, { encoding: 'utf8' }),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9f362b3bf8fbd2df Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-import.service.ee.ts:1518
					await fsReadFile(candidate.file, { encoding: 'utf8' }),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6c726a115acb2e32 Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-preferences.service.ee.ts:6
import { rm as fsRm } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2514cad1e89d545e Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-preferences.service.ee.ts:152
			await writeFile(tempFilePath, normalizedKey, { mode: 0o600 });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cdbcefba306dc500 Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control-preferences.service.ee.ts:170
			return await readFile(this.sshKeyName + '.pub', { encoding: 'utf8' });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cfeefb90a163dd86 Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control.service.ee.ts:10
import { writeFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #294eab965468cc46 Filesystem access.
repo/packages/cli/src/modules/source-control.ee/source-control.service.ee.ts:244
					writeFileSync(path.join(this.gitFolder, '/README.md'), SOURCE_CONTROL_README);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only #cdc9562fb29161a3 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/modules/sso-oidc/__tests__/oidc.controller.ee.test.ts:244
			const mockAuthUrl = new URL('https://provider.com/auth?client_id=123');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only #b1d5c0d87a65a1f5 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/modules/sso-oidc/__tests__/oidc.controller.ee.test.ts:301
			const mockAuthUrl = new URL(
				'https://provider.com/auth?client_id=123&redirect_uri=http://localhost:5678/callback',
			);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only #0033f27bf9373fcc Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/modules/sso-oidc/__tests__/oidc.service.ee.test.ts:374
			const callbackUrl = new URL('https://example.com/callback');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only #80b5ffae262aa31f Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/modules/sso-oidc/__tests__/oidc.service.ee.test.ts:399
			const callbackUrl = new URL('https://example.com/callback');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only #c30b7aed8caa42ee Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/modules/sso-oidc/__tests__/oidc.service.ee.test.ts:430
			const callbackUrl = new URL('https://example.com/callback');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only #9f54cd8dc296f652 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/modules/sso-oidc/__tests__/oidc.service.ee.test.ts:451
			const callbackUrl = new URL('https://example.com/callback');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only #b36eaae69a4a86f9 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/modules/sso-oidc/__tests__/oidc.service.ee.test.ts:473
			const callbackUrl = new URL('https://example.com/callback');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only #b018c674a3efbb2c Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/modules/sso-oidc/__tests__/oidc.service.ee.test.ts:495
			const callbackUrl = new URL('https://example.com/callback');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only #38ae7dc2f4904d17 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/modules/sso-oidc/__tests__/oidc.service.ee.test.ts:520
			const callbackUrl = new URL('https://example.com/callback');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only #c7ef22e569239f3e Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/modules/sso-oidc/__tests__/oidc.service.ee.test.ts:551
			const callbackUrl = new URL('https://example.com/callback');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only #f26a3d0cac549054 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/modules/sso-oidc/__tests__/oidc.service.ee.test.ts:589
			const callbackUrl = new URL('https://example.com/callback');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only #995bc1210325f278 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/modules/sso-oidc/__tests__/oidc.service.ee.test.ts:629
			const callbackUrl = new URL('https://example.com/callback');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only #846a7199141773de Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/modules/sso-oidc/__tests__/oidc.service.ee.test.ts:664
			const callbackUrl = new URL('https://example.com/callback');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only #479c9bc0b41040b6 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/modules/sso-oidc/__tests__/oidc.service.ee.test.ts:686
			const callbackUrl = new URL('https://example.com/callback');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only #6b84d1b06d0dd754 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/modules/sso-oidc/__tests__/oidc.service.ee.test.ts:700
		const discoveryUrl = new URL('https://example.com/.well-known/openid-configuration');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only #b47eb94bda5b96b4 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/modules/sso-oidc/__tests__/oidc.service.ee.test.ts:795
				new URL('https://issuer.example.com/.well-known/openid-configuration'),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #0b294923777625a7 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/cli/src/modules/sso-oidc/oidc.service.ee.ts:63
	discoveryEndpoint: new URL('http://n8n.io/not-set'),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only #929ba97a677357e8 Environment-variable access.
repo/packages/cli/src/modules/sso-saml/__tests__/saml.service.ee.test.ts:200
	const originalEnv = process.env.N8N_ENV_FEAT_SIGNED_SAML_REQUESTS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1375e6c48751a3f3 Environment-variable access.
repo/packages/cli/src/modules/sso-saml/__tests__/saml.service.ee.test.ts:250
			process.env.N8N_ENV_FEAT_SIGNED_SAML_REQUESTS = originalEnv;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6ea565a55b655ec4 Environment-variable access.
repo/packages/cli/src/modules/sso-saml/__tests__/saml.service.ee.test.ts:252
			delete process.env.N8N_ENV_FEAT_SIGNED_SAML_REQUESTS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #15ac7160eb89a01f Environment-variable access.
repo/packages/cli/src/modules/sso-saml/__tests__/saml.service.ee.test.ts:265
				delete process.env.N8N_ENV_FEAT_SIGNED_SAML_REQUESTS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #224a24475535a02f Environment-variable access.
repo/packages/cli/src/modules/sso-saml/__tests__/saml.service.ee.test.ts:267
				process.env.N8N_ENV_FEAT_SIGNED_SAML_REQUESTS = value;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3220c7fe9c00657f Environment-variable access.
repo/packages/cli/src/modules/sso-saml/__tests__/saml.service.ee.test.ts:274
			process.env.N8N_ENV_FEAT_SIGNED_SAML_REQUESTS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #04cbae42f3855254 Environment-variable access.
repo/packages/cli/src/modules/sso-saml/__tests__/saml.service.ee.test.ts:849
				delete process.env.N8N_ENV_FEAT_SIGNED_SAML_REQUESTS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0b9e8673622578e7 Environment-variable access.
repo/packages/cli/src/modules/sso-saml/__tests__/saml.service.ee.test.ts:860
				delete process.env.N8N_ENV_FEAT_SIGNED_SAML_REQUESTS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cb9fadc0c3f3591e Environment-variable access.
repo/packages/cli/src/modules/sso-saml/__tests__/saml.service.ee.test.ts:873
				process.env.N8N_ENV_FEAT_SIGNED_SAML_REQUESTS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fa5151f6c98a456d Environment-variable access.
repo/packages/cli/src/modules/sso-saml/__tests__/saml.service.ee.test.ts:897
				process.env.N8N_ENV_FEAT_SIGNED_SAML_REQUESTS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #36623780697ef279 Environment-variable access.
repo/packages/cli/src/modules/sso-saml/__tests__/saml.service.ee.test.ts:927
				process.env.N8N_ENV_FEAT_SIGNED_SAML_REQUESTS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0c21760f1947880d Environment-variable access.
repo/packages/cli/src/modules/sso-saml/__tests__/saml.service.ee.test.ts:955
				process.env.N8N_ENV_FEAT_SIGNED_SAML_REQUESTS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d3569c45f160c8fa Environment-variable access.
repo/packages/cli/src/modules/sso-saml/__tests__/saml.service.ee.test.ts:993
				process.env.N8N_ENV_FEAT_SIGNED_SAML_REQUESTS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1f41fa17a72a414d Environment-variable access.
repo/packages/cli/src/modules/sso-saml/__tests__/saml.service.ee.test.ts:1014
				delete process.env.N8N_ENV_FEAT_SIGNED_SAML_REQUESTS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #08bbbf8f03ea05ff Environment-variable access.
repo/packages/cli/src/modules/sso-saml/__tests__/saml.service.ee.test.ts:1055
				process.env.N8N_ENV_FEAT_SIGNED_SAML_REQUESTS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #21d3fd6eefdf20dc Environment-variable access.
repo/packages/cli/src/modules/sso-saml/__tests__/saml.service.ee.test.ts:1110
				process.env.N8N_ENV_FEAT_SIGNED_SAML_REQUESTS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #146d8296a3633932 Environment-variable access.
repo/packages/cli/src/modules/sso-saml/__tests__/saml.service.ee.test.ts:1196
				process.env.N8N_ENV_FEAT_SIGNED_SAML_REQUESTS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f42bee643504ee7c Environment-variable access.
repo/packages/cli/src/modules/sso-saml/__tests__/saml.service.ee.test.ts:1222
				delete process.env.N8N_ENV_FEAT_SIGNED_SAML_REQUESTS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ab4192967af2b2fd Environment-variable access.
repo/packages/cli/src/modules/sso-saml/__tests__/saml.service.ee.test.ts:1246
				process.env.N8N_ENV_FEAT_SIGNED_SAML_REQUESTS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c9146c097f860c8b Environment-variable access.
repo/packages/cli/src/modules/sso-saml/saml.service.ee.ts:113
		return process.env.N8N_ENV_FEAT_SIGNED_SAML_REQUESTS === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1425cc642359e21b Environment-variable access.
repo/packages/cli/src/modules/token-exchange/token-exchange.module.ts:7
	return process.env.N8N_ENV_FEAT_TOKEN_EXCHANGE === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a086ba45f10620f5 Filesystem access.
repo/packages/cli/src/node-catalog/node-catalog.service.ts:9
import * as fs from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6e3bdefa1d9b5827 Filesystem access.
repo/packages/cli/src/node-types.ts:3
import type { Dirent } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5fa569ae7e19fb16 Filesystem access.
repo/packages/cli/src/node-types.ts:4
import { readdir, readFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #80cb431b0541a722 Filesystem access.
repo/packages/cli/src/node-types.ts:53
				const translation = await readFile(translationPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #989a7e8e1e2dad9b Environment-variable access.
repo/packages/cli/src/oauth/__tests__/oauth.service.test.ts:173
			delete process.env.N8N_SKIP_AUTH_ON_OAUTH_CALLBACK;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e28aaa146bec1e60 Environment-variable access.
repo/packages/cli/src/oauth/__tests__/oauth.service.test.ts:178
			process.env.N8N_SKIP_AUTH_ON_OAUTH_CALLBACK = 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5e300ed5f98cd1e8 Environment-variable access.
repo/packages/cli/src/oauth/__tests__/oauth.service.test.ts:183
			process.env.N8N_SKIP_AUTH_ON_OAUTH_CALLBACK = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a3b84c8e76739a6e Environment-variable access.
repo/packages/cli/src/oauth/__tests__/oauth.service.test.ts:188
			process.env.N8N_SKIP_AUTH_ON_OAUTH_CALLBACK = 'TRUE';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #826577f44528081c Environment-variable access.
repo/packages/cli/src/oauth/oauth.service.ts:87
	const value = process.env.N8N_SKIP_AUTH_ON_OAUTH_CALLBACK?.toLowerCase() ?? 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ab149918726f45ce Filesystem access.
repo/packages/cli/src/public-api/index.ts:7
import fs from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #46957ce2ed2b4398 Filesystem access.
repo/packages/cli/src/public-api/index.ts:90
			const spec = await fs.readFile(openApiSpecPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d42beeb11318e9ce Filesystem access.
repo/packages/cli/src/public-api/index.ts:102
			const swaggerThemeCss = await fs.readFile(swaggerThemePath, { encoding: 'utf-8' });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #478ef156265324be Environment-variable access.
repo/packages/cli/src/public-api/index.ts:236
						operationHandlers: process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d60215da810721a6 Filesystem access.
repo/packages/cli/src/public-api/v1/handlers/data-tables/__tests__/data-table-column-name.openapi.test.ts:2
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2b107a9f2487b1f4 Filesystem access.
repo/packages/cli/src/public-api/v1/handlers/data-tables/__tests__/data-table-column-name.openapi.test.ts:22
		const doc = columnNameYmlSchema.parse(parse(fs.readFileSync(ymlPath, 'utf8')));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8c8272fb7a26c68e Filesystem access.
repo/packages/cli/src/server.ts:9
import { access as fsAccess } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bed93618bd847903 Environment-variable access.
repo/packages/cli/src/server.ts:116
		if (inDevelopment && process.env.N8N_DEV_RELOAD === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d86d6036ddab2c99 Environment-variable access.
repo/packages/cli/src/server.ts:383
			const isPreviewMode = process.env.N8N_PREVIEW_MODE === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e60480ee70f11af0 Filesystem access.
repo/packages/cli/src/services/__tests__/ai-workflow-builder.service.test.ts:827
		writeFileSync(
			join(packageDir, 'package.json'),
			JSON.stringify({
				name: 'n8n-nodes-base',
				version: '1.0.0',
				n8n: { nodes: [], credentials: [] },
			}),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1a32cccccd4d8b89 Filesystem access.
repo/packages/cli/src/services/__tests__/ai-workflow-builder.service.test.ts:835
		writeFileSync(
			join(packageDir, 'dist', 'known', 'nodes.json'),
			JSON.stringify({
				httpRequest: {
					className: 'HttpRequest',
					sourcePath: 'dist/nodes/HttpRequest/HttpRequest.node.js',
				},
			}),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ec1bc0ebe816c9da Filesystem access.
repo/packages/cli/src/services/__tests__/ai-workflow-builder.service.test.ts:844
		writeFileSync(join(packageDir, 'dist', 'known', 'credentials.json'), JSON.stringify({}));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #13492d9f974e87dc Filesystem access.
repo/packages/cli/src/services/__tests__/ai-workflow-builder.service.test.ts:845
		writeFileSync(
			join(packageDir, 'dist', 'types', 'nodes.json'),
			JSON.stringify([nodeTypeDescription]),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #712928112209d4cf Filesystem access.
repo/packages/cli/src/services/__tests__/ai-workflow-builder.service.test.ts:849
		writeFileSync(join(packageDir, 'dist', 'types', 'credentials.json'), JSON.stringify([]));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #64396581ef483559 Filesystem access.
repo/packages/cli/src/services/__tests__/export.service.test.ts:3
import { mkdir, rm, readdir, appendFile, readFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #46d8077a8b57ad92 Environment-variable access.
repo/packages/cli/src/services/__tests__/frontend.service.test.ts:370
			delete process.env.N8N_CONCURRENCY_EVALUATION_LIMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #efce51afc5597e3c Environment-variable access.
repo/packages/cli/src/services/__tests__/frontend.service.test.ts:387
			process.env.N8N_CONCURRENCY_EVALUATION_LIMIT = '7';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dfe37e58ac7b1404 Environment-variable access.
repo/packages/cli/src/services/__tests__/frontend.service.test.ts:408
			delete process.env.N8N_CONCURRENCY_EVALUATION_LIMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1e22b6a5f94b9410 Environment-variable access.
repo/packages/cli/src/services/__tests__/frontend.service.test.ts:536
			process.env.N8N_PREVIEW_MODE = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1a88cff59271d0af Filesystem access.
repo/packages/cli/src/services/__tests__/import.service.test.ts:5
import { readdir, readFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f82ead3d3417b264 Environment-variable access.
repo/packages/cli/src/services/__tests__/url.service.test.ts:8
		delete process.env.WEBHOOK_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5fef6dcaf99e7ac1 Environment-variable access.
repo/packages/cli/src/services/__tests__/url.service.test.ts:13
			process.env.WEBHOOK_URL = undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b2f1fdab4dccf992 Environment-variable access.
repo/packages/cli/src/services/__tests__/url.service.test.ts:23
			process.env.WEBHOOK_URL = 'https://example.com/';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #23fc822a9bb1ecda Environment-variable access.
repo/packages/cli/src/services/__tests__/url.service.test.ts:34
			process.env.WEBHOOK_URL = undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d59e5ba682dced16 Environment-variable access.
repo/packages/cli/src/services/__tests__/url.service.test.ts:44
			process.env.WEBHOOK_URL = '"https://example.com/"';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #38504e2b2876c76a Environment-variable access.
repo/packages/cli/src/services/__tests__/url.service.test.ts:57
			process.env.WEBHOOK_URL = 'https://old.example.com/';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4b306445658c4d1c Environment-variable access.
repo/packages/cli/src/services/__tests__/url.service.test.ts:65
			process.env.WEBHOOK_URL = 'https://old.example.com/';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2f5def9fdb2a17ae Environment-variable access.
repo/packages/cli/src/services/__tests__/url.service.test.ts:92
			process.env.WEBHOOK_URL = undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c56284cd3e10f011 Filesystem access.
repo/packages/cli/src/services/ai-workflow-builder.service.ts:10
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ddb61cd8eb5403ca Filesystem access.
repo/packages/cli/src/services/export.service.ts:6
import { mkdir, rm, readdir, appendFile, readFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4420b06accc6fad9 Filesystem access.
repo/packages/cli/src/services/export.service.ts:252
				const keyFileContent = await readFile(keyFilePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #699000c6de1a7b17 Filesystem access.
repo/packages/cli/src/services/frontend.service.ts:7
import { createWriteStream } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a9f0baf63bd0bc31 Filesystem access.
repo/packages/cli/src/services/frontend.service.ts:8
import { mkdir } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f131ed4b536f8584 Environment-variable access.
repo/packages/cli/src/services/frontend.service.ts:170
		const previewMode = process.env.N8N_PREVIEW_MODE === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ba1715dc37b04aae Environment-variable access.
repo/packages/cli/src/services/frontend.service.ts:198
		const previewMode = process.env.N8N_PREVIEW_MODE === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #db5112e1564c7e60 Environment-variable access.
repo/packages/cli/src/services/frontend.service.ts:228
			nodeEnv: process.env.NODE_ENV,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #92a086401e5d5214 Environment-variable access.
repo/packages/cli/src/services/frontend.service.ts:336
				builtIn: process.env.NODE_FUNCTION_ALLOW_BUILTIN?.split(',') ?? undefined,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee63e72f03828e56 Environment-variable access.
repo/packages/cli/src/services/frontend.service.ts:337
				external: process.env.NODE_FUNCTION_ALLOW_EXTERNAL?.split(',') ?? undefined,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c126ff14bb8f507c Environment-variable access.
repo/packages/cli/src/services/frontend.service.ts:569
				!!this.globalConfig.aiAssistant.baseUrl || !!process.env.N8N_AI_ANTHROPIC_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ef1f938b660f20c6 Filesystem access.
repo/packages/cli/src/services/import.service.ts:17
import { readdir, readFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #96e0a8fc6b7a2d04 Filesystem access.
repo/packages/cli/src/services/import.service.ts:470
		const content = await readFile(filePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5e3bc52ea745a81c Filesystem access.
repo/packages/cli/src/services/import.service.ts:525
				const keyFileContent = await readFile(keyFilePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1f0afaa0e16afa5e Filesystem access.
repo/packages/cli/src/services/import.service.ts:1002
			await readFile(migrationsFilePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3f883f307240eeec Filesystem access.
repo/packages/cli/src/services/import.service.ts:1010
		const migrationsFileContent = await readFile(migrationsFilePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #06e7ab92be829665 Environment-variable access.
repo/packages/cli/src/services/url.service.ts:18
			this.globalConfig.webhookUrl || this.trimQuotes(process.env.WEBHOOK_URL) || this.baseUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a4e787162175a5e9 Environment-variable access.
repo/packages/cli/src/task-runners/__tests__/task-runner-process-py.test.ts:54
			process.env[envVar] = 'custom value';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4f959668861e2b21 Environment-variable access.
repo/packages/cli/src/task-runners/__tests__/task-runner-process.test.ts:91
			process.env[envVar] = 'custom value';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #34be836fbfe02bd3 Environment-variable access.
repo/packages/cli/src/task-runners/task-runner-process-js.ts:58
			PATH: process.env.PATH,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #95e80a24e0079b14 Environment-variable access.
repo/packages/cli/src/task-runners/task-runner-process-js.ts:59
			HOME: process.env.HOME ?? process.env.USERPROFILE,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ceda6f0aa558ff94 Environment-variable access.
repo/packages/cli/src/task-runners/task-runner-process-js.ts:60
			NODE_PATH: process.env.NODE_PATH,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ad26aa1fcd341661 Environment-variable access.
repo/packages/cli/src/task-runners/task-runner-process-js.ts:63
			GENERIC_TIMEZONE: process.env.GENERIC_TIMEZONE,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f9d69f9c1cb515a2 Environment-variable access.
repo/packages/cli/src/task-runners/task-runner-process-js.ts:64
			NODE_FUNCTION_ALLOW_BUILTIN: process.env.NODE_FUNCTION_ALLOW_BUILTIN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2deaeebe9619eee0 Environment-variable access.
repo/packages/cli/src/task-runners/task-runner-process-js.ts:65
			NODE_FUNCTION_ALLOW_EXTERNAL: process.env.NODE_FUNCTION_ALLOW_EXTERNAL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c9e7a50ef5f2c058 Environment-variable access.
repo/packages/cli/src/task-runners/task-runner-process-js.ts:68
			N8N_SENTRY_DSN: process.env.N8N_SENTRY_DSN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #446bef2245ba7329 Environment-variable access.
repo/packages/cli/src/task-runners/task-runner-process-js.ts:69
			N8N_VERSION: process.env.N8N_VERSION,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8a4a2218ab8b581a Environment-variable access.
repo/packages/cli/src/task-runners/task-runner-process-js.ts:70
			ENVIRONMENT: process.env.ENVIRONMENT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #67ab2026166aa7a2 Environment-variable access.
repo/packages/cli/src/task-runners/task-runner-process-js.ts:71
			DEPLOYMENT_NAME: process.env.DEPLOYMENT_NAME,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cc31a790817ba6b7 Environment-variable access.
repo/packages/cli/src/task-runners/task-runner-process-js.ts:80
			N8N_RUNNERS_INSECURE_MODE: process.env.N8N_RUNNERS_INSECURE_MODE,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ecf67f11a65b7b30 Environment-variable access.
repo/packages/cli/src/task-runners/task-runner-process-js.ts:83
			N8N_RUNNERS_GRACEFUL_SHUTDOWN_TIMEOUT: process.env.N8N_RUNNERS_GRACEFUL_SHUTDOWN_TIMEOUT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e65c9ec1eb8aee23 Environment-variable access.
repo/packages/cli/src/task-runners/task-runner-process-js.ts:84
			N8N_RUNNERS_SHUTDOWN_FORCE_KILL_MARGIN: process.env.N8N_RUNNERS_SHUTDOWN_FORCE_KILL_MARGIN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6c2fc7aebadd1a49 Environment-variable access.
repo/packages/cli/src/task-runners/task-runner-process-py.ts:42
				PATH: process.env.PATH,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6dc6f49a69604885 Environment-variable access.
repo/packages/cli/src/task-runners/task-runner-process-py.ts:43
				HOME: process.env.HOME ?? process.env.USERPROFILE,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #388f5842ad56052c Environment-variable access.
repo/packages/cli/src/task-runners/task-runner-process-py.ts:54
				N8N_RUNNERS_STDLIB_ALLOW: process.env.N8N_RUNNERS_STDLIB_ALLOW,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dbb39aa4211ef81e Environment-variable access.
repo/packages/cli/src/task-runners/task-runner-process-py.ts:55
				N8N_RUNNERS_EXTERNAL_ALLOW: process.env.N8N_RUNNERS_EXTERNAL_ALLOW,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #153fb63ccc9f1993 Environment-variable access.
repo/packages/cli/src/task-runners/task-runner-process-py.ts:56
				N8N_RUNNERS_ALLOW_TRANSITIVE_IMPORTS: process.env.N8N_RUNNERS_ALLOW_TRANSITIVE_IMPORTS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8bf12124a984e374 Environment-variable access.
repo/packages/cli/src/task-runners/task-runner-process-py.ts:57
				N8N_RUNNERS_BUILTINS_DENY: process.env.N8N_RUNNERS_BUILTINS_DENY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2e5c64df222000b9 Environment-variable access.
repo/packages/cli/src/task-runners/task-runner-process-py.ts:58
				N8N_BLOCK_RUNNER_ENV_ACCESS: process.env.N8N_BLOCK_RUNNER_ENV_ACCESS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a5ba614ced2500c7 Filesystem access.
repo/packages/cli/src/user-management/email/__tests__/node-mailer.test.ts:3
import { readFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f7b96bed3ed2c5db Filesystem access.
repo/packages/cli/src/user-management/email/__tests__/node-mailer.test.ts:23
		const includedContent = await readFile(pathJoin(templatesDir, match[1]), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9d39013cbe52b50a Filesystem access.
repo/packages/cli/src/user-management/email/__tests__/node-mailer.test.ts:35
	const rawMarkup = await readFile(pathJoin(templatesDir, `${templateName}.mjml`), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3002949c4d98299a Filesystem access.
repo/packages/cli/src/user-management/email/user-management-mailer.ts:7
import { existsSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4538d7f69af2e685 Filesystem access.
repo/packages/cli/src/user-management/email/user-management-mailer.ts:8
import { readFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #75d989dbb2a35140 Filesystem access.
repo/packages/cli/src/user-management/email/user-management-mailer.ts:337
			const markup = await readFile(templatePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c50928815ccfebd0 Environment-variable access.
repo/packages/cli/src/utils.ts:132
	if (process.env.ENABLE_OBSERVABILITY === undefined || process.env.ENABLE_OBSERVABILITY === '') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3ae2602eade873b7 Environment-variable access.
repo/packages/cli/src/utils.ts:133
		process.env.ENABLE_OBSERVABILITY = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #28c831024ef38de9 Environment-variable access.
repo/packages/cli/src/utils.ts:136
		process.env.ENABLE_A365_OBSERVABILITY_EXPORTER === undefined ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e1c400d06fe0b197 Environment-variable access.
repo/packages/cli/src/utils.ts:137
		process.env.ENABLE_A365_OBSERVABILITY_EXPORTER === ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #59df6f88600580a0 Environment-variable access.
repo/packages/cli/src/utils.ts:139
		process.env.ENABLE_A365_OBSERVABILITY_EXPORTER = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #33ab14d2bd189f10 Environment-variable access.
repo/packages/cli/src/utils/ai-proxy-fetch.ts:13
export const AI_REQUEST_TIMEOUT_MS = resolveTimeoutMs(process.env.N8N_AI_TIMEOUT_MAX);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0804b9ea82977e94 Filesystem access.
repo/packages/cli/src/utils/compression.util.ts:3
import { createWriteStream, mkdirSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1fc3d1a04788f9b9 Filesystem access.
repo/packages/cli/src/utils/compression.util.ts:4
import type { FileHandle } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #58f9cfef41ff900d Filesystem access.
repo/packages/cli/src/utils/compression.util.ts:5
import { open, readFile, readdir, mkdir } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #803d2f3f43f3c9a5 Filesystem access.
repo/packages/cli/src/utils/compression.util.ts:221
			const fileContent = await readFile(fullPath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fccf6e63dbd4cba5 Environment-variable access.
repo/packages/cli/src/utils/health-endpoint.util.ts:24
	const isHealthEndpointCustomized = process.env.N8N_ENDPOINT_HEALTH !== undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8529db9211f1913b Environment-variable access.
repo/packages/cli/src/workflow-runner.ts:272
			process.env.OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS === 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8aa0e1f2a6740736 Environment-variable access.
repo/packages/cli/src/workflows/__tests__/workflow-execution.service.test.ts:691
			originalOffloadManualExecutionsToWorkers = process.env.OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6f65561c3cc35ed9 Environment-variable access.
repo/packages/cli/src/workflows/__tests__/workflow-execution.service.test.ts:692
			process.env.OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #65fb0de354653d71 Environment-variable access.
repo/packages/cli/src/workflows/__tests__/workflow-execution.service.test.ts:718
				delete process.env.OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #966323728085e48e Environment-variable access.
repo/packages/cli/src/workflows/__tests__/workflow-execution.service.test.ts:720
				process.env.OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS = originalOffloadManualExecutionsToWorkers;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c0c3bb5b01b07117 Environment-variable access.
repo/packages/cli/src/workflows/workflow-execution.service.ts:238
				process.env.OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0da754d4819a0cb0 Filesystem access.
repo/packages/cli/vitest.tsc-entity-transform.ts:72
			const next = fs.existsSync(norm) ? fs.readFileSync(norm, 'utf-8') : undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3e18ccb038140be5 Filesystem access.
repo/packages/cli/vitest.tsc-entity-transform.ts:90
				const text = cached ?? (fs.existsSync(f) ? fs.readFileSync(f, 'utf-8') : undefined);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/nodes-base

npm first-party
high pii_flow production #733d4e2d49d8111f User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/credentials/CiscoSecureEndpointApi.credentials.ts:77 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/credentials/CiscoSecureEndpointApi.credentials.ts:92 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/credentials/CiscoSecureEndpointApi.credentials.ts:77
		const secureXToken = (await http.request({
			url: `https://visibility.${region}.cisco.com/iroh/oauth2/token`,
			method: 'POST',
			auth: {
				username: clientId,
				password: clientSecret,
			},
			body: new URLSearchParams({
				grant_type: 'client_credentials',
			}).toString(),
			headers: {
				'Content-Type': 'application/x-www-form-urlencoded',
				Accept: 'application/json',
			},
			json: true,
			timeout: TOKEN_REQUEST_TIMEOUT,
		})) as { access_token: string };

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #33a322c858721685 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/credentials/CiscoSecureEndpointApi.credentials.ts:95 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/credentials/CiscoSecureEndpointApi.credentials.ts:92 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/credentials/CiscoSecureEndpointApi.credentials.ts:95
		const secureEndpointToken = (await http.request({
			url: `https://api.${region}.cisco.com/v3/access_tokens`,
			method: 'POST',
			body: new URLSearchParams({
				grant_type: 'client_credentials',
			}).toString(),
			headers: {
				'Content-Type': 'application/x-www-form-urlencoded',
				Accept: 'application/json',
				Authorization: `Bearer ${secureXToken.access_token}`,
			},
			json: true,
			timeout: TOKEN_REQUEST_TIMEOUT,
		})) as { access_token: string };

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #ab7e274d40313625 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/credentials/GoogleApi.credentials.ts:366 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/credentials/GoogleApi.credentials.ts:334 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/credentials/GoogleApi.credentials.ts:366
		const { access_token } = (await http.request({
			url: 'https://oauth2.googleapis.com/token',
			method: 'POST',
			body: new URLSearchParams({
				grant_type: 'urn:ietf:params:oauth:grant-type:jwt-bearer',
				assertion: signature,
			}).toString(),
			headers: {
				'Content-Type': 'application/x-www-form-urlencoded',
			},
			json: true,
			timeout: TOKEN_REQUEST_TIMEOUT,
		})) as { access_token: string };

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #4b622fec644dddc4 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/credentials/MicrosoftEntraServicePrincipalApi.credentials.ts:140 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/credentials/MicrosoftEntraServicePrincipalApi.credentials.ts:148 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/credentials/MicrosoftEntraServicePrincipalApi.credentials.ts:140
	const response = await http.request({
		url: tokenUrl,
		method: 'POST',
		body: body.toString(),
		headers: {
			'Content-Type': 'application/x-www-form-urlencoded',
		},
		json: true,
		timeout: TOKEN_REQUEST_TIMEOUT,
	});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #a2acd2e8e2d49da5 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/credentials/SalesforceJwtApi.credentials.ts:121 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/credentials/SalesforceJwtApi.credentials.ts:105 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/credentials/SalesforceJwtApi.credentials.ts:121
		const response = (await http.request({
			url: `${authUrl}/services/oauth2/token`,
			method: 'POST',
			body: new URLSearchParams({
				grant_type: 'urn:ietf:params:oauth:grant-type:jwt-bearer',
				assertion: signature,
			}).toString(),
			headers: {
				'Content-Type': 'application/x-www-form-urlencoded',
			},
			json: true,
			timeout: TOKEN_REQUEST_TIMEOUT,
		})) as { access_token?: string; instance_url?: string };

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #81f195e04e8eeb75 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/credentials/common/aws/system-credentials-utils.ts:283 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/credentials/common/aws/system-credentials-utils.ts:264 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/credentials/common/aws/system-credentials-utils.ts:283
		const response = await fetch(fullUri, {
			method: 'GET',
			headers,
			signal: AbortSignal.timeout(2000),
		});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #e3b79a878da10f79 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/credentials/common/aws/system-credentials-utils.ts:349 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/credentials/common/aws/system-credentials-utils.ts:328 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/credentials/common/aws/system-credentials-utils.ts:349
		const credentialsResponse = await fetch(`https://sts.${region}.${getAwsDomain(region)}`, {
			method: 'POST',
			headers,
			body: body.toString(),
			signal: AbortSignal.timeout(2000),
		});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #654902d411d2796a User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/AcuityScheduling/GenericFunctions.ts:45 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/AcuityScheduling/GenericFunctions.ts:41 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/AcuityScheduling/GenericFunctions.ts:45
			return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #cc7be4bee6f17432 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Affinity/GenericFunctions.ts:47 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Affinity/GenericFunctions.ts:24 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Affinity/GenericFunctions.ts:47
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #061033b4f3d7fc1b User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/AgileCrm/GenericFunctions.ts:50 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/AgileCrm/GenericFunctions.ts:31 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/AgileCrm/GenericFunctions.ts:50
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #8fd2b407216c255f User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/AgileCrm/GenericFunctions.ts:128 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/AgileCrm/GenericFunctions.ts:112 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/AgileCrm/GenericFunctions.ts:128
			lastSuccesfulUpdateReturn = await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #75733ae10b8d0038 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/AgileCrm/GenericFunctions.ts:140 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/AgileCrm/GenericFunctions.ts:112 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/AgileCrm/GenericFunctions.ts:140
			lastSuccesfulUpdateReturn = await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #9f3b8b67b724d36c User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/AgileCrm/GenericFunctions.ts:149 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/AgileCrm/GenericFunctions.ts:112 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/AgileCrm/GenericFunctions.ts:149
			lastSuccesfulUpdateReturn = await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #127d0a3a104f3047 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/AgileCrm/GenericFunctions.ts:160 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/AgileCrm/GenericFunctions.ts:112 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/AgileCrm/GenericFunctions.ts:160
			lastSuccesfulUpdateReturn = await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #137fd36a377e2e48 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Autopilot/GenericFunctions.ts:45 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Autopilot/GenericFunctions.ts:29 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Autopilot/GenericFunctions.ts:45
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #0ab7e3db7e8fb732 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/BambooHr/v1/transport/index.ts:56 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/BambooHr/v1/transport/index.ts:25 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/BambooHr/v1/transport/index.ts:56
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #34679b43cd91631b User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Bannerbear/GenericFunctions.ts:45 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Bannerbear/GenericFunctions.ts:29 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Bannerbear/GenericFunctions.ts:45
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #3a643695445ec635 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Bitbucket/BitbucketTrigger.node.ts:217 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Bitbucket/BitbucketTrigger.node.ts:208 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Bitbucket/BitbucketTrigger.node.ts:217
					const response = await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #cb97d9ac20d8735d User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Bitbucket/GenericFunctions.ts:61 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Bitbucket/GenericFunctions.ts:48 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Bitbucket/GenericFunctions.ts:61
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #e296a50499ff2aae User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Chargebee/Chargebee.node.ts:600 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Chargebee/Chargebee.node.ts:591 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Chargebee/Chargebee.node.ts:600
					responseData = await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #4df56794e2356d24 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/CircleCi/GenericFunctions.ts:39 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/CircleCi/GenericFunctions.ts:25 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/CircleCi/GenericFunctions.ts:39
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #fa7e53b59b6c5114 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Clearbit/GenericFunctions.ts:37 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Clearbit/GenericFunctions.ts:25 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Clearbit/GenericFunctions.ts:37
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #7ac4ddc75571d731 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Demio/GenericFunctions.ts:38 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Demio/GenericFunctions.ts:26 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Demio/GenericFunctions.ts:38
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #130851dc0606e8ec User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Dhl/GenericFunctions.ts:42 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Dhl/GenericFunctions.ts:28 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Dhl/GenericFunctions.ts:42
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #9fa944750b2bbcbc User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Discord/v1/DiscordV1.node.ts:253 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Discord/v1/DiscordV1.node.ts:172 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Discord/v1/DiscordV1.node.ts:253
					response = await this.helpers.request(requestOptions);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #b78af0f38559a797 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Egoi/GenericFunctions.ts:50 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Egoi/GenericFunctions.ts:36 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Egoi/GenericFunctions.ts:50
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #c3d7e5307d76bd76 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Emelia/GenericFunctions.ts:135 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Emelia/GenericFunctions.ts:126 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Emelia/GenericFunctions.ts:135
		await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #2b46eb5dc420fd9b User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/FileMaker/GenericFunctions.ts:64 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/FileMaker/GenericFunctions.ts:37 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/FileMaker/GenericFunctions.ts:64
		const response = await this.helpers.request(requestOptions);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #4f113de2eb8c0ee7 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Freshdesk/GenericFunctions.ts:46 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Freshdesk/GenericFunctions.ts:23 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Freshdesk/GenericFunctions.ts:46
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #bd3f87de61167e21 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Google/Chat/GoogleChat.node.ts:223 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Google/Chat/GoogleChat.node.ts:187 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Google/Chat/GoogleChat.node.ts:223
					const response = await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #9eea000ec2489ff5 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Google/GenericFunctions.ts:126 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Google/GenericFunctions.ts:90 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Google/GenericFunctions.ts:126
	return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #9cdbaa8075c80f14 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/GraphQL/GraphQL.node.ts:535 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/GraphQL/GraphQL.node.ts:432 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/GraphQL/GraphQL.node.ts:535
					response = await this.helpers.request(requestOptions);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #4dc8ab414145b6c1 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/HttpRequest/V1/HttpRequestV1.node.ts:1014 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/HttpRequest/V1/HttpRequestV1.node.ts:958 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/HttpRequest/V1/HttpRequestV1.node.ts:1014
				const request = this.helpers.request(requestOptions);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #ccbfb040f37af938 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/HttpRequest/V2/HttpRequestV2.node.ts:1078 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/HttpRequest/V2/HttpRequestV2.node.ts:1019 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/HttpRequest/V2/HttpRequestV2.node.ts:1078
					const request = this.helpers.request(requestOptions);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #14a77ba880c4ba3b User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/HttpRequest/V3/HttpRequestV3.node.ts:766 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/HttpRequest/V3/HttpRequestV3.node.ts:556 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/HttpRequest/V3/HttpRequestV3.node.ts:766
						const request = this.helpers.request(requestOptions);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #ba7f7364fdc1a19a User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Hubspot/V1/GenericFunctions.ts:46 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Hubspot/V1/GenericFunctions.ts:45 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Hubspot/V1/GenericFunctions.ts:46
			return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #6b1688f949675e17 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Hubspot/V1/GenericFunctions.ts:56 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Hubspot/V1/GenericFunctions.ts:55 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Hubspot/V1/GenericFunctions.ts:56
				return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #f3f8554516cc4ac8 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Hubspot/V2/GenericFunctions.ts:48 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Hubspot/V2/GenericFunctions.ts:47 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Hubspot/V2/GenericFunctions.ts:48
				return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #0e341ed7bc55be79 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/HumanticAI/GenericFunctions.ts:41 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/HumanticAI/GenericFunctions.ts:35 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/HumanticAI/GenericFunctions.ts:41
		const response = await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #f89735e2b559afeb User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Hunter/GenericFunctions.ts:36 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Hunter/GenericFunctions.ts:23 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Hunter/GenericFunctions.ts:36
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #e59a0988105047b7 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Jenkins/GenericFunctions.ts:42 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Jenkins/GenericFunctions.ts:32 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Jenkins/GenericFunctions.ts:42
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #d45132e6a02a4874 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/JotForm/GenericFunctions.ts:41 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/JotForm/GenericFunctions.ts:26 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/JotForm/GenericFunctions.ts:41
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #d6577f364344fe5d User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Linear/GenericFunctions.ts:122 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Linear/GenericFunctions.ts:109 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Linear/GenericFunctions.ts:122
	return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #8a5b38d3c491c5a0 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/LingvaNex/GenericFunctions.ts:37 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/LingvaNex/GenericFunctions.ts:26 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/LingvaNex/GenericFunctions.ts:37
		const response = await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #a6a90f06a8ae51f8 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Mandrill/GenericFunctions.ts:37 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Mandrill/GenericFunctions.ts:24 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Mandrill/GenericFunctions.ts:37
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #073b2dc71d493adb User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Marketstack/GenericFunctions.ts:35 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Marketstack/GenericFunctions.ts:24 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Marketstack/GenericFunctions.ts:35
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #c1141f7db7c16c7d User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Odoo/v1/OdooV1.node.ts:266 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Odoo/v1/OdooV1.node.ts:248 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Odoo/v1/OdooV1.node.ts:266
					const result = await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #9097c31e2322fab6 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Onfleet/GenericFunctions.ts:43 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Onfleet/GenericFunctions.ts:33 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Onfleet/GenericFunctions.ts:43
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #28ea8b360782ef7c User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Onfleet/Onfleet.node.ts:146 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Onfleet/Onfleet.node.ts:137 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Onfleet/Onfleet.node.ts:146
					await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #f915194b03c94441 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/PayPal/GenericFunctions.ts:42 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/PayPal/GenericFunctions.ts:25 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/PayPal/GenericFunctions.ts:42
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #87c8c55c3a4bc933 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/PayPal/PayPal.node.ts:117 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/PayPal/PayPal.node.ts:86 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/PayPal/PayPal.node.ts:117
					await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #dc5e34bbfe8a660d User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/PostHog/GenericFunctions.ts:41 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/PostHog/GenericFunctions.ts:24 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/PostHog/GenericFunctions.ts:41
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #e3de2590225e6033 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/QuickBase/GenericFunctions.ts:58 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/QuickBase/GenericFunctions.ts:36 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/QuickBase/GenericFunctions.ts:58
		return await this.helpers?.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #c2146384144dffca User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/SeaTable/v1/GenericFunctions.ts:62 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/SeaTable/v1/GenericFunctions.ts:56 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/SeaTable/v1/GenericFunctions.ts:62
	ctx.base = await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #a034ab07cf7f309a User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/SecurityScorecard/GenericFunctions.ts:74 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/SecurityScorecard/GenericFunctions.ts:51 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/SecurityScorecard/GenericFunctions.ts:74
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #c1df5f927047a466 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/SentryIo/GenericFunctions.ts:68 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/SentryIo/GenericFunctions.ts:65 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/SentryIo/GenericFunctions.ts:68
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #3d6063ccb9668acb User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Stackby/GenericFunction.ts:49 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Stackby/GenericFunction.ts:30 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Stackby/GenericFunction.ts:49
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #13d7f633092a1105 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Strapi/GenericFunctions.ts:85 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Strapi/GenericFunctions.ts:79 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Strapi/GenericFunctions.ts:85
	return await (this.helpers.request(options) as Promise<{ jwt: string }>);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #1fc2b28923eb6bdd User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Strapi/Strapi.node.ts:119 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Strapi/Strapi.node.ts:111 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Strapi/Strapi.node.ts:119
					await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #c30b5bca8614e4c4 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Tapfiliate/GenericFunctions.ts:43 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Tapfiliate/GenericFunctions.ts:26 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Tapfiliate/GenericFunctions.ts:43
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #0a0333d03268acc5 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/UnleashedSoftware/GenericFunctions.ts:53 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/UnleashedSoftware/GenericFunctions.ts:43 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/UnleashedSoftware/GenericFunctions.ts:53
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #855d3014509d8788 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Uplead/GenericFunctions.ts:36 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Uplead/GenericFunctions.ts:24 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Uplead/GenericFunctions.ts:36
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #06b53b0758fee551 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/UptimeRobot/GenericFunctions.ts:33 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/UptimeRobot/GenericFunctions.ts:25 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/UptimeRobot/GenericFunctions.ts:33
		const responseData = await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #0d133ba67dc5ec1d User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Zammad/GenericFunctions.ts:73 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Zammad/GenericFunctions.ts:44 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Zammad/GenericFunctions.ts:73
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #7687ab81cd3f950d User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Zammad/Zammad.node.ts:299 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Zammad/Zammad.node.ts:293 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Zammad/Zammad.node.ts:299
					await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #94c297d32d37a954 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/nodes-base/nodes/Zulip/GenericFunctions.ts:53 · flow /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Zulip/GenericFunctions.ts:33 → /tmp/closeopen-zwski0h_/repo/packages/nodes-base/nodes/Zulip/GenericFunctions.ts:53
		return await this.helpers.request(options);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 33 low-confidence finding(s)
low env_fs production #2181e3061deeb94c Environment-variable access.
repo/packages/nodes-base/credentials/common/aws/system-credentials-sdk.ts:44
const getEnv = (key: string): string | undefined => process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e7e0f60c8224838 Filesystem access.
repo/packages/nodes-base/credentials/common/aws/system-credentials-utils.ts:4
import { readFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d7d337210cbd5b5c Environment-variable access.
repo/packages/nodes-base/credentials/common/aws/system-credentials-utils.ts:28
export const envGetter = (key: string): string | undefined => process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #cec77c564d52ea3f Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/nodes-base/credentials/common/aws/system-credentials-utils.ts:121
			const tokenResponse = await fetch(`${baseUrl}/api/token`, {
				method: 'PUT',
				headers: {
					'X-aws-ec2-metadata-token-ttl-seconds': '21600',
					'User-Agent': 'n8n-aws-credential',
				},
				signal: AbortSignal.timeout(2000),
			});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #7565b4b638c21572 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/nodes-base/credentials/common/aws/system-credentials-utils.ts:138
		const roleResponse = await fetch(`${baseUrl}/meta-data/iam/security-credentials/`, {
			method: 'GET',
			headers,
			signal: AbortSignal.timeout(2000),
		});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #b4199ae684f442b4 Filesystem access.
repo/packages/nodes-base/credentials/common/aws/system-credentials-utils.ts:264
				authToken = (await readFile(authTokenFile, 'utf-8')).trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5d8808bbc5fe3c44 Filesystem access.
repo/packages/nodes-base/credentials/common/aws/system-credentials-utils.ts:328
		const token = (await readFile(webIdentityTokenFile, 'utf8')).trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d1ca1c87990c30bb Environment-variable access.
repo/packages/nodes-base/credentials/common/aws/utils.ts:522
	if (process.env.N8N_AWS_LEGACY_SIGNER === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fd389ade75c07dd4 Filesystem access.
repo/packages/nodes-base/nodes/Airtop/constants.ts:1
import { readFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bfcd100a8e1517dd Environment-variable access.
repo/packages/nodes-base/nodes/Airtop/constants.ts:8
	if (process.env.N8N_VERSION) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d3db651e7a71395b Environment-variable access.
repo/packages/nodes-base/nodes/Airtop/constants.ts:9
		return process.env.N8N_VERSION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4a8368bac0839ec0 Filesystem access.
repo/packages/nodes-base/nodes/Airtop/constants.ts:15
		const n8nPackageJson = jsonParse<n8n.PackageJson>(readFileSync(packageJsonPath, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5285368423a4ee4d Environment-variable access.
repo/packages/nodes-base/nodes/Airtop/constants.ts:25
export const BASE_URL = process.env.AIRTOP_BASE_URL ?? 'https://api.airtop.ai/api/v1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3a68e6e1294b8830 Environment-variable access.
repo/packages/nodes-base/nodes/Airtop/constants.ts:26
export const BASE_URL_V2 = process.env.AIRTOP_BASE_URL_V2 ?? 'https://api.airtop.ai/api/v2';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #83fb35e31478124a Environment-variable access.
repo/packages/nodes-base/nodes/Airtop/constants.ts:28
	process.env.AIRTOP_HOOKS_BASE_URL ?? 'https://api.airtop.ai/api/hooks';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7817de830c5e549e Filesystem access.
repo/packages/nodes-base/nodes/EditImage/EditImage.node.ts:1
import { writeFile as fsWriteFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #883049d43179985b Filesystem access.
repo/packages/nodes-base/nodes/EditImage/EditImage.node.ts:1140
						await fsWriteFile(path, binaryDataBuffer);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1eb615e13c9b8cea Filesystem access.
repo/packages/nodes-base/nodes/ExecuteWorkflow/ExecuteWorkflow/GenericFunctions.test.ts:1
import { readFile as fsReadFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #97136a1077d1e639 Filesystem access.
repo/packages/nodes-base/nodes/ExecuteWorkflow/ExecuteWorkflow/GenericFunctions.ts:1
import { readFile as fsReadFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #37bd603568b757a1 Filesystem access.
repo/packages/nodes-base/nodes/ExecuteWorkflow/ExecuteWorkflow/GenericFunctions.ts:48
		const workflowJson = await fsReadFile(resolvedPath, { encoding: 'utf8' }).catch(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #900af00dc9d5ff52 Filesystem access.
repo/packages/nodes-base/nodes/Form/utils/utils.ts:3
import { rm } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74fc14d2a9e8cd8d Filesystem access.
repo/packages/nodes-base/nodes/Ftp/Ftp.node.ts:3
import { createWriteStream } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f124865f387a5a43 Filesystem access.
repo/packages/nodes-base/nodes/Merge/v3/helpers/sandbox-utils.ts:62
	const alasqlSource = await readFile(alasqlBundlePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee008fb47a110d8f Filesystem access.
repo/packages/nodes-base/nodes/SpreadsheetFile/v1/SpreadsheetFileV1.node.ts:83
						workbook = xlsxReadFile(binaryPath, xlsxOptions);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3bf38b2f6d52745f Filesystem access.
repo/packages/nodes-base/nodes/Ssh/Ssh.node.ts:2
import { writeFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ef798e601a1cb83f Filesystem access.
repo/packages/nodes-base/nodes/Ssh/Ssh.node.ts:448
								await writeFile(binaryFile.path, uploadData);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74fcc22ac202e9d4 Filesystem access.
repo/packages/nodes-base/nodes/Webhook/Webhook.node.ts:2
import { createWriteStream } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #56ed936eab6c9c6e Filesystem access.
repo/packages/nodes-base/nodes/Webhook/Webhook.node.ts:3
import { stat } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d37e83943627e575 Filesystem access.
repo/packages/nodes-base/nodes/Webhook/utils.ts:3
import { rm } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2b7453ae1bb01d6f Filesystem access.
repo/packages/nodes-base/scripts/copy-nodes-json.js:2
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #824395357ca47d74 Filesystem access.
repo/packages/nodes-base/scripts/validate-schema-versions.js:11
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e4565b8cf1ee5a40 Filesystem access.
repo/packages/nodes-base/scripts/validate-schema-versions.js:66
	const content = fs.readFileSync(nodeFilePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #498c5f4e031bf79e Environment-variable access.
repo/packages/nodes-base/vite.config.ts:7
process.env.TZ = 'UTC';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/core

npm first-party
high pii_flow production #cee94324534f3d2f User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/core/src/binary-data/azure-blob.manager.ts:66 · flow /tmp/closeopen-zwski0h_/repo/packages/core/src/binary-data/azure-blob.manager.ts:64 → /tmp/closeopen-zwski0h_/repo/packages/core/src/binary-data/azure-blob.manager.ts:66
		await this.azureBlobService.put(targetFileId, sourceFile, metadata);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #bd7856b5604862cc User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/core/src/binary-data/object-store.manager.ts:80 · flow /tmp/closeopen-zwski0h_/repo/packages/core/src/binary-data/object-store.manager.ts:78 → /tmp/closeopen-zwski0h_/repo/packages/core/src/binary-data/object-store.manager.ts:80
		await this.objectStoreService.put(targetFileId, sourceFile, metadata);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium telemetry test-only #84b4dabda3baacc5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/core/src/errors/__tests__/error-reporter.test.ts:3
import type { ErrorEvent } from '@sentry/core';

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b7f0dfd325ae169f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/core/src/errors/error-reporter.ts:6
import type { ErrorEvent, EventHint } from '@sentry/core';

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #c1b04ea00d344291 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/core/src/errors/error-reporter.ts:7
import type { NodeOptions } from '@sentry/node';

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only #f2139a7332e95d6a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/core/src/observability/tracing/__tests__/sentry-tracing.test.ts:1
import type { StartSpanOptions } from '@sentry/core';

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only #b05d094be320c5f8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/core/src/observability/tracing/__tests__/sentry-tracing.test.ts:2
import type Sentry from '@sentry/node';

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only #c4325a3701ee90f7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/core/src/observability/tracing/__tests__/span-sampling.test.ts:1
import type { SpanJSON, TracesSamplerSamplingContext, TransactionEvent } from '@sentry/core';

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only #6fae74a32192e475 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/core/src/observability/tracing/__tests__/tracing.test.ts:1
import type { StartSpanOptions } from '@sentry/core';

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #32b2305347ddf115 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/core/src/observability/tracing/sentry-tracing.ts:2
import type Sentry from '@sentry/node';

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #11bac99757c1cba2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/core/src/observability/tracing/span-sampling.ts:1
import type { SpanJSON, TracesSamplerSamplingContext, TransactionEvent } from '@sentry/core';

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e2204cda26284ba5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/core/src/observability/tracing/tracing.ts:2
import type {
	StartSpanOptions as SentryStartSpanOptions,
	SpanContextData as SentrySpanContextData,
	SpanAttributes as SentrySpanAttributes,
} from '@sentry/core';

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a1589a50e9716414 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/core/src/observability/tracing/tracing.ts:7
import type Sentry from '@sentry/node';

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 108 low-confidence finding(s)
low env_fs production #736835cf4b44e31a Filesystem access.
repo/packages/core/bin/common.js:13
	await writeFile(filePath, payload, { encoding: 'utf-8' });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e64990d5a04709cb Filesystem access.
repo/packages/core/bin/generate-node-defs:4
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #17191d4a3cf93a70 Filesystem access.
repo/packages/core/bin/generate-node-defs:15
const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3962db6a1921b078 Filesystem access.
repo/packages/core/bin/generate-translations:3
const {
	existsSync,
	promises: { writeFile },
} = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2cea118fe9ea61a2 Filesystem access.
repo/packages/core/bin/generate-translations:6
} = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #78afb1833d56339c Filesystem access.
repo/packages/core/nodes-testing/node-test-harness.ts:64
		return JSON.parse(readFileSync(filePath, 'utf-8')) as IWorkflowBase &

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6b45012bec75d3be Environment-variable access.
repo/packages/core/src/__tests__/storage.config.test.ts:47
		process.env.N8N_EXECUTION_DATA_STORAGE_MODE = 'filesystem';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0b4417c7e404d778 Environment-variable access.
repo/packages/core/src/__tests__/storage.config.test.ts:55
		process.env.N8N_STORAGE_PATH = '/custom/storage/path';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #10ca692383721cd4 Environment-variable access.
repo/packages/core/src/__tests__/storage.config.test.ts:63
		process.env.N8N_STORAGE_PATH = '/path/one';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3ee4d51231cb5fdb Environment-variable access.
repo/packages/core/src/__tests__/storage.config.test.ts:64
		process.env.N8N_BINARY_DATA_STORAGE_PATH = '/path/two';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0413eee475902395 Environment-variable access.
repo/packages/core/src/__tests__/storage.config.test.ts:70
		process.env.N8N_STORAGE_PATH = '/same/path';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b092c1fea39aebde Environment-variable access.
repo/packages/core/src/__tests__/storage.config.test.ts:71
		process.env.N8N_BINARY_DATA_STORAGE_PATH = '/same/path';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d9cf82ea2050f982 Environment-variable access.
repo/packages/core/src/__tests__/storage.config.test.ts:79
		process.env.N8N_EXECUTION_DATA_STORAGE_MODE = 'invalid-mode';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #798692b20294ad1e Environment-variable access.
repo/packages/core/src/__tests__/storage.config.test.ts:106
			process.env.N8N_MIGRATE_FS_STORAGE_PATH = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #100807f196381d75 Environment-variable access.
repo/packages/core/src/__tests__/storage.config.test.ts:131
			process.env.N8N_STORAGE_PATH = '/custom/path';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2c03e1bea10cccd7 Environment-variable access.
repo/packages/core/src/__tests__/storage.config.test.ts:139
			process.env.N8N_BINARY_DATA_STORAGE_PATH = '/custom/path';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5b612b02b6e5f540 Environment-variable access.
repo/packages/core/src/__tests__/storage.config.test.ts:155
			process.env.N8N_MIGRATE_FS_STORAGE_PATH = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bd21eac62c902ba7 Environment-variable access.
repo/packages/core/src/__tests__/storage.config.test.ts:165
			process.env.N8N_MIGRATE_FS_STORAGE_PATH = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #42f9c11e7056a483 Environment-variable access.
repo/packages/core/src/__tests__/storage.config.test.ts:175
			process.env.N8N_MIGRATE_FS_STORAGE_PATH = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #63eed1afdfca97a0 Environment-variable access.
repo/packages/core/src/binary-data/__tests__/binary-data.config.test.ts:40
		process.env.N8N_DEFAULT_BINARY_DATA_MODE = 's3';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #980d0bc0e78cb7f7 Environment-variable access.
repo/packages/core/src/binary-data/__tests__/binary-data.config.test.ts:41
		process.env.N8N_BINARY_DATA_STORAGE_PATH = '/custom/storage/path';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #aa37036118439dae Environment-variable access.
repo/packages/core/src/binary-data/__tests__/binary-data.config.test.ts:42
		process.env.N8N_BINARY_DATA_SIGNING_SECRET = 'super-secret';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e3d9ad19a0e5fc57 Environment-variable access.
repo/packages/core/src/binary-data/__tests__/binary-data.config.test.ts:59
		process.env.N8N_DEFAULT_BINARY_DATA_MODE = 'invalid-mode';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1831b55ba67ae250 Environment-variable access.
repo/packages/core/src/binary-data/__tests__/binary-data.config.test.ts:71
			process.env.N8N_BINARY_DATA_DATABASE_MAX_FILE_SIZE = '1024';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cab1cebe899ae851 Environment-variable access.
repo/packages/core/src/binary-data/__tests__/binary-data.config.test.ts:85
			process.env.N8N_BINARY_DATA_DATABASE_MAX_FILE_SIZE = 'not-a-number';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ac64cc4fcebbad82 Environment-variable access.
repo/packages/core/src/binary-data/__tests__/binary-data.config.test.ts:96
			process.env.N8N_BINARY_DATA_DATABASE_MAX_FILE_SIZE = '2048';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #214274cb7df9ce41 Environment-variable access.
repo/packages/core/src/binary-data/__tests__/binary-data.config.test.ts:118
			delete process.env.N8N_BINARY_DATA_SIGNING_SECRET;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #50e8770a8d3f543e Environment-variable access.
repo/packages/core/src/binary-data/__tests__/binary-data.config.test.ts:122
			process.env.N8N_BINARY_DATA_SIGNING_SECRET = 'env-pinned-secret';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #590f0ac3a1e8ce6d Filesystem access.
repo/packages/core/src/binary-data/azure-blob.manager.ts:64
		const sourceFile = await fs.readFile(sourcePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a1d3762fe288509e Environment-variable access.
repo/packages/core/src/binary-data/binary-data.config.ts:81
		if (process.env.N8N_BINARY_DATA_SIGNING_SECRET) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #99bae92790726893 Filesystem access.
repo/packages/core/src/binary-data/binary-data.service.ts:77
			binaryData.data = await readFile(filePath, { encoding: BINARY_ENCODING });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fa011c9989cae613 Filesystem access.
repo/packages/core/src/binary-data/file-system.manager.ts:37
		await fs.writeFile(filePath, bufferOrStream);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8395904032f9b4d3 Filesystem access.
repo/packages/core/src/binary-data/file-system.manager.ts:67
		return await fs.readFile(filePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eae837e1676dc67a Filesystem access.
repo/packages/core/src/binary-data/file-system.manager.ts:73
		return await jsonParse(await fs.readFile(filePath, { encoding: 'utf-8' }));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ad5a071b8496eafe Filesystem access.
repo/packages/core/src/binary-data/file-system.manager.ts:199
		await fs.writeFile(filePath, JSON.stringify(metadata), { encoding: 'utf-8' });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2b04d4b38872ccc2 Filesystem access.
repo/packages/core/src/binary-data/object-store.manager.ts:78
		const sourceFile = await fs.readFile(sourcePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4485fef98c58f900 Environment-variable access.
repo/packages/core/src/encryption/__tests__/cipher.test.ts:233
			const originalFlag = process.env.N8N_ENV_FEAT_ENCRYPTION_KEY_ROTATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #92e2b5cfc8280906 Environment-variable access.
repo/packages/core/src/encryption/__tests__/cipher.test.ts:234
			process.env.N8N_ENV_FEAT_ENCRYPTION_KEY_ROTATION = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7a81e4e43d82af8b Environment-variable access.
repo/packages/core/src/encryption/__tests__/cipher.test.ts:243
				process.env.N8N_ENV_FEAT_ENCRYPTION_KEY_ROTATION = originalFlag;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7a682e12f8118731 Environment-variable access.
repo/packages/core/src/encryption/__tests__/cipher.test.ts:268
			const originalFlag = process.env.N8N_ENV_FEAT_ENCRYPTION_KEY_ROTATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9d3dcf4173562b2b Environment-variable access.
repo/packages/core/src/encryption/__tests__/cipher.test.ts:269
			process.env.N8N_ENV_FEAT_ENCRYPTION_KEY_ROTATION = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1420418aaff04a6c Environment-variable access.
repo/packages/core/src/encryption/__tests__/cipher.test.ts:274
				process.env.N8N_ENV_FEAT_ENCRYPTION_KEY_ROTATION = originalFlag;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #face7bac18cf8e90 Environment-variable access.
repo/packages/core/src/encryption/__tests__/cipher.test.ts:300
			const originalFlag = process.env.N8N_ENV_FEAT_ENCRYPTION_KEY_ROTATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e468b0797a598af8 Environment-variable access.
repo/packages/core/src/encryption/__tests__/cipher.test.ts:301
			process.env.N8N_ENV_FEAT_ENCRYPTION_KEY_ROTATION = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b9f8f02d4d751d37 Environment-variable access.
repo/packages/core/src/encryption/__tests__/cipher.test.ts:306
				process.env.N8N_ENV_FEAT_ENCRYPTION_KEY_ROTATION = originalFlag;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9316c778c25f818b Environment-variable access.
repo/packages/core/src/encryption/__tests__/cipher.test.ts:326
			const originalFlag = process.env.N8N_ENV_FEAT_ENCRYPTION_KEY_ROTATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #26ee263a7c7583db Environment-variable access.
repo/packages/core/src/encryption/__tests__/cipher.test.ts:327
			process.env.N8N_ENV_FEAT_ENCRYPTION_KEY_ROTATION = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #41cbe1c6f245657e Environment-variable access.
repo/packages/core/src/encryption/__tests__/cipher.test.ts:334
				process.env.N8N_ENV_FEAT_ENCRYPTION_KEY_ROTATION = originalFlag;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #233ec5ecec2eb0ba Environment-variable access.
repo/packages/core/src/encryption/cipher.ts:38
			process.env.N8N_ENV_FEAT_ENCRYPTION_KEY_ROTATION === 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #21243688f3581f2b Environment-variable access.
repo/packages/core/src/encryption/cipher.ts:58
			process.env.N8N_ENV_FEAT_ENCRYPTION_KEY_ROTATION === 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0f6d69f5654dcd1b Environment-variable access.
repo/packages/core/src/execution-engine/__tests__/ssh-clients-manager.test.ts:251
		process.env.N8N_SSH_TUNNEL_IDLE_TIMEOUT = '5';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #99c5381baa302d14 Environment-variable access.
repo/packages/core/src/execution-engine/__tests__/ssh-clients-manager.test.ts:264
			process.env.N8N_SSH_TUNNEL_IDLE_TIMEOUT = value;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #15b10f887e6fbf4f Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/execute-context.ts:222
		if (process.env.CODE_ENABLE_STDOUT === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7b9f74deeabd6129 Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/supply-data-context.ts:431
		if (process.env.CODE_ENABLE_STDOUT === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #38ab9faa7bb11a05 Filesystem access.
repo/packages/core/src/execution-engine/node-execution-context/utils/__tests__/binary-helper-functions.test.ts:3
import { mkdtempSync, readFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #84a5ed742f94c3d4 Filesystem access.
repo/packages/core/src/execution-engine/node-execution-context/utils/__tests__/binary-helper-functions.test.ts:128
			readFileSync(
				`${temporaryDir}/${setBinaryDataBufferResponse.id?.replace('filesystem-v2:', '')}`,
			),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #db29276add8bd599 Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/utils/__tests__/file-system-helper-functions.test.ts:61
		process.env[BLOCK_FILE_ACCESS_TO_N8N_FILES] = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #926ef689d3c7f774 Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/utils/__tests__/file-system-helper-functions.test.ts:99
		process.env[BLOCK_FILE_ACCESS_TO_N8N_FILES] = 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fd2e4a0e1eaef625 Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/utils/__tests__/file-system-helper-functions.test.ts:117
		process.env[CONFIG_FILES] = '/path/to/config1,/path/to/config2';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a7870148f8c75740 Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/utils/__tests__/file-system-helper-functions.test.ts:123
		process.env[CUSTOM_EXTENSION_ENV] = '/path/to/extensions1;/path/to/extensions2';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9139d6faa5643d83 Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/utils/__tests__/file-system-helper-functions.test.ts:129
		process.env[BINARY_DATA_STORAGE_PATH] = '/path/to/binary/storage';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #291b623105eab98b Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/utils/__tests__/file-system-helper-functions.test.ts:135
		process.env[UM_EMAIL_TEMPLATES_INVITE] = '/path/to/invite/templates';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #de10fa5b6426b375 Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/utils/__tests__/file-system-helper-functions.test.ts:136
		process.env[UM_EMAIL_TEMPLATES_PWRESET] = '/path/to/pwreset/templates';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #089576df3029daf2 Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/utils/__tests__/file-system-helper-functions.test.ts:147
		const userHome = process.env.N8N_USER_FOLDER ?? process.env[homeVarName] ?? process.cwd();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f6f44e2a4ecf6165 Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/utils/__tests__/file-system-helper-functions.test.ts:150
		process.env[BLOCK_FILE_ACCESS_TO_N8N_FILES] = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #970ff14ccd83a9c6 Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/utils/__tests__/file-system-helper-functions.test.ts:157
		const userHome = process.env.N8N_USER_FOLDER ?? process.env[homeVarName] ?? process.cwd();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5f9c393ab25a1e90 Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/utils/__tests__/file-system-helper-functions.test.ts:160
		process.env[BLOCK_FILE_ACCESS_TO_N8N_FILES] = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6da019457a83a00c Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/utils/__tests__/file-system-helper-functions.test.ts:167
		const userHome = process.env.N8N_USER_FOLDER ?? process.env[homeVarName] ?? process.cwd();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #94753606cb4f8f23 Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/utils/__tests__/file-system-helper-functions.test.ts:170
		process.env[BLOCK_FILE_ACCESS_TO_N8N_FILES] = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8782f018e4acc776 Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/utils/__tests__/file-system-helper-functions.test.ts:389
			process.env[BLOCK_FILE_ACCESS_TO_N8N_FILES] = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1a0dc86a3ddbb224 Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/utils/file-system-helper-functions.ts:122
	const blockFileAccessToN8nFiles = process.env[BLOCK_FILE_ACCESS_TO_N8N_FILES] !== 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c1530fa15ee9102b Filesystem access.
repo/packages/core/src/execution-engine/node-execution-context/utils/file-system-helper-functions.ts:423
				await fileHandle.writeFile(content, { encoding: 'binary' });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #21f8775e236fbb6a Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/utils/file-system-helper-functions.ts:458
	if (process.env[CONFIG_FILES]) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #564357c22842142e Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/utils/file-system-helper-functions.ts:459
		restrictedPaths.push(...process.env[CONFIG_FILES].split(','));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #17f58096aa8829cb Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/utils/file-system-helper-functions.ts:462
	if (process.env[CUSTOM_EXTENSION_ENV]) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #239f5479d4cf5a76 Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/utils/file-system-helper-functions.ts:463
		const customExtensionFolders = process.env[CUSTOM_EXTENSION_ENV].split(';');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e9a8c0bde407e525 Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/utils/file-system-helper-functions.ts:467
	if (process.env[BINARY_DATA_STORAGE_PATH]) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ec36591157e7b614 Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/utils/file-system-helper-functions.ts:468
		restrictedPaths.push(process.env[BINARY_DATA_STORAGE_PATH]);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e9fe78a41f770c4 Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/utils/file-system-helper-functions.ts:471
	if (process.env[UM_EMAIL_TEMPLATES_INVITE]) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b4f4623660d5c89f Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/utils/file-system-helper-functions.ts:472
		restrictedPaths.push(process.env[UM_EMAIL_TEMPLATES_INVITE]);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ab9925cc8a3fe843 Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/utils/file-system-helper-functions.ts:475
	if (process.env[UM_EMAIL_TEMPLATES_PWRESET]) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b679baafa89d4504 Environment-variable access.
repo/packages/core/src/execution-engine/node-execution-context/utils/file-system-helper-functions.ts:476
		restrictedPaths.push(process.env[UM_EMAIL_TEMPLATES_PWRESET]);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #161c7698a7d004de Environment-variable access.
repo/packages/core/src/instance-settings/__tests__/instance-settings.test.ts:91
			process.env.N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS = 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #36caa37a5fa6497f Environment-variable access.
repo/packages/core/src/instance-settings/__tests__/instance-settings.test.ts:101
			process.env.N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e6cd466800cf021b Environment-variable access.
repo/packages/core/src/instance-settings/__tests__/instance-settings.test.ts:137
			process.env.N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS = 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bb47c83f54a8baf1 Environment-variable access.
repo/packages/core/src/instance-settings/__tests__/instance-settings.test.ts:155
			process.env.N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ebfc32c31bcee3e2 Environment-variable access.
repo/packages/core/src/instance-settings/__tests__/instance-settings.test.ts:247
				process.env.N8N_INSTANCE_ID = 'env-pinned-id';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #810c30c359e1be94 Environment-variable access.
repo/packages/core/src/instance-settings/__tests__/instance-settings.test.ts:302
				process.env.N8N_HMAC_SIGNATURE_SECRET = 'env-pinned-hmac';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #78e53e438bf71bcd Environment-variable access.
repo/packages/core/src/instance-settings/instance-settings.ts:101
			process.env.N8N_INSTANCE_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6e7b0af7145e3ae8 Environment-variable access.
repo/packages/core/src/instance-settings/instance-settings.ts:110
			process.env.N8N_HMAC_SIGNATURE_SECRET,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fb4fc244d78b1f73 Filesystem access.
repo/packages/core/src/instance-settings/instance-settings.ts:232
			const cgroupV1 = readFileSync('/proc/self/cgroup', 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c11693642232a0df Filesystem access.
repo/packages/core/src/instance-settings/instance-settings.ts:241
			const cgroupV2 = readFileSync('/proc/self/mountinfo', 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f45aa3a897d97dcb Filesystem access.
repo/packages/core/src/instance-settings/instance-settings.ts:263
			const content = readFileSync(this.settingsFile, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1dccb66a2fb51f70 Environment-variable access.
repo/packages/core/src/instance-settings/instance-settings.ts:315
		const hmacSignatureSecretFromEnv = process.env.N8N_HMAC_SIGNATURE_SECRET;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e2eaf98e9db8facf Filesystem access.
repo/packages/core/src/instance-settings/instance-settings.ts:324
		writeFileSync(this.settingsFile, JSON.stringify(this.settings, null, '\t'), {
			mode: this.enforceSettingsFilePermissions.enforce ? 0o600 : undefined,
			encoding: 'utf-8',
		});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #46230b573b26d2e0 Environment-variable access.
repo/packages/core/src/instance-settings/instance-settings.ts:335
		const isEnvVarSet = !!process.env.N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bb0d1ab4cb6a5ca8 Filesystem access.
repo/packages/core/src/nodes-loader/__tests__/custom-directory-loader.hot-reload.test.ts:40
		fs.writeFileSync(file, nodeSource(version));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2b1acdd36a411db5 Filesystem access.
repo/packages/core/src/nodes-loader/__tests__/custom-directory-loader.hot-reload.test.ts:75
		fs.writeFileSync(nodeFile, nodeSource(2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7e5eaec82962e318 Filesystem access.
repo/packages/core/src/nodes-loader/__tests__/custom-directory-loader.hot-reload.test.ts:99
		fs.writeFileSync(nodeFile, nodeSource(2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7fb447df5d5a4f8a Filesystem access.
repo/packages/core/src/nodes-loader/__tests__/custom-directory-loader.hot-reload.test.ts:116
		fs.writeFileSync(nodeFile, nodeSource(2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bca044b4c7b29d48 Filesystem access.
repo/packages/core/src/nodes-loader/__tests__/scan-directory-for-packages.fs.test.ts:30
		writeFileSync(path.join(dir, 'package.json'), JSON.stringify({ name, version: '1.0.0' }));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e3a89af37f4ac9a4 Filesystem access.
repo/packages/core/src/nodes-loader/package-directory-loader.ts:96
		const fileString = readFileSync(filePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eb41b327c8810886 Filesystem access.
repo/packages/core/src/nodes-loader/package-directory-loader.ts:102
		const fileString = await readFile(filePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1eb1b90c79945d28 Environment-variable access.
repo/packages/core/src/storage.config.ts:41
		const storagePath = process.env.N8N_STORAGE_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c6da777775cc6137 Environment-variable access.
repo/packages/core/src/storage.config.ts:42
		const binaryDataStoragePath = process.env.N8N_BINARY_DATA_STORAGE_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #86141289b9b9248e Environment-variable access.
repo/packages/core/src/storage.config.ts:70
		if (process.env.N8N_STORAGE_PATH) return;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f68a766dab96b0bb Environment-variable access.
repo/packages/core/src/storage.config.ts:71
		if (process.env.N8N_BINARY_DATA_STORAGE_PATH) return;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f243de2896bef2c2 Environment-variable access.
repo/packages/core/src/storage.config.ts:78
		const shouldMigrate = process.env.N8N_MIGRATE_FS_STORAGE_PATH === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/testing/playwright

npm first-party
high pii_flow production #6e3f7f7957e6a97a User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/testing/playwright/reporters/metrics-reporter.ts:75 · flow /tmp/closeopen-zwski0h_/repo/packages/testing/playwright/reporters/metrics-reporter.ts:40 → /tmp/closeopen-zwski0h_/repo/packages/testing/playwright/reporters/metrics-reporter.ts:75
					const response = await fetch(webhookUrl, {
						method: 'POST',
						headers: {
							'Content-Type': 'application/json',
							Authorization: `Basic ${auth}`,
						},
						body: JSON.stringify(payload),
						signal: AbortSignal.timeout(30000),
					});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #554b3d2baf8a3f7b User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/testing/playwright/scripts/coverage-analysis.mjs:146 · flow /tmp/closeopen-zwski0h_/repo/packages/testing/playwright/scripts/coverage-analysis.mjs:87 → /tmp/closeopen-zwski0h_/repo/packages/testing/playwright/scripts/coverage-analysis.mjs:146
			res = await fetch(url, { headers });

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #c674b3c915493190 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/testing/playwright/scripts/import-victoria-data.mjs:46 · flow /tmp/closeopen-zwski0h_/repo/packages/testing/playwright/scripts/import-victoria-data.mjs:49 → /tmp/closeopen-zwski0h_/repo/packages/testing/playwright/scripts/import-victoria-data.mjs:46
	const res = await fetch(`http://localhost:${VM_PORT}/api/v1/import`, {
		method: 'POST',
		headers: { 'Content-Type': 'application/json' },
		body: readFileSync(metricsFile),
	});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #6d35f1009481aecc User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/testing/playwright/scripts/import-victoria-data.mjs:56 · flow /tmp/closeopen-zwski0h_/repo/packages/testing/playwright/scripts/import-victoria-data.mjs:59 → /tmp/closeopen-zwski0h_/repo/packages/testing/playwright/scripts/import-victoria-data.mjs:56
	const res = await fetch(`http://localhost:${VL_PORT}/insert/jsonline`, {
		method: 'POST',
		headers: { 'Content-Type': 'application/json' },
		body: readFileSync(logsFile),
	});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #95f436ecd239621a User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/testing/playwright/services/api-helper.ts:660 · flow /tmp/closeopen-zwski0h_/repo/packages/testing/playwright/services/api-helper.ts:662 → /tmp/closeopen-zwski0h_/repo/packages/testing/playwright/services/api-helper.ts:660
		const response = await this.request.post('/rest/login', {
			data: {
				emailOrLdapLoginId: credentials.email,
				password: credentials.password,
			},
			maxRetries: 3,
		});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #aacc905404ff2bc5 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/testing/playwright/services/mcp-oauth-api-helper.ts:223 · flow /tmp/closeopen-zwski0h_/repo/packages/testing/playwright/services/mcp-oauth-api-helper.ts:225 → /tmp/closeopen-zwski0h_/repo/packages/testing/playwright/services/mcp-oauth-api-helper.ts:223
		return await this.api.request.post(`${params.basePath ?? DEFAULT_ENDPOINT_BASE_PATH}/revoke`, {
			form: {
				token: params.token,
				client_id: params.clientId,
				...(params.tokenTypeHint && { token_type_hint: params.tokenTypeHint }),
			},
		});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #db4c4e34cd165ebc User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/testing/playwright/services/public-api-helper.ts:182 · flow /tmp/closeopen-zwski0h_/repo/packages/testing/playwright/services/public-api-helper.ts:164 → /tmp/closeopen-zwski0h_/repo/packages/testing/playwright/services/public-api-helper.ts:182
			const acceptResponse = await isolatedContext.post('/rest/invitations/accept', {
				data: { token, firstName, lastName, password },
			});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #9d41ebc7549df0fd User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/testing/playwright/services/user-api-helper.ts:39 · flow /tmp/closeopen-zwski0h_/repo/packages/testing/playwright/services/user-api-helper.ts:31 → /tmp/closeopen-zwski0h_/repo/packages/testing/playwright/services/user-api-helper.ts:39
		const inviteResponse = await this.api.request.post('/rest/invitations', {
			data: [{ email: user.email, role: user.role }],
		});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #2a5fbb3ecc9010b8 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/testing/playwright/services/user-api-helper.ts:55 · flow /tmp/closeopen-zwski0h_/repo/packages/testing/playwright/services/user-api-helper.ts:31 → /tmp/closeopen-zwski0h_/repo/packages/testing/playwright/services/user-api-helper.ts:55
		const acceptResponse = await this.api.request.post('/rest/invitations/accept', {
			data: {
				token,
				firstName: user.firstName,
				lastName: user.lastName,
				password: user.password,
			},
		});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 142 low-confidence finding(s)
low env_fs production #8b9ed1081bd481f4 Environment-variable access.
repo/packages/testing/playwright/coverage-options.ts:13
export const COVERAGE_ENABLED = process.env.COVERAGE_ENABLED === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9fcb5cbe1a74936b Environment-variable access.
repo/packages/testing/playwright/currents.config.ts:4
	recordKey: process.env.CURRENTS_RECORD_KEY ?? '',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #da328b48e5a1351f Environment-variable access.
repo/packages/testing/playwright/currents.config.ts:5
	projectId: process.env.CURRENTS_PROJECT_ID ?? 'nHHLA5',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7e4a5dc87db2bb31 Filesystem access.
repo/packages/testing/playwright/fixtures/backend-v8-coverage.ts:84
					writeFileSync(
						join(specDir, `raw-${slugify(testInfo.testId)}.json`),
						JSON.stringify({ result }),
					);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cdbe7fb7daf77454 Filesystem access.
repo/packages/testing/playwright/fixtures/backend-v8-coverage.ts:88
					writeFileSync(join(specDir, '.spec'), spec);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d441fd7b0b988d52 Environment-variable access.
repo/packages/testing/playwright/fixtures/base.ts:64
	const raw = process.env.N8N_TEST_ENV;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a879922ccdffcbed Environment-variable access.
repo/packages/testing/playwright/fixtures/base.ts:124
				...(process.env.N8N_COVERAGE_DIR ? { coverageHostDir: process.env.N8N_COVERAGE_DIR } : {}),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #121e3ca3ecf6c304 Environment-variable access.
repo/packages/testing/playwright/fixtures/base.ts:144
			if (process.env.N8N_CONTAINERS_KEEPALIVE === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2939996873d9c300 Environment-variable access.
repo/packages/testing/playwright/fixtures/base.ts:156
			const envBaseURL = process.env.N8N_BASE_URL ?? n8nContainer?.baseUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ea72ed87c4544338 Environment-variable access.
repo/packages/testing/playwright/fixtures/langsmith.ts:20
			const client = process.env.LANGSMITH_API_KEY ? new Client() : undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a89d49348315f945 Environment-variable access.
repo/packages/testing/playwright/fixtures/langsmith.ts:46
				project_name: process.env.LANGSMITH_PROJECT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #41ae725c96d46d56 Environment-variable access.
repo/packages/testing/playwright/fixtures/observability.ts:31
	if (process.env.CONTAINER_TELEMETRY_VERBOSE === '1') return true;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #1e6028115cb6d52f Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/testing/playwright/fixtures/quarantine.ts:12
		const res = await fetch(QUARANTINE_WEBHOOK_URL, { signal: controller.signal });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #cbfde3c46888492d Environment-variable access.
repo/packages/testing/playwright/fixtures/quarantine.ts:69
			if (process.env.CURRENTS_RECORD_KEY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9ff0fde3357a8966 Environment-variable access.
repo/packages/testing/playwright/fixtures/quarantine.ts:80
			if (process.env.CURRENTS_RECORD_KEY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5f64d33be17c1425 Filesystem access.
repo/packages/testing/playwright/fixtures/v8-coverage.ts:86
			writeFileSync(join(specDir, '.spec'), spec);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e11f0c61809bc7c5 Environment-variable access.
repo/packages/testing/playwright/global-setup.ts:16
	const resetE2eDb = process.env.RESET_E2E_DB;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #645033c12d621364 Environment-variable access.
repo/packages/testing/playwright/playwright-projects.ts:30
const ALLOW_CONTAINER_ONLY = process.env.PLAYWRIGHT_ALLOW_CONTAINER_ONLY === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #642820c44fad33f5 Environment-variable access.
repo/packages/testing/playwright/playwright-projects.ts:176
				N8N_INSTANCE_AI_MODEL: process.env.N8N_INSTANCE_AI_MODEL ?? 'openai/gpt-4o-mini',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #22f37fc4ac61aedc Environment-variable access.
repo/packages/testing/playwright/playwright-projects.ts:178
				...(process.env.N8N_AI_OPENAI_API_KEY && {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c7778a3e673264f8 Environment-variable access.
repo/packages/testing/playwright/playwright-projects.ts:179
					N8N_AI_OPENAI_API_KEY: process.env.N8N_AI_OPENAI_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e0c563c522834563 Environment-variable access.
repo/packages/testing/playwright/playwright-projects.ts:180
					OPENAI_API_KEY: process.env.N8N_AI_OPENAI_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #949e5d0410a22d22 Environment-variable access.
repo/packages/testing/playwright/playwright-projects.ts:182
				...(process.env.LANGSMITH_API_KEY && {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #17c0f22f3b97e6bb Environment-variable access.
repo/packages/testing/playwright/playwright-projects.ts:183
					LANGSMITH_API_KEY: process.env.LANGSMITH_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #00d17aefc4cf4728 Environment-variable access.
repo/packages/testing/playwright/playwright-projects.ts:185
				...(process.env.ANTHROPIC_API_KEY && {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #108eea3bfd41a712 Environment-variable access.
repo/packages/testing/playwright/playwright-projects.ts:186
					ANTHROPIC_API_KEY: process.env.ANTHROPIC_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1f07de0c6d39669c Environment-variable access.
repo/packages/testing/playwright/playwright-projects.ts:188
				...(process.env.OPENROUTER_API_KEY && {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c3b33a4025ac2fcb Environment-variable access.
repo/packages/testing/playwright/playwright-projects.ts:189
					OPENROUTER_API_KEY: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fa97625117b9b84d Environment-variable access.
repo/packages/testing/playwright/playwright-projects.ts:191
				...(process.env.CEREBRAS_API_KEY && {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ceb256427c34d6aa Environment-variable access.
repo/packages/testing/playwright/playwright-projects.ts:192
					CEREBRAS_API_KEY: process.env.CEREBRAS_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b5f569dfb97ce9a0 Environment-variable access.
repo/packages/testing/playwright/playwright-projects.ts:195
				...(process.env.N8N_INSTANCE_AI_SANDBOX_ENABLED && {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4a2507ffcd76b662 Environment-variable access.
repo/packages/testing/playwright/playwright-projects.ts:196
					N8N_INSTANCE_AI_SANDBOX_ENABLED: process.env.N8N_INSTANCE_AI_SANDBOX_ENABLED,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #da6f19966ee9f148 Environment-variable access.
repo/packages/testing/playwright/playwright-projects.ts:198
						process.env.N8N_INSTANCE_AI_SANDBOX_PROVIDER ?? 'daytona',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #12c6339d182458a3 Environment-variable access.
repo/packages/testing/playwright/playwright-projects.ts:199
					N8N_INSTANCE_AI_SANDBOX_IMAGE: process.env.N8N_INSTANCE_AI_SANDBOX_IMAGE ?? '',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #53e8b9b5aab3628f Environment-variable access.
repo/packages/testing/playwright/playwright-projects.ts:201
				...(process.env.DAYTONA_API_URL && {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb7f8a011eea69a5 Environment-variable access.
repo/packages/testing/playwright/playwright-projects.ts:202
					DAYTONA_API_URL: process.env.DAYTONA_API_URL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2996854de4c931d7 Environment-variable access.
repo/packages/testing/playwright/playwright-projects.ts:204
				...(process.env.DAYTONA_API_KEY && {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #258d78d70d22d048 Environment-variable access.
repo/packages/testing/playwright/playwright-projects.ts:205
					DAYTONA_API_KEY: process.env.DAYTONA_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a5c1cfc39a891e47 Environment-variable access.
repo/packages/testing/playwright/playwright.config.ts:13
const IS_CI = !!process.env.CI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #af8797cec02d7e5f Environment-variable access.
repo/packages/testing/playwright/playwright.config.ts:14
const IS_DEV = !!process.env.N8N_EDITOR_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aae3fd163a5bfb66 Environment-variable access.
repo/packages/testing/playwright/playwright.config.ts:22
	const testEnv = process.env.N8N_TEST_ENV;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e80c6008c0b42c2a Environment-variable access.
repo/packages/testing/playwright/playwright.config.ts:52
const SKIP_WEB_SERVER = process.env.PLAYWRIGHT_SKIP_WEBSERVER === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4950de4c234466c7 Environment-variable access.
repo/packages/testing/playwright/playwright.config.ts:109
		headless: process.env.SHOW_BROWSER !== 'true',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #41bbdf530a4e00de Environment-variable access.
repo/packages/testing/playwright/playwright.config.ts:113
		currentsFixturesEnabled: !!process.env.CI,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #00e3154df0606b14 Environment-variable access.
repo/packages/testing/playwright/playwright.config.ts:119
				['junit', { outputFile: process.env.PLAYWRIGHT_JUNIT_OUTPUT_NAME ?? 'results.xml' }],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #592d7215a3de615e Environment-variable access.
repo/packages/testing/playwright/playwright.config.ts:122
				...(process.env.CURRENTS_RECORD_KEY ? [currentsReporter(currentsConfig)] : []),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #54a06f0bff509e22 Environment-variable access.
repo/packages/testing/playwright/playwright.config.ts:125
				...(process.env.LANGSMITH_API_KEY ? ([['./reporters/langsmith-eval.ts']] as const) : []),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6ae5723fc70974dc Environment-variable access.
repo/packages/testing/playwright/playwright.config.ts:132
				...(process.env.LANGSMITH_API_KEY ? ([['./reporters/langsmith-eval.ts']] as const) : []),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e2505c97ea2d9275 Filesystem access.
repo/packages/testing/playwright/reporters/benchmark-summary-reporter.ts:2
import { appendFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #80a87981d48d2727 Environment-variable access.
repo/packages/testing/playwright/reporters/benchmark-summary-reporter.ts:242
		const summaryPath = process.env.GITHUB_STEP_SUMMARY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d1a79be4fbe1bd47 Environment-variable access.
repo/packages/testing/playwright/reporters/langsmith-eval.ts:23
		if (process.env.LANGSMITH_API_KEY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ba85c564e6b2f2b2 Environment-variable access.
repo/packages/testing/playwright/reporters/langsmith-eval.ts:26
		const project = process.env.LANGSMITH_PROJECT ?? 'unset';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2aa12da0ddb47896 Environment-variable access.
repo/packages/testing/playwright/reporters/metrics-reporter.ts:40
		this.webhookUrl = options.webhookUrl ?? process.env.QA_METRICS_WEBHOOK_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0627eb01f6ec816 Environment-variable access.
repo/packages/testing/playwright/reporters/metrics-reporter.ts:41
		this.webhookUser = options.webhookUser ?? process.env.QA_METRICS_WEBHOOK_USER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #389194fb8f924863 Environment-variable access.
repo/packages/testing/playwright/reporters/metrics-reporter.ts:42
		this.webhookPassword = options.webhookPassword ?? process.env.QA_METRICS_WEBHOOK_PASSWORD;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d0b78fdf50553ea2 Environment-variable access.
repo/packages/testing/playwright/reporters/metrics-reporter.ts:133
		const ref = process.env.GITHUB_REF ?? '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d83d77a3e414a785 Environment-variable access.
repo/packages/testing/playwright/reporters/metrics-reporter.ts:135
		const runId = process.env.GITHUB_RUN_ID ?? null;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8672f29f2557fddb Environment-variable access.
repo/packages/testing/playwright/reporters/metrics-reporter.ts:140
				sha: (process.env.GITHUB_SHA ?? this.gitFallback('rev-parse HEAD'))?.slice(0, 8) ?? null,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #47d29b3dc68144f4 Environment-variable access.
repo/packages/testing/playwright/reporters/metrics-reporter.ts:142
					process.env.GITHUB_HEAD_REF ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #090048b75373b2a6 Environment-variable access.
repo/packages/testing/playwright/reporters/metrics-reporter.ts:143
					process.env.GITHUB_REF_NAME ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a37f8206349a8e23 Environment-variable access.
repo/packages/testing/playwright/reporters/metrics-reporter.ts:150
					runId && process.env.GITHUB_REPOSITORY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #34d0a5af4ddfb644 Environment-variable access.
repo/packages/testing/playwright/reporters/metrics-reporter.ts:151
						? `https://github.com/${process.env.GITHUB_REPOSITORY}/actions/runs/${runId}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8635a0a68cd07c46 Environment-variable access.
repo/packages/testing/playwright/reporters/metrics-reporter.ts:153
				workflow: process.env.GITHUB_WORKFLOW ?? null,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74b3ce34dfff7a3c Environment-variable access.
repo/packages/testing/playwright/reporters/metrics-reporter.ts:154
				job: process.env.GITHUB_JOB ?? null,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fba2072347f010a7 Environment-variable access.
repo/packages/testing/playwright/reporters/metrics-reporter.ts:155
				attempt: process.env.GITHUB_RUN_ATTEMPT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1263600421fb306d Environment-variable access.
repo/packages/testing/playwright/reporters/metrics-reporter.ts:156
					? parseInt(process.env.GITHUB_RUN_ATTEMPT, 10)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7dd9fdd392d091ad Environment-variable access.
repo/packages/testing/playwright/reporters/metrics-reporter.ts:160
				provider: !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6daebd5f86ea0f6e Environment-variable access.
repo/packages/testing/playwright/reporters/metrics-reporter.ts:162
					: process.env.RUNNER_ENVIRONMENT === 'github-hosted'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ef435a88bb5cb069 Filesystem access.
repo/packages/testing/playwright/scripts/aggregate-coverage.mjs:96
		writeFileSync(path.join(dir, `${label}-${i}.lcov`), transform(readFileSync(file, 'utf8'))),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #60851f2e09a4bdbf Filesystem access.
repo/packages/testing/playwright/scripts/ast-viewer.ts:11
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e4d3b6fa600ae0c4 Environment-variable access.
repo/packages/testing/playwright/scripts/backend-coverage-resolver.ts:23
const IMAGE_DIST_ROOT = process.env.IMAGE_DIST_ROOT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #af1b10b1274ee528 Environment-variable access.
repo/packages/testing/playwright/scripts/backend-coverage-resolver.ts:24
const IMAGE_ROOT_PREFIX = process.env.IMAGE_ROOT_PREFIX ?? '/usr/local/lib/node_modules/n8n';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fe4629de8d06b52b Filesystem access.
repo/packages/testing/playwright/scripts/backend-coverage-resolver.ts:40
				const name = JSON.parse(readFileSync(pkgJson, 'utf8')).name as string;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7b3fd08ba0bf330b Filesystem access.
repo/packages/testing/playwright/scripts/backend-coverage-resolver.ts:113
				source = readFileSync(r.bytesFile, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fb0b7082c2519e69 Filesystem access.
repo/packages/testing/playwright/scripts/backend-coverage-resolver.ts:119
				const map = JSON.parse(readFileSync(`${r.bytesFile}.map`, 'utf8')) as {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8ef539d43ce93e2e Filesystem access.
repo/packages/testing/playwright/scripts/build-test-image.mjs:4
import { writeFileSync, existsSync, mkdirSync, copyFileSync, rmSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fe1beefa45e2aed4 Filesystem access.
repo/packages/testing/playwright/scripts/build-test-image.mjs:51
		writeFileSync(
			dockerfilePath,
			`FROM ${targetImage}
COPY e2e.controller.js /usr/local/lib/node_modules/n8n/dist/controllers/e2e.controller.js
`,
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #afe6c6de3160a1bb Filesystem access.
repo/packages/testing/playwright/scripts/canvas-perf-sentinels.mjs:82
		return readFileSync(attachment.path, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f4f8494ca27fa2d Environment-variable access.
repo/packages/testing/playwright/scripts/canvas-perf-sentinels.mjs:150
	const summaryPath = process.env.GITHUB_STEP_SUMMARY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7f945cb258bfe151 Filesystem access.
repo/packages/testing/playwright/scripts/canvas-perf-sentinels.mjs:161
	const raw = readFileSync(path, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #77f38c25c217e1ed Environment-variable access.
repo/packages/testing/playwright/scripts/coverage-analysis.mjs:87
const TOKEN = process.env.CODECOV_API_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee433a93db31adaf Filesystem access.
repo/packages/testing/playwright/scripts/coverage-pipeline.test.ts:39
		writeFileSync(join(sibling, 'specA', '.spec'), 'tests/e2e/x.spec.ts');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bf4f7ca5d440f7e8 Filesystem access.
repo/packages/testing/playwright/scripts/distribute-tests.mjs:232
	writeFileSync(allowPath, [...union].join('\n'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f6b0054489308a67 Environment-variable access.
repo/packages/testing/playwright/scripts/emit-shard-coverage.ts:32
const IMAGE_DIST_ROOT = process.env.IMAGE_DIST_ROOT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #093ffa3d6823e79c Environment-variable access.
repo/packages/testing/playwright/scripts/emit-shard-coverage.ts:37
	const dir = process.env.N8N_COVERAGE_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3f3a40206b5b28fb Filesystem access.
repo/packages/testing/playwright/scripts/emit-shard-coverage.ts:44
			parsed = JSON.parse(readFileSync(file, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fb599f933287c745 Filesystem access.
repo/packages/testing/playwright/scripts/emit-shard-coverage.ts:64
			JSON.parse(readFileSync(file, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b4cc315374fb35e8 Filesystem access.
repo/packages/testing/playwright/scripts/emit-spec-backend-lcovs.ts:47
					parsed = JSON.parse(readFileSync(join(dir, rf), 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fc52700f17412575 Filesystem access.
repo/packages/testing/playwright/scripts/fetch-currents-metrics.mjs:12
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7f196d63c8e5d6f4 Environment-variable access.
repo/packages/testing/playwright/scripts/fetch-currents-metrics.mjs:86
	const apiKey = process.env.CURRENTS_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #10f304fe960206cd Filesystem access.
repo/packages/testing/playwright/scripts/fetch-currents-metrics.mjs:130
	fs.writeFileSync(OUTPUT_PATH, JSON.stringify(output, null, 2) + '\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee88e10de0bd3cdb Filesystem access.
repo/packages/testing/playwright/scripts/impact-map.mjs:98
const map = buildMap(parseLcov(readFileSync(lcovPath, 'utf8')), specId);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f54d13a77636b5b2 Filesystem access.
repo/packages/testing/playwright/scripts/impact-map.mjs:99
const diff = parseDiff(readFileSync(diffPath, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #35e95eddbc0ee369 Filesystem access.
repo/packages/testing/playwright/scripts/import-jaeger-traces.mjs:44
const raw = JSON.parse(readFileSync(tracesFile, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb3f5b9052d81df7 Filesystem access.
repo/packages/testing/playwright/scripts/import-jaeger-traces.mjs:52
writeFileSync(
	wrappedFile,
	JSON.stringify({
		data: traces,
		total: traces.length,
		limit: traces.length,
		offset: 0,
		errors: null,
	}),
);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9878c30950a3f090 Filesystem access.
repo/packages/testing/playwright/scripts/import-victoria-data.mjs:49
		body: readFileSync(metricsFile),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #08742ec972733619 Filesystem access.
repo/packages/testing/playwright/scripts/import-victoria-data.mjs:59
		body: readFileSync(logsFile),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7e5865a643f5ca13 Environment-variable access.
repo/packages/testing/playwright/scripts/run-coverage-shard.mjs:36
	const image = process.env.TEST_IMAGE_N8N ?? 'n8nio/n8n:local';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7722e5afe96e1a35 Environment-variable access.
repo/packages/testing/playwright/scripts/run-local-instance-ai.mjs:25
const apiKey = process.env.ANTHROPIC_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0fb85b08ebfe4d78 Environment-variable access.
repo/packages/testing/playwright/scripts/run-local-instance-ai.mjs:40
		return process.env.N8N_TEST_ENV ? JSON.parse(process.env.N8N_TEST_ENV) : {};

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #14343cfb080875ee Filesystem access.
repo/packages/testing/playwright/scripts/run-local-isolated.mjs:39
import { mkdtempSync, rmSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #671dfadf5b632a9b Environment-variable access.
repo/packages/testing/playwright/scripts/run-local-isolated.mjs:69
if (process.env.N8N_BASE_URL) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e80b99bb68b8523a Environment-variable access.
repo/packages/testing/playwright/scripts/run-local-isolated.mjs:70
	backendUrl = process.env.N8N_BASE_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #841b8d7ea75b5571 Environment-variable access.
repo/packages/testing/playwright/scripts/run-local-isolated.mjs:72
	brokerPort = process.env.N8N_RUNNERS_BROKER_PORT ?? String(await getFreePort());

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #719ba922989633cc Environment-variable access.
repo/packages/testing/playwright/scripts/run-local-isolated.mjs:86
		return process.env.N8N_TEST_ENV ? JSON.parse(process.env.N8N_TEST_ENV) : {};

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #efb1807d2461bfa2 Environment-variable access.
repo/packages/testing/playwright/scripts/run-local-isolated.mjs:99
	N8N_LOG_LEVEL: process.env.N8N_LOG_LEVEL ?? 'info',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ed9718c178ed8d11 Environment-variable access.
repo/packages/testing/playwright/scripts/select-affected-e2e.mjs:72
	const changedFiles = process.argv.slice(2).join(',') || process.env.CHANGED_FILES || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4f36e91956c8c2d4 Environment-variable access.
repo/packages/testing/playwright/scripts/select-affected-e2e.mjs:77
		allSpecs: process.env.ALL_SPECS_FILE,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #074f0b585484cbb9 Environment-variable access.
repo/packages/testing/playwright/scripts/select-affected-e2e.mjs:78
		base: process.env.BASE_REF,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d970913b3224cebf Filesystem access.
repo/packages/testing/playwright/scripts/select-affected-e2e.test.ts:33
			fs.writeFileSync(p, '{}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #044ebf7ec14541b6 Filesystem access.
repo/packages/testing/playwright/scripts/select-affected-e2e.test.ts:42
			fs.writeFileSync(p, '{}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #15ba51b4a7dde68f Filesystem access.
repo/packages/testing/playwright/scripts/sizing-matrix-aggregate.test.ts:75
		writeFileSync(
			join(laneDir, 'test-results.json'),
			JSON.stringify(testResultsWithReports(specs)),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b0c565e685806149 Filesystem access.
repo/packages/testing/playwright/scripts/sizing-matrix-aggregate.test.ts:94
		const written = JSON.parse(readFileSync(join(laneDir, looseFiles[0]), 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c65e6c7eef1116a4 Filesystem access.
repo/packages/testing/playwright/scripts/sizing-matrix-aggregate.test.ts:116
		writeFileSync(
			join(root, 'test-results.json'),
			JSON.stringify({ suites: [{ specs: [{ tests: [{ results: [{ attachments: [] }] }] }] }] }),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e763f8163a4ac617 Filesystem access.
repo/packages/testing/playwright/scripts/sizing-matrix-aggregate.test.ts:127
		writeFileSync(join(root, 'test-results.json'), '{ not valid json');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2402391e4076b666 Environment-variable access.
repo/packages/testing/playwright/scripts/sizing-matrix-aggregate.ts:91
		args['hardware-runner'] ?? process.env.SIZING_MATRIX_RUNNER ?? DEFAULT_HARDWARE.runner;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #95dbf0941be1fc8b Environment-variable access.
repo/packages/testing/playwright/scripts/sizing-matrix-aggregate.ts:94
		: process.env.SIZING_MATRIX_VCPU

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #45970a1d585de2b2 Environment-variable access.
repo/packages/testing/playwright/scripts/sizing-matrix-aggregate.ts:95
			? Number(process.env.SIZING_MATRIX_VCPU)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #db795f007a5899dc Environment-variable access.
repo/packages/testing/playwright/scripts/sizing-matrix-aggregate.ts:99
		: process.env.SIZING_MATRIX_RAM_GB

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cd5fa37c17d665dd Environment-variable access.
repo/packages/testing/playwright/scripts/sizing-matrix-aggregate.ts:100
			? Number(process.env.SIZING_MATRIX_RAM_GB)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aa7452f4e8804586 Filesystem access.
repo/packages/testing/playwright/scripts/sizing-matrix-aggregate.ts:113
		const pkg = JSON.parse(readFileSync(join(REPO_ROOT, 'packages/cli/package.json'), 'utf8')) as {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5112d3fa01450b8a Filesystem access.
repo/packages/testing/playwright/scripts/sizing-matrix-aggregate.ts:124
		const head = readFileSync(join(REPO_ROOT, '.git/HEAD'), 'utf8').trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d9d9b745a9298a5d Filesystem access.
repo/packages/testing/playwright/scripts/sizing-matrix-aggregate.ts:127
			return readFileSync(join(REPO_ROOT, '.git', refPath), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e6c09b2d9a06a478 Filesystem access.
repo/packages/testing/playwright/scripts/sizing-matrix-aggregate.ts:139
	const overrides = JSON.parse(readFileSync(path, 'utf8')) as SpecMapping;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7267a8fa81c3f100 Environment-variable access.
repo/packages/testing/playwright/scripts/sizing-matrix-aggregate.ts:181
	const apiKey = process.env.CURRENTS_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e2bcb01aa6ce40ce Filesystem access.
repo/packages/testing/playwright/scripts/sizing-matrix-aggregate.ts:221
	writeFileSync(outPath, buf);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1dab7d57bfcb19d9 Filesystem access.
repo/packages/testing/playwright/scripts/sizing-matrix-aggregate.ts:288
			report = JSON.parse(readFileSync(file, 'utf8')) as JSONReport;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6705e703bd9eb8c8 Filesystem access.
repo/packages/testing/playwright/scripts/sizing-matrix-aggregate.ts:296
			writeFileSync(join(laneDir, `${stem}.run-report.${index}.json`), body);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cf560511d7d8ef97 Filesystem access.
repo/packages/testing/playwright/scripts/sizing-matrix-aggregate.ts:305
		const report = JSON.parse(readFileSync(path, 'utf8')) as RunReport;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1302210ddf0e4861 Filesystem access.
repo/packages/testing/playwright/scripts/sizing-matrix-aggregate.ts:367
	writeFileSync(args.out, JSON.stringify(matrix, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3231f06a1c45cfd9 Filesystem access.
repo/packages/testing/playwright/scripts/sizing-matrix-aggregate.ts:372
		writeFileSync(args.markdownOut, renderMarkdown(matrix));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c45ddd8e049fc4ab Filesystem access.
repo/packages/testing/playwright/scripts/sizing-matrix-topologies.test.ts:72
		const source = readFileSync(workerCmd, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2f1792536e316056 Filesystem access.
repo/packages/testing/playwright/services/workflow-api-helper.ts:2
import { readFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c863f5256f70b201 Filesystem access.
repo/packages/testing/playwright/services/workflow-api-helper.ts:345
		const fileContent = readFileSync(filePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #24bee11a3e1bc012 Filesystem access.
repo/packages/testing/playwright/utils/benchmark/run-heap-analysis.ts:148
		unboundGrowthOutput = await readFile(or.analysisOutputFile, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6e219b72e412432c Filesystem access.
repo/packages/testing/playwright/utils/benchmark/run-heap-analysis.ts:159
		shapeGrowthOutput = await readFile(sr.analysisOutputFile, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7bdac7b6786afcc1 Filesystem access.
repo/packages/testing/playwright/utils/benchmark/run-heap-analysis.ts:233
	await writeFile(reportPath, JSON.stringify(report, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b5c6f6b3a0498848 Filesystem access.
repo/packages/testing/playwright/utils/path-helper.ts:1
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1cc9339e59c83aec Filesystem access.
repo/packages/testing/playwright/utils/performance-helper.ts:342
			await writeFile(`${outputDir}/${label}-smaps-raw.txt`, data.raw);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ea742bd4f3c29397 Filesystem access.
repo/packages/testing/playwright/utils/performance-helper.ts:351
		await writeFile(`${outputDir}/${label}-rss-breakdown.json`, JSON.stringify(summary, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #be3f6e8649564c4a Environment-variable access.
repo/packages/testing/playwright/utils/url-helper.ts:14
	return process.env.N8N_BASE_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0b66ce9403ea468 Environment-variable access.
repo/packages/testing/playwright/utils/url-helper.ts:23
	return process.env.N8N_EDITOR_URL ?? process.env.N8N_BASE_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/@n8n/instance-ai

npm first-party
high pii_flow production #90a9ec4fe93b9f9f User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/@n8n/instance-ai/evaluations/checklist/verifier.ts:219 · flow /tmp/closeopen-zwski0h_/repo/packages/@n8n/instance-ai/evaluations/checklist/verifier.ts:222 → /tmp/closeopen-zwski0h_/repo/packages/@n8n/instance-ai/evaluations/checklist/verifier.ts:219
	const response = await fetch(getOpenAiResponsesUrl(model.url), {
		method: 'POST',
		headers: {
			Authorization: `Bearer ${model.apiKey}`,
			'Content-Type': 'application/json',
		},
		body: JSON.stringify(requestBody),
		signal: abortSignal,
	});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #abcbe64d81eafdac User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/@n8n/instance-ai/evaluations/langtracer/client.ts:72 · flow /tmp/closeopen-zwski0h_/repo/packages/@n8n/instance-ai/evaluations/langtracer/client.ts:73 → /tmp/closeopen-zwski0h_/repo/packages/@n8n/instance-ai/evaluations/langtracer/client.ts:72
		const response = await fetch(new URL(path, this.config.baseUrl), {
			headers: { Authorization: `Bearer ${this.config.apiKey}` },
		});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #73783e5988f5fbc7 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/@n8n/instance-ai/evaluations/langtracer/client.ts:89 · flow /tmp/closeopen-zwski0h_/repo/packages/@n8n/instance-ai/evaluations/langtracer/client.ts:92 → /tmp/closeopen-zwski0h_/repo/packages/@n8n/instance-ai/evaluations/langtracer/client.ts:89
		const response = await fetch(new URL(path, this.config.baseUrl), {
			method,
			headers: {
				Authorization: `Bearer ${this.config.apiKey}`,
				'Content-Type': 'application/json',
			},
			body: JSON.stringify(body),
		});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 319 low-confidence finding(s)
low env_fs test-only #bdf0c93a71c36f26 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/case-files-schema.test.ts:19
		const raw = jsonParse<unknown>(readFileSync(join(WORKFLOWS_DIR, file), 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fa05d15abdb62512 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:18
			originalEnv[key] = process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d8bca97deeabfa58 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:19
			delete process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #45eae11b4cae8fb7 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:26
				delete process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ac7a68f43fe84d31 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:28
				process.env[key] = originalEnv[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #808dc7f22ba9c303 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:35
			process.env.GITHUB_ACTIONS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7e428493dad55d14 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:36
			process.env.GITHUB_SHA = '357e949547671e2cd1c017eb4e7c809cd55bd121';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5f531657d4bc7790 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:40
			process.env.LANGSMITH_BRANCH = 'feature-branch';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #076d3189f32e6fd5 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:41
			process.env.GITHUB_HEAD_REF = 'should-not-be-used';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ff377e3167449b90 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:42
			process.env.GITHUB_REF_NAME = '30711/merge';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9bb70aaa7045a583 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:48
			process.env.GITHUB_HEAD_REF = 'feature-x';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4376ea7cf538b70d Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:49
			process.env.GITHUB_REF_NAME = '30711/merge';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9ffefe4a7ef17865 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:55
			process.env.GITHUB_REF_NAME = 'master';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c65f4dc4e30c50b1 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:61
			process.env.LANGSMITH_BRANCH = '30711/merge';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #283eb6f86c3a7e03 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:67
			process.env.LANGSMITH_BRANCH = 'feature//thing';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b2ce269068507919 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:73
			delete process.env.GITHUB_SHA;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #047f0b5d962d6057 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:74
			process.env.LANGSMITH_BRANCH = 'feature-x';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ea67681db027db9c Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:86
			process.env.LANGSMITH_BRANCH = 'should-not-be-used';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c0e8b3d1a9e71a94 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:109
			originalEnv[key] = process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0414b4aa87c04986 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:110
			delete process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c1d845420cca51b2 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:117
				delete process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #baaec0de386244b8 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:119
				process.env[key] = originalEnv[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5cb6420127ce86de Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:129
		process.env.GITHUB_ACTIONS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #21192746137d7dd5 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:130
		process.env.GITHUB_EVENT_NAME = 'pull_request_review';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2b107de724e77c0e Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:131
		process.env.GITHUB_RUN_ID = '12345';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2486a11d62947654 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:141
		process.env.GITHUB_ACTIONS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #346a6d35b6ab9694 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:142
		process.env.LANGSMITH_BRANCH = 'feature-x';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #74a507b2ab1b53d5 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:143
		process.env.LANGSMITH_REVISION_ID = '357e949547671e2cd1c017eb4e7c809cd55bd121';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5885ff73bd7f3df5 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/ci-metadata.test.ts:144
		process.env.GITHUB_REF = 'refs/pull/30711/merge';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8dacc16711612aff Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/conversation-seed.test.ts:53
		writeFileSync(path, JSON.stringify(makeSeed()));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d502c2d36dfd0f1b Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/conversation-seed.test.ts:62
		writeFileSync(path, JSON.stringify({ messages: [{ id: 'm1' }] }));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #780fe902e47b7fa6 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/conversation-seed.test.ts:69
		writeFileSync(path, JSON.stringify({ messages: [] }));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #14d6136f25168567 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/data-workflows-schema.test.ts:9
import { readdirSync, readFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b050750d09e35d55 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/data-workflows.test.ts:9
import { readdirSync, readFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e5747da1a0c9b219 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/mcp-builder-timeout.test.ts:3
import { mkdtempSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fbad1b96344e384d Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/mcp-builder.test.ts:3
import { mkdtempSync, readFileSync, rmSync, statSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #afa8e52fcfd26c2e Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/mcp-builder.test.ts:221
		const logged = readFileSync(String(result.logFile), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #19dca41ee5f511af Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/mcp-builder.test.ts:271
			const parsed: unknown = JSON.parse(readFileSync(path, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #357a8aca22bb40a2 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/prebuilt-workflows.test.ts:1
import { mkdtempSync, rmSync, writeFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e8a87e6977502f01 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/prebuilt-workflows.test.ts:30
		writeFileSync(path, JSON.stringify(content));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #31d90d09129058aa Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/prebuilt-workflows.test.ts:56
		writeFileSync(path, '{ this is not json');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #63d9d9d061225119 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/__tests__/stub-services.test.ts:15
	await fs.writeFile(file, JSON.stringify(entries), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5d2dafe7b03dc81e Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/checklist/verifier.ts:38
const VERIFIER_DEBUG = process.env.N8N_EVAL_VERIFIER_DEBUG === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5cf5435bb8e29793 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/cli/args.ts:190
	if (validated.buildViaMcp && !process.env.LANGSMITH_API_KEY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d74024a95014dbfa Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/build-mcp-manifest.ts:8
import { existsSync, mkdirSync, readFileSync, readdirSync, unlinkSync, writeFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f22f58c79f5d524d Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/build-mcp-manifest.ts:248
	const content = readFileSync(path, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6dab2887be6d0e08 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/build-mcp-manifest.ts:373
	writeFileSync(args.manifestPath, JSON.stringify(manifest, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #667c5dfb050e8313 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/build-mcp-manifest.ts:402
	writeFileSync(args.statsPath, JSON.stringify(stats, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c68317912618d5a5 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/build-mcp-manifest.ts:572
	console.log(readFileSync(args.manifestPath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cdf4e9935516b4c2 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/cli/ci-metadata.ts:31
	const isCI = process.env.GITHUB_ACTIONS === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fb5fb68a64b8dfc3 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/cli/ci-metadata.ts:39
		trigger: process.env.GITHUB_EVENT_NAME,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c743ff2dcbbc16f5 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/cli/ci-metadata.ts:40
		runId: process.env.GITHUB_RUN_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #80c1de8caf96bc3a Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/cli/ci-metadata.ts:42
			process.env.LANGSMITH_BRANCH ?? process.env.GITHUB_HEAD_REF ?? process.env.GITHUB_REF_NAME,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #833d9261a611c6e4 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/cli/ci-metadata.ts:43
		commitSha: process.env.LANGSMITH_REVISION_ID ?? process.env.GITHUB_SHA,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #981a9d41629af257 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/cli/ci-metadata.ts:45
		prNumber: process.env.GITHUB_REF?.match(/refs\/pull\/(\d+)\//)?.[1],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #358d69915bd531b1 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/cli/ci-metadata.ts:70
	if (process.env.GITHUB_ACTIONS !== 'true') return undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5c1e7df9f3c8e692 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/cli/ci-metadata.ts:73
		process.env.LANGSMITH_BRANCH ?? process.env.GITHUB_HEAD_REF ?? process.env.GITHUB_REF_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4088262a2ab73073 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/cli/ci-metadata.ts:74
	const sha = process.env.GITHUB_SHA;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #36037d842b195034 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/compare-pairwise.ts:163
		fs.readFile(summaryPath, 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f8ad2c69e2bf820 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/compare-pairwise.ts:164
		fs.readFile(resultsPath, 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f4d44838ab46a089 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/compare-pairwise.ts:421
		return await fs.readFile(filePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c99a548bce015bf9 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/compare-pairwise.ts:1256
	await fs.writeFile(args.out, html, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7ff1bf1e22fee552 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/index.ts:11
import { mkdirSync, unlinkSync, writeFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #757769b002eef02a Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/cli/index.ts:390
		const hasLangSmith = Boolean(process.env.LANGSMITH_API_KEY);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fb370b4ef1fcd775 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/cli/index.ts:433
		const commitSha = process.env.LANGSMITH_REVISION_ID ?? process.env.GITHUB_SHA;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dee4a9e95ae92960 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/index.ts:1605
	writeFileSync(jsonPath, JSON.stringify(report, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #70be8c0b75e973be Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/index.ts:1611
	writeFileSync(
		prCommentPath,
		formatComparisonMarkdown(evaluation, outcome, {
			commitSha,
			slugByTestCase,
			rerun,
			gate,
			passMetrics: { passAtK: metrics.passAtK, passHatK: metrics.passHatK },
			experimentUrl,
		}),
	);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3bbab683f33775cb Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/mcp-builder.ts:18
import { existsSync, readFileSync, writeFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #078c131f39e87eaf Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/mcp-builder.ts:39
	const content = readFileSync(path, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #51b7550807568382 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/mcp-builder.ts:69
	writeFileSync(tmpPath, JSON.stringify({ mcpServers: { [serverName]: block } }), { mode: 0o600 });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d1c0859fff94bb13 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/mcp-builder.ts:314
			writeFileSync(logFile, stdout || stderr || fallback);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1069f6303e05d560 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/pairwise.ts:81
		const content = readFileSync(exampleIdsFile, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0a6b1b83864892bf Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/cli/pairwise.ts:105
		baseUrl: get('--base-url') ?? process.env.N8N_EVAL_BASE_URL ?? 'http://localhost:5678',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c96151fdbc3ca61c Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/pairwise.ts:189
	const content = readFileSync(absolute, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3f740252ff038c64 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/pairwise.ts:456
				await fs.writeFile(workflowPath, JSON.stringify(record.workflow, null, 2), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2dd38e966e6a7565 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/pairwise.ts:460
	await fs.writeFile(jsonlPath, lines.join('\n') + '\n', 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0f3ed65e5a26ebc2 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/pairwise.ts:501
	await fs.writeFile(csvPath, [csvHeader, ...csvRows].join('\n') + '\n', 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5f85319423d99e62 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/pairwise.ts:592
	await fs.writeFile(
		path.join(outputDir, 'summary.json'),
		JSON.stringify(summary, null, 2),
		'utf8',
	);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6d7dd13c89171120 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/pairwise.ts:617
		await fs.writeFile(reportFile, html, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cd3ce41b7b8e7043 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/cli/pairwise.ts:637
	const apiKey = process.env.N8N_AI_ANTHROPIC_KEY ?? process.env.ANTHROPIC_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #95bc7f076443add0 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/report.ts:124
				fs.readFile(summaryPath, 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9bfc5fd78320d435 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/report.ts:125
				fs.readFile(resultsPath, 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b31a1327bcfaafc1 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/cli/report.ts:674
	await fs.writeFile(args.reportFile, html, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cbafab21bc613dd9 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/clients/n8n-client.ts:142
		const loginEmail = email ?? process.env.N8N_EVAL_EMAIL ?? '[email protected]';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #447aa39f50895b45 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/clients/n8n-client.ts:143
		const loginPassword = password ?? process.env.N8N_EVAL_PASSWORD ?? 'PlaywrightTest123';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9b6b054b8d58b0ef Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/computer-use/__tests__/graders-fs.test.ts:19
		await writeFile(join(dir, 'README.md'), '# hello');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #55903ea59036b15c Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/computer-use/__tests__/graders-fs.test.ts:26
		await writeFile(join(dir, 'docs', 'workflow.md'), '...');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bb254a1600d92fa0 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/computer-use/__tests__/graders-fs.test.ts:32
		await writeFile(join(dir, 'readme.txt'), '...');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8d7b4c0e36c480b9 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/computer-use/__tests__/graders-fs.test.ts:40
			await writeFile(join(outside, 'secret.md'), 'should not be readable');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1e7ffdafb47df8e5 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/computer-use/__tests__/graders-fs.test.ts:54
			await writeFile(join(parent, 'sibling.md'), '# sibling');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3945eb6a41575785 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/computer-use/__tests__/graders-fs.test.ts:83
		await writeFile(join(dir, 'leftover.md'), '# still here');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e32513c8299ec2e0 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/computer-use/__tests__/graders-fs.test.ts:93
		await writeFile(join(dir, 'project', 'briefing.md'), '# moved');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5c1512f7a4f47abc Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/computer-use/__tests__/graders-fs.test.ts:114
		await writeFile(join(dir, 'doc.md'), '# Architecture\n\nThis describes the workflow.');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b494e0be16c36737 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/computer-use/__tests__/graders-fs.test.ts:124
		await writeFile(join(dir, 'doc.md'), 'random unrelated content');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #caeac340e6c8e099 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/computer-use/__tests__/graders-fs.test.ts:134
		await writeFile(join(dir, 'doc.md'), '# Architecture only');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #849914cbe7625076 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/computer-use/cli.ts:137
		const raw = await readFile(join(dataDir, file), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7154012959f14a99 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/computer-use/cli.ts:213
		const raw = await readFile(packageJsonPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a5dbacc57f51d185 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/computer-use/cli.ts:295
	await writeFile(reportPath, JSON.stringify(report, null, 2), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8f35f47dd22cdb6b Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/computer-use/cli.ts:302
		await writeFile(htmlPath, renderHtml(report), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1bc3542454be0a3b Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/computer-use/graders/fs.ts:75
			content = await readFile(absPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c45d8d4d0dd9da12 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/computer-use/render-existing.ts:15
const report = jsonParse<RunReport>(readFileSync(inputPath, 'utf-8'), {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2d8a693ab6333081 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/computer-use/render-existing.ts:18
writeFileSync(outputPath, renderHtml(report), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74d547b654aa01c4 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/computer-use/runner.ts:205
	const raw = await readFile(fixturePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9b557892e6e5851d Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/credentials/seeder.ts:115
		const envToken = template.envVar ? process.env[template.envVar] : undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d0dba7ea56c8756f Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/data/discovery/index.ts:1
import { readFileSync, readdirSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eb4399b65e039e91 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/data/discovery/index.ts:13
	const content = readFileSync(filePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a4abfa1f25bd8914 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/discovery/cli.ts:37
const DEFAULT_MODEL = process.env.N8N_INSTANCE_AI_EVAL_MODEL ?? 'anthropic/claude-sonnet-4-6';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f6f36bc5afd7b601 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/discovery/cli.ts:266
	if (!process.env.ANTHROPIC_API_KEY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1c6d5e2bcbcebb11 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/export-latest-verifier-request.ts:292
	return jsonParse<T>(readFileSync(filePath, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d8deee55d21492cf Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/export-latest-verifier-request.ts:354
		model: (process.env.N8N_INSTANCE_AI_MODEL ?? 'openai/gpt-5.5').split('/').at(-1) ?? 'gpt-5.5',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #82dcd1c7629ec772 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/export-latest-verifier-request.ts:404
	writeFileSync(outputPath, JSON.stringify(requestBody, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #321a023e53b4010e Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/harness/conversation-seed.ts:63
		raw = JSON.parse(readFileSync(filePath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #68ad1a4fdcebcfde Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/harness/langsmith-seed.ts:90
		process.env.LANGSMITH_ENDPOINT ?? process.env.LANGCHAIN_ENDPOINT ?? US_DEFAULT_ENDPOINT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74a98475836c9343 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/harness/langsmith-seed.ts:92
	const homeKey = process.env.LANGSMITH_API_KEY ?? process.env.LANGCHAIN_API_KEY ?? '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #55e9049d3cb46f55 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/harness/langsmith-seed.ts:98
	const usHost = bareHost(process.env.LANGSMITH_ENDPOINT_US ?? US_DEFAULT_ENDPOINT);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dc704b2321490366 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/harness/langsmith-seed.ts:100
		const usKey = process.env.LANGSMITH_API_KEY_US ?? '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #61e0b4760ce4451b Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/harness/prebuilt-workflows.ts:20
import { readFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e3d0e48e1352187e Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/harness/prebuilt-workflows.ts:36
		raw = JSON.parse(readFileSync(path, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #af645a9ecd8c7dfd Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/harness/runner.ts:96
	const raw = process.env.N8N_EVAL_MAX_CONCURRENT_SCENARIOS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d794fb0525a7519e Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/harness/runner.ts:190
		await writeFile(
			filePath,
			JSON.stringify(
				{
					timestamp,
					workflowId: input.workflowId,
					testCaseName: input.testCaseName,
					scenarioName: input.scenarioName,
					passed: input.passed,
					result: input.result ?? null,
					verificationResults: input.verificationResults,
					verifierAttempts: input.verifierAttempts,
					buildTrace: input.buildTrace ?? null,
				},
				null,
				2,
			),
			'utf8',
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0e6fc3d61f2b097b Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/harness/runner.ts:1451
		process.env.N8N_INSTANCE_AI_MODEL_API_KEY ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #601c1456a3e3e988 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/harness/runner.ts:1452
			process.env.N8N_AI_ANTHROPIC_KEY ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #765b827dfb9d72bb Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/harness/runner.ts:1453
			process.env.ANTHROPIC_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9642d6f7edb10c9b Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/harness/stub-services.ts:402
		content = await fs.readFile(jsonPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2b14ff5387a04fc8 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/report/run-debug-report.ts:25
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #872b679a43bf11be Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/report/run-debug-report.ts:426
	fs.writeFileSync(reportPath, html);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #283766222566d0db Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/report/run-debug-report.ts:427
	fs.writeFileSync(path.join(reportDir, 'workflow-eval-llm-debug.html'), html);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0e04bfc11ac0d28e Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/report/workflow-report.ts:10
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ffc28231de9a8837 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/report/workflow-report.ts:1641
	fs.writeFileSync(reportPath, html);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5f0e96b2a0e095b0 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/report/workflow-report.ts:1644
	fs.writeFileSync(path.join(reportDir, 'workflow-eval-report.html'), html);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b01628fdfa804174 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/subagent/cli.ts:56
		modelId: process.env.N8N_INSTANCE_AI_EVAL_MODEL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c1d49b966a03ead0 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/subagent/cli.ts:58
		baseUrl: process.env.N8N_EVAL_BASE_URL ?? 'http://localhost:5678',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1deefe97d8b17fbb Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/subagent/cli.ts:125
		const raw = readFileSync(join(DATA_DIR, file), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #526356ac5087d9b2 Environment-variable access.
repo/packages/@n8n/instance-ai/evaluations/subagent/cli.ts:218
	const apiKey = process.env.LANGSMITH_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8cdfa92f3ce493fe Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/utils/get-json-files.ts:1
import { readdirSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #049f1e20e6771aeb Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/utils/load-eval-cases.ts:1
import { readFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ef98d45b618786c0 Filesystem access.
repo/packages/@n8n/instance-ai/evaluations/utils/load-eval-cases.ts:16
	const content = readFileSync(filePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f2131602a0094f84 Environment-variable access.
repo/packages/@n8n/instance-ai/scripts/build-snapshot.cjs:38
	return process.env.N8N_VERSION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ba4a13e6b402b731 Environment-variable access.
repo/packages/@n8n/instance-ai/scripts/build-snapshot.cjs:55
	const apiKey = process.env.DAYTONA_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1b1a139454444e60 Environment-variable access.
repo/packages/@n8n/instance-ai/scripts/build-snapshot.cjs:60
	const apiUrl = process.env.DAYTONA_API_URL || undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #684c825ae597bdcc Environment-variable access.
repo/packages/@n8n/instance-ai/scripts/build-snapshot.cjs:63
	const baseImage = process.env.SANDBOX_IMAGE || undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d48c6f366fde51cb Filesystem access.
repo/packages/@n8n/instance-ai/scripts/print-prompts.ts:12
import { mkdirSync, writeFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #85d1abff296abcf9 Filesystem access.
repo/packages/@n8n/instance-ai/scripts/print-prompts.ts:146
			writeFileSync(target, renderFile(agent, variant), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bcd0b6dc94d30752 Filesystem access.
repo/packages/@n8n/instance-ai/src/knowledge-base/materialize-knowledge-base.ts:177
			entry.content ?? (await readFile(join(referenceSourceDir, entry.fileName), 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #33ca65cf3aa97bad Environment-variable access.
repo/packages/@n8n/instance-ai/src/skills/__tests__/runtime-skills.test.ts:7
const ORIGINAL_ENABLED_MODULES = process.env.N8N_ENABLED_MODULES;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #42bf6b7df2e6a854 Environment-variable access.
repo/packages/@n8n/instance-ai/src/skills/__tests__/runtime-skills.test.ts:12
			delete process.env.N8N_ENABLED_MODULES;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3b96a92107cd02de Environment-variable access.
repo/packages/@n8n/instance-ai/src/skills/__tests__/runtime-skills.test.ts:14
			process.env.N8N_ENABLED_MODULES = ORIGINAL_ENABLED_MODULES;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e173c811eaf45747 Filesystem access.
repo/packages/@n8n/instance-ai/src/skills/__tests__/runtime-skills.test.ts:19
		const skill = readFileSync(
			join(INSTANCE_AI_SKILLS_DIR, 'workflow-builder', 'SKILL.md'),
			'utf-8',
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2705a27cdd8016da Environment-variable access.
repo/packages/@n8n/instance-ai/src/skills/__tests__/runtime-skills.test.ts:360
		delete process.env.N8N_ENABLED_MODULES;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #be36b03db5c67573 Environment-variable access.
repo/packages/@n8n/instance-ai/src/skills/__tests__/runtime-skills.test.ts:362
		process.env.N8N_ENABLED_MODULES = enabledModules;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ad6a84518296b66b Environment-variable access.
repo/packages/@n8n/instance-ai/src/tools/__tests__/executions.tool.test.ts:527
				const originalE2ETests = process.env.E2E_TESTS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #29db7210828827d0 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tools/__tests__/executions.tool.test.ts:528
				process.env.E2E_TESTS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c8e2982ab7b3e092 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tools/__tests__/executions.tool.test.ts:563
						delete process.env.E2E_TESTS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #912f5c03184b1f3f Environment-variable access.
repo/packages/@n8n/instance-ai/src/tools/__tests__/executions.tool.test.ts:565
						process.env.E2E_TESTS = originalE2ETests;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only #2feb42731f9bb361 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/@n8n/instance-ai/src/tools/__tests__/n8n-docs.tool.test.ts:127
		expect(registry.byUrl.get(GOOGLE_OAUTH_URL)?.title).toBe('Google: OAuth2 single service');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only #4ac27da916dad37d Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/@n8n/instance-ai/src/tools/__tests__/n8n-docs.tool.test.ts:128
		expect(registry.byUrl.get(FIGMA_CREDENTIALS_URL)?.title).toBe('Figma credentials');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #795f6b252d89c858 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tools/executions.tool.ts:189
	if (process.env.E2E_TESTS !== 'true' || allowList === undefined) return undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ddb77a7b9deb42ce Filesystem access.
repo/packages/@n8n/instance-ai/src/tools/workflows/build-workflow.tool.ts:226
		const raw = readFileSync(
			join(INSTANCE_AI_SKILLS_DIR, POST_BUILD_FLOW_SKILL_ID, 'SKILL.md'),
			'utf-8',
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1907914d813d096f Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:346
	const originalLangSmithApiKey = process.env.LANGSMITH_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c2212a73520900ac Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:347
	const originalLangSmithTracing = process.env.LANGSMITH_TRACING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4a2bd295529baaf6 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:348
	const originalLangChainTracingV2 = process.env.LANGCHAIN_TRACING_V2;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #67b36947c66b9b1e Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:349
	const originalLangSmithProject = process.env.LANGSMITH_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #87bc2005506c2841 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:350
	const originalLangChainProject = process.env.LANGCHAIN_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d9d6692972c4e82f Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:351
	const originalTraceInternal = process.env.N8N_INSTANCE_AI_TRACE_INTERNAL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #002833958414f6e9 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:352
	const originalDiagnosticsEnabled = process.env.N8N_DIAGNOSTICS_ENABLED;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c86c880976569f2f Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:357
		process.env.LANGSMITH_API_KEY = 'test-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4688c214675518ff Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:358
		delete process.env.LANGSMITH_TRACING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e6069bfc4f484490 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:359
		delete process.env.LANGCHAIN_TRACING_V2;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #56ee83c5fda7257e Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:360
		delete process.env.LANGSMITH_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5987549bc7f563aa Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:361
		delete process.env.LANGCHAIN_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f8c977f7f50d50a6 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:362
		delete process.env.N8N_INSTANCE_AI_TRACE_INTERNAL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ae4fccab99f53ab1 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:363
		delete process.env.N8N_DIAGNOSTICS_ENABLED;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fa7f2929be6fb728 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:367
		process.env.LANGSMITH_API_KEY = originalLangSmithApiKey;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2d3dfa6b7798fd93 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:369
			delete process.env.LANGSMITH_TRACING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8d7f5f48a8494a98 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:371
			process.env.LANGSMITH_TRACING = originalLangSmithTracing;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ee84f70b53306036 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:374
			delete process.env.LANGCHAIN_TRACING_V2;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a48c6e31dcf13c76 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:376
			process.env.LANGCHAIN_TRACING_V2 = originalLangChainTracingV2;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a34f2b58a9d81c94 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:379
			delete process.env.LANGSMITH_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0cf4f1d2d775a7cb Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:381
			process.env.LANGSMITH_PROJECT = originalLangSmithProject;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7b01bee84e65abfb Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:384
			delete process.env.LANGCHAIN_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f5cac93f90d602d7 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:386
			process.env.LANGCHAIN_PROJECT = originalLangChainProject;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e1740dbf2d659d46 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:389
			delete process.env.N8N_INSTANCE_AI_TRACE_INTERNAL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #889804199db7623e Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:391
			process.env.N8N_INSTANCE_AI_TRACE_INTERNAL = originalTraceInternal;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b7e8ec5f562fbbd2 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:394
			delete process.env.N8N_DIAGNOSTICS_ENABLED;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #26e36e0166e6be0f Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:396
			process.env.N8N_DIAGNOSTICS_ENABLED = originalDiagnosticsEnabled;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #779c57d67bf957b2 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:478
		delete process.env.LANGSMITH_TRACING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0e503f2bae7cd5e1 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:479
		delete process.env.LANGCHAIN_TRACING_V2;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1b8bfc58f90b2bc1 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:489
		expect(process.env.LANGSMITH_TRACING).toBeUndefined();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ca21c38e074eeba7 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:490
		expect(process.env.LANGCHAIN_TRACING_V2).toBeUndefined();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1384f3e05a545986 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:506
		process.env.LANGSMITH_PROJECT = 'instance-ai-evals';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #440bc6531e6e514a Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:1152
		process.env.N8N_INSTANCE_AI_TRACE_INTERNAL = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ba50b0b03a0c8cc2 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:1962
		delete process.env.LANGSMITH_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #14948e54085d9c72 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:1963
		delete process.env.LANGCHAIN_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5cf6d30c0b233c94 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:1964
		delete process.env.LANGSMITH_ENDPOINT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #61318fad1109fd94 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:1965
		delete process.env.LANGCHAIN_ENDPOINT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8709c0ee0281df6b Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:1966
		delete process.env.LANGSMITH_TRACING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #73cee262730492b2 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:1967
		delete process.env.LANGCHAIN_TRACING_V2;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7d5d9fd94b6bd3bb Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:1988
		process.env.N8N_DIAGNOSTICS_ENABLED = 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ffde20bd997ab579 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:2134
		process.env.LANGCHAIN_TRACING_V2 = 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #716a3a486b57c223 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:2154
	const originalLangSmithApiKey = process.env.LANGSMITH_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3fda1b0357b2e4a9 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:2155
	const originalLangSmithTracing = process.env.LANGSMITH_TRACING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #090e4f569ed97450 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:2156
	const originalLangChainTracingV2 = process.env.LANGCHAIN_TRACING_V2;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #176ac3004d618466 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:2157
	const originalDiagnosticsEnabled = process.env.N8N_DIAGNOSTICS_ENABLED;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #77cc0216b5c7d1ad Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:2162
		process.env.LANGSMITH_API_KEY = 'test-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a6c0aec1ed81d29d Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:2163
		delete process.env.LANGSMITH_TRACING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #63063cb2da989d2f Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:2164
		delete process.env.LANGCHAIN_TRACING_V2;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #99c4d77457bd8482 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:2165
		delete process.env.N8N_DIAGNOSTICS_ENABLED;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #264b9a12961e4370 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:2169
		process.env.LANGSMITH_API_KEY = originalLangSmithApiKey;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1fef0dbb3b6dbb94 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:2171
			delete process.env.LANGSMITH_TRACING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #55f842181f078350 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:2173
			process.env.LANGSMITH_TRACING = originalLangSmithTracing;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a87bc4a17b534ca8 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:2176
			delete process.env.LANGCHAIN_TRACING_V2;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #90d9606c14197bed Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:2178
			process.env.LANGCHAIN_TRACING_V2 = originalLangChainTracingV2;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a2d155042c5bd8d2 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:2181
			delete process.env.N8N_DIAGNOSTICS_ENABLED;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #45f3e15b116de9d3 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:2183
			process.env.N8N_DIAGNOSTICS_ENABLED = originalDiagnosticsEnabled;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b95943c7b35db98d Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:2217
		delete process.env.LANGSMITH_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #172488be756680d7 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/__tests__/langsmith-tracing.test.ts:2218
		process.env.LANGCHAIN_TRACING_V2 = 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a9b0432dfa62acb0 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/langsmith-tracing.ts:671
	return process.env.LANGSMITH_PROJECT ?? process.env.LANGCHAIN_PROJECT ?? DEFAULT_PROJECT_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #11ab5fcd0be3ee86 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/langsmith-tracing.ts:675
	if (readBooleanEnvFlag(process.env.N8N_DIAGNOSTICS_ENABLED) === false) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8c2fa10ce89e6364 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/langsmith-tracing.ts:680
		process.env.LANGCHAIN_TRACING_V2 ?? process.env.LANGSMITH_TRACING,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3a68a9f0c54f12c0 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/langsmith-tracing.ts:690
		process.env.LANGSMITH_API_KEY ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6725a4e0849d0a64 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/langsmith-tracing.ts:691
			process.env.LANGCHAIN_API_KEY ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1f426f561036e995 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/langsmith-tracing.ts:692
			process.env.LANGSMITH_ENDPOINT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4fc6628339c09941 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/langsmith-tracing.ts:693
			process.env.LANGCHAIN_ENDPOINT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6d951d68cbe43ac9 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/langsmith-tracing.ts:700
		process.env.N8N_INSTANCE_AI_TRACE_INTERNAL === 'true' ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e845fb378beb5fa4 Environment-variable access.
repo/packages/@n8n/instance-ai/src/tracing/langsmith-tracing.ts:701
		process.env.N8N_INSTANCE_AI_TRACE_INCLUDE_INTERNAL === 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fc24b64394ca9534 Filesystem access.
repo/packages/@n8n/instance-ai/src/tracing/langsmith-tracing.ts:1496
				return extractPackageVersion(JSON.parse(await readFile(packageJsonPath, 'utf8')));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #835aacc50e8e8675 Environment-variable access.
repo/packages/@n8n/instance-ai/src/utils/__tests__/agent-feature-enabled.test.ts:3
const ORIGINAL_ENABLED_MODULES = process.env.N8N_ENABLED_MODULES;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #93e2f4b8f0c8b9cf Environment-variable access.
repo/packages/@n8n/instance-ai/src/utils/__tests__/agent-feature-enabled.test.ts:8
			delete process.env.N8N_ENABLED_MODULES;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #529a7ae1a84ce876 Environment-variable access.
repo/packages/@n8n/instance-ai/src/utils/__tests__/agent-feature-enabled.test.ts:10
			process.env.N8N_ENABLED_MODULES = ORIGINAL_ENABLED_MODULES;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1fd9119139a78302 Environment-variable access.
repo/packages/@n8n/instance-ai/src/utils/__tests__/agent-feature-enabled.test.ts:15
		delete process.env.N8N_ENABLED_MODULES;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #41f2b1d1ee61d849 Environment-variable access.
repo/packages/@n8n/instance-ai/src/utils/__tests__/agent-feature-enabled.test.ts:21
		process.env.N8N_ENABLED_MODULES = 'instance-ai';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #974473fa3480ba0c Environment-variable access.
repo/packages/@n8n/instance-ai/src/utils/__tests__/agent-feature-enabled.test.ts:27
		process.env.N8N_ENABLED_MODULES = 'instance-ai,agents';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6fcb5b94909fc1df Environment-variable access.
repo/packages/@n8n/instance-ai/src/utils/__tests__/agent-feature-enabled.test.ts:33
		process.env.N8N_ENABLED_MODULES = ' instance-ai, agents ';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4324a04c9cf2ee33 Environment-variable access.
repo/packages/@n8n/instance-ai/src/utils/__tests__/eval-agents.test.ts:38
		delete process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b87b9cbfd8890c37 Environment-variable access.
repo/packages/@n8n/instance-ai/src/utils/__tests__/eval-agents.test.ts:54
		process.env.N8N_AI_ANTHROPIC_KEY = 'legacy-anthropic-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2d3c7589e148ad7f Environment-variable access.
repo/packages/@n8n/instance-ai/src/utils/__tests__/eval-agents.test.ts:63
		process.env.N8N_INSTANCE_AI_MODEL_API_KEY = 'generic-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1442ed4006deb6ae Environment-variable access.
repo/packages/@n8n/instance-ai/src/utils/__tests__/eval-agents.test.ts:64
		process.env.N8N_AI_ANTHROPIC_KEY = 'legacy-anthropic-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4b52e10a579d9776 Environment-variable access.
repo/packages/@n8n/instance-ai/src/utils/__tests__/eval-agents.test.ts:65
		process.env.ANTHROPIC_API_KEY = 'provider-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f47fdf9fbc14bb27 Environment-variable access.
repo/packages/@n8n/instance-ai/src/utils/__tests__/eval-agents.test.ts:73
		process.env.OPENAI_API_KEY = 'openai-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e8bedcb4f932b7af Environment-variable access.
repo/packages/@n8n/instance-ai/src/utils/agent-feature-enabled.ts:5
		(process.env.N8N_ENABLED_MODULES ?? '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0790a47471cf6e55 Environment-variable access.
repo/packages/@n8n/instance-ai/src/utils/eval-agents.ts:38
		process.env.N8N_INSTANCE_AI_EVAL_MODEL ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9f87d9492190bb54 Environment-variable access.
repo/packages/@n8n/instance-ai/src/utils/eval-agents.ts:39
		process.env.N8N_INSTANCE_AI_MODEL ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5429af68ba00889c Environment-variable access.
repo/packages/@n8n/instance-ai/src/utils/eval-agents.ts:47
	const providerKey = providerKeyEnv ? process.env[providerKeyEnv] : undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74ea3ba1775b5552 Environment-variable access.
repo/packages/@n8n/instance-ai/src/utils/eval-agents.ts:49
		process.env.N8N_INSTANCE_AI_MODEL_API_KEY ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ad12abe6270a47c5 Environment-variable access.
repo/packages/@n8n/instance-ai/src/utils/eval-agents.ts:50
		(provider === 'anthropic' ? process.env.N8N_AI_ANTHROPIC_KEY : undefined) ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #30fbda16ae2a8616 Environment-variable access.
repo/packages/@n8n/instance-ai/src/utils/eval-agents.ts:68
	const url = process.env.N8N_INSTANCE_AI_MODEL_URL?.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b0ec33edda39dd98 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:155
		const cachedArchive = await fsp.readFile(path.join(cacheDir, 'templates.tar.gz'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e36bb86bb9ec77fb Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:157
		const cachedEtag = await fsp.readFile(path.join(cacheDir, 'etag.txt'), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2dd881eea1fba220 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:159
		const cachedSha = await fsp.readFile(path.join(cacheDir, 'templates.tar.gz.sha256'), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #26d069cde44ac9d4 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:272
		await fsp.writeFile(path.join(cacheDir, 'templates.tar.gz'), archive);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #752c92c576d9ed70 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:273
		await fsp.writeFile(path.join(cacheDir, 'etag.txt'), '"pre-existing"');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #909ab83e20de4e2e Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:274
		await fsp.writeFile(path.join(cacheDir, 'channel.txt'), 'exact');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e7ea1cfe896f625b Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:316
		await fsp.writeFile(path.join(cacheDir, 'etag.txt'), '"orphan"');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ed2162ba8f54067d Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:332
		await fsp.writeFile(path.join(cacheDir, 'etag.txt'), '"stale"');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c3cf31e4d9d45a99 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:354
		await fsp.writeFile(path.join(blockedArchivePath, 'block'), '');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #696b2d684095e6ae Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:362
		const etagOnDisk = await fsp.readFile(path.join(cacheDir, 'etag.txt'), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #453e7a9a5a164d2d Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:442
		await fsp.writeFile(path.join(cacheDir, 'templates.tar.gz'), corruptArchive);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c5a9a4164551d543 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:443
		await fsp.writeFile(path.join(cacheDir, 'etag.txt'), '"stale"');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3533b284391d8776 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:444
		await fsp.writeFile(path.join(cacheDir, 'channel.txt'), 'exact');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #66302f6ef02003bf Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:446
		await fsp.writeFile(path.join(cacheDir, 'templates.tar.gz.sha256'), 'deadbeef'.repeat(8));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #127661c0d29f1e31 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:523
			await fsp.writeFile(path.join(cacheDir, 'templates.tar.gz'), legacyArchive);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1be07d450f3cd519 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:524
			await fsp.writeFile(path.join(cacheDir, 'etag.txt'), '"legacy-etag"');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ca50f47c2dc90e91 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:525
			await fsp.writeFile(path.join(cacheDir, 'templates.tar.gz.sha256'), sha256Hex(legacyArchive));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cf859d49823885f6 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:539
			const channelOnDisk = await fsp.readFile(path.join(cacheDir, 'channel.txt'), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1758eb31fa908960 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:547
			await fsp.writeFile(path.join(cacheDir, 'templates.tar.gz'), archive);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #82bb59086841ca6a Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:548
			await fsp.writeFile(path.join(cacheDir, 'etag.txt'), '"latest-etag"');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c78d37a226d33fc6 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:549
			await fsp.writeFile(path.join(cacheDir, 'templates.tar.gz.sha256'), sha256Hex(archive));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #00c4152a1145bab9 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:550
			await fsp.writeFile(path.join(cacheDir, 'channel.txt'), 'latest');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #00a3ee1d0ba04b2e Environment-variable access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:609
		delete process.env.N8N_INSTANCE_AI_TEMPLATES_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7cdd03f65df8b8b2 Environment-variable access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:610
		delete process.env.N8N_INSTANCE_AI_TEMPLATES_REFRESH_HOURS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #28dec9a6cbf13f55 Environment-variable access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:611
		delete process.env.N8N_INSTANCE_AI_TEMPLATES_DISABLED;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #365c065b2992d4d4 Environment-variable access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:616
		process.env.N8N_INSTANCE_AI_TEMPLATES_REFRESH_HOURS = '6';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6be99e67c4fe8447 Environment-variable access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:623
		process.env.N8N_INSTANCE_AI_TEMPLATES_REFRESH_HOURS = 'banana';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e0d469587bd8490f Environment-variable access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:635
		process.env.N8N_INSTANCE_AI_TEMPLATES_REFRESH_HOURS = '0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3b089902dd926f42 Environment-variable access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:638
		process.env.N8N_INSTANCE_AI_TEMPLATES_REFRESH_HOURS = '-4';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b11776d8b1ae1ec7 Environment-variable access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:644
		process.env.N8N_INSTANCE_AI_TEMPLATES_DISABLED = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9b57f51c5048aeaf Environment-variable access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/builder-templates-service.test.ts:645
		process.env.N8N_INSTANCE_AI_TEMPLATES_URL = 'https://example.com/v2';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6be8fc327d16361f Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/lazy-runtime-workspace.test.ts:165
		await lazyWorkspace.filesystem?.readFile('/workspace/report.md');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c92f9df95e03d709 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/lazy-runtime-workspace.test.ts:188
		await lazyWorkspace.filesystem?.readFile('/workspace/report.md');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c834b1044f561732 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/lazy-runtime-workspace.test.ts:204
		await lazyWorkspace.filesystem?.readFile('/workspace/report.md');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e3add6311f7b8509 Environment-variable access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/sandbox-setup.test.ts:90
		delete process.env[LINK_WORKSPACE_SDK_ENV];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #07b86e5d2a55a7b0 Environment-variable access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/sandbox-setup.test.ts:92
		process.env[LINK_WORKSPACE_SDK_ENV] = value;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6858ce277dcc8c05 Environment-variable access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/sandbox-setup.test.ts:227
		process.env.N8N_INSTANCE_AI_SANDBOX_LINK_SDK = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d0a098cd4ad479b7 Environment-variable access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/sandbox-setup.test.ts:229
		delete process.env.N8N_INSTANCE_AI_SANDBOX_LINK_SDK;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #498214164db04772 Environment-variable access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/sandbox-setup.test.ts:242
	const originalLinkSdk = process.env.N8N_INSTANCE_AI_SANDBOX_LINK_SDK;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #66edbaf4a16aa452 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/scoped-workspace.test.ts:87
		await workspace.filesystem?.writeFile('src/workflow.ts', 'code', { recursive: true });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5f00eac4bec6f45d Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/scoped-workspace.test.ts:101
			workspace.filesystem?.readFile('/workspace/builders/agent-2/src/workflow.ts'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e9786a8ebb362588 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/snapshot-image-context.test.ts:33
		await expect(readFile(join(stagingDir, 'skills/demo/SKILL.md'), 'utf-8')).resolves.toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3cac5ce0c33e47b6 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/snapshot-image-context.test.ts:37
			readFile(join(stagingDir, 'knowledge-base/best-practices/scheduling.md'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #65865c1a138c2aee Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/snapshot-image-context.test.ts:52
		await expect(readFile(join(first.stagingDir, 'package.json'), 'utf-8')).resolves.toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #184b64a3615e1e86 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/snapshot-image-context.test.ts:78
			readFile(join(results[0].stagingDir, 'skills/post-build-flow/SKILL.md'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #12714d7847a1e67c Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/snapshot-image-context.test.ts:81
			readFile(join(results[0].stagingDir, 'knowledge-base/templates/example.ts'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #98a2707f35f7841d Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/snapshot-manager.test.ts:162
			readFile(join(stagingDir, 'skills/data-table-manager/SKILL.md'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1c9cceae3b640650 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/snapshot-manager.test.ts:165
			readFile(
				join(stagingDir, 'skills/data-table-manager/references/data-table-playbook.md'),
				'utf-8',
			),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #545afef9b6c93a8a Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/snapshot-manager.test.ts:171
			readFile(join(stagingDir, 'skills/registry.json'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #be8d4d644608a9f1 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/snapshot-manager.test.ts:174
			readFile(join(stagingDir, 'skills/.manifest.json'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1e44e03dcfe6a1a6 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/snapshot-manager.test.ts:177
			readFile(join(stagingDir, 'knowledge-base/best-practices/scheduling.md'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dde8af3ea5c681c9 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/snapshot-manager.test.ts:180
			readFile(join(stagingDir, 'knowledge-base/best-practices/index.json'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bae122658f29e063 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/__tests__/snapshot-manager.test.ts:183
			readFile(join(stagingDir, 'knowledge-base/.manifest.json'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a5f3a4fbc498c0f5 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/builder-templates-service.ts:238
			const buffer = await fsp.readFile(archivePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd2c50dfda045af4 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/builder-templates-service.ts:281
			const raw = await fsp.readFile(path.join(this.cacheDir, ETAG_FILENAME), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d683681857edf8ee Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/builder-templates-service.ts:290
			const raw = await fsp.readFile(path.join(this.cacheDir, SHA256_FILENAME), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #54855b09d4ac9b5d Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/builder-templates-service.ts:299
			const raw = (await fsp.readFile(path.join(this.cacheDir, CHANNEL_FILENAME), 'utf-8')).trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fc0c6c631956d9f1 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/builder-templates-service.ts:552
		await fsp.writeFile(tmp, contents);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e5779c15cc23122f Environment-variable access.
repo/packages/@n8n/instance-ai/src/workspace/builder-templates-service.ts:592
	const url = process.env.N8N_INSTANCE_AI_TEMPLATES_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ad1e63976cfcc297 Environment-variable access.
repo/packages/@n8n/instance-ai/src/workspace/builder-templates-service.ts:593
	const hoursRaw = process.env.N8N_INSTANCE_AI_TEMPLATES_REFRESH_HOURS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7364dfcc0aa832be Environment-variable access.
repo/packages/@n8n/instance-ai/src/workspace/builder-templates-service.ts:594
	const disabled = process.env.N8N_INSTANCE_AI_TEMPLATES_DISABLED;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fbc680188a1069f3 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/lazy-runtime-workspace.ts:210
		return await (await this.getFilesystem()).readFile(path, options);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #36bc62290c076cb0 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/lazy-runtime-workspace.ts:214
		await (await this.getFilesystem()).writeFile(path, content, options);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #85bfb8d2474c5072 Environment-variable access.
repo/packages/@n8n/instance-ai/src/workspace/pack-workspace-sdk.ts:45
	const v = process.env[ENV_FLAG];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #be73c9dc9141fa0b Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/pack-workspace-sdk.ts:94
		const tarball = await readFile(tarballPath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8e10036c06d23500 Environment-variable access.
repo/packages/@n8n/instance-ai/src/workspace/sandbox-setup.ts:125
	const linkFlag = process.env.N8N_INSTANCE_AI_SANDBOX_LINK_SDK;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #964c38c650f85327 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/sandbox-setup.ts:361
		await filesystem.writeFile(path, content, { recursive: true });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f50ca6e6d00f9550 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/sandbox-setup.ts:380
			const content = await filesystem.readFile(path, { encoding: 'utf-8' });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0be529d84b10b4d1 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/scoped-workspace.ts:75
		return await this.filesystem.readFile(resolvePath(this.root, path), options);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6401e22bf0b31494 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/scoped-workspace.ts:79
		await this.filesystem.writeFile(resolvePath(this.root, path), content, options);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d6d1d205f3dfef29 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/snapshot-image-context.ts:39
		await writeFile(targetPath, content, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #263dac3dbc1b5945 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/workspace-files.ts:43
			return decodeWorkspaceFileContent(await filesystem.readFile(filePath, { encoding: 'utf-8' }));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #636e269249d89ec1 Filesystem access.
repo/packages/@n8n/instance-ai/src/workspace/workspace-files.ts:80
			await workspace.filesystem.writeFile(filePath, content, { recursive: true });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/testing/containers

npm first-party
high pii_flow production #68c82e87f0885056 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/testing/containers/services/keycloak.ts:520 · flow /tmp/closeopen-zwski0h_/repo/packages/testing/containers/services/keycloak.ts:509 → /tmp/closeopen-zwski0h_/repo/packages/testing/containers/services/keycloak.ts:520
			const { headers, body } = await undiciRequest(formAction, {
				method: 'POST',
				headers: loginHeaders,
				body: loginBody.toString(),
				dispatcher: agent,
			});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #ab4f8d9b3cfb35cb User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/testing/containers/services/ngrok.ts:85 · flow /tmp/closeopen-zwski0h_/repo/packages/testing/containers/services/ngrok.ts:48 → /tmp/closeopen-zwski0h_/repo/packages/testing/containers/services/ngrok.ts:85
			const response = await fetch(`http://${host}:${hostPort}/api/tunnels`);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 40 low-confidence finding(s)
low env_fs production #3d3bcae92b26cc9d Environment-variable access.
repo/packages/testing/containers/helm-stack.ts:170
	if (process.env.N8N_LICENSE_TENANT_ID) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #09c7b2f78af7ac51 Environment-variable access.
repo/packages/testing/containers/helm-stack.ts:171
		extraEnvs.push({ name: 'N8N_LICENSE_TENANT_ID', value: process.env.N8N_LICENSE_TENANT_ID });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #321463665d5a4c02 Environment-variable access.
repo/packages/testing/containers/helm-stack.ts:173
	if (process.env.N8N_LICENSE_ACTIVATION_KEY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cd9b433076a49484 Environment-variable access.
repo/packages/testing/containers/helm-stack.ts:176
			value: process.env.N8N_LICENSE_ACTIVATION_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #934a3042e60dbc4c Environment-variable access.
repo/packages/testing/containers/helm-stack.ts:179
	if (process.env.N8N_LICENSE_CERT) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4f54a486bf458a7c Environment-variable access.
repo/packages/testing/containers/helm-stack.ts:180
		extraEnvs.push({ name: 'N8N_LICENSE_CERT', value: process.env.N8N_LICENSE_CERT });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1446c66401abc081 Filesystem access.
repo/packages/testing/containers/helm-stack.ts:331
	writeFileSync(kubeConfigPath, namedKubeconfig);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e7ee3f51afe0a2ba Filesystem access.
repo/packages/testing/containers/helm-stack.ts:349
		writeFileSync(defaultKubeconfig, merged);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3ccf55558c35f788 Filesystem access.
repo/packages/testing/containers/helm-start-stack.ts:124
		writeFileSync(values['url-file'], stack.baseUrl);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #efbfdfe3b24a9ea6 Filesystem access.
repo/packages/testing/containers/helm-start-stack.ts:129
		writeFileSync(values['kubeconfig-file'], stack.kubeConfigPath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9922268f14792812 Environment-variable access.
repo/packages/testing/containers/helpers/utils.ts:12
	const isVerbose = process.env.CONTAINER_TELEMETRY_VERBOSE === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c7e0c6e0a372711b Environment-variable access.
repo/packages/testing/containers/network-stabilization.ts:18
	if (!process.env.CI || os.platform() !== 'linux') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5e15e83bf251a0d0 Environment-variable access.
repo/packages/testing/containers/pull-test-images.ts:111
	if (failures.length > 0 && process.env.STRICT_IMAGE_PULL === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #87fc81a120835a30 Filesystem access.
repo/packages/testing/containers/service-stack.ts:83
	writeFileSync(devEnvFilePath(), lines.join('\n'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7be4ffab229b9f64 Environment-variable access.
repo/packages/testing/containers/services/n8n.ts:48
	N8N_ENCRYPTION_KEY: process.env.N8N_ENCRYPTION_KEY ?? 'test-encryption-key',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #af23db25f2a4f597 Environment-variable access.
repo/packages/testing/containers/services/n8n.ts:55
	N8N_LICENSE_TENANT_ID: process.env.N8N_LICENSE_TENANT_ID ?? '1001',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6c8c8152fbf78809 Environment-variable access.
repo/packages/testing/containers/services/n8n.ts:56
	N8N_LICENSE_ACTIVATION_KEY: process.env.N8N_LICENSE_ACTIVATION_KEY ?? '',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #40bf30bd2ad0adae Environment-variable access.
repo/packages/testing/containers/services/n8n.ts:57
	N8N_LICENSE_CERT: process.env.N8N_LICENSE_CERT ?? '',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #98c6cef5f116a1ed Environment-variable access.
repo/packages/testing/containers/services/n8n.ts:119
			if (!process.env.N8N_LICENSE_ACTIVATION_KEY && !process.env.N8N_LICENSE_CERT) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cdc17334b25105e5 Environment-variable access.
repo/packages/testing/containers/services/ngrok.ts:48
		const authToken = process.env.NGROK_AUTHTOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1c8c0eb7de84eed1 Filesystem access.
repo/packages/testing/containers/services/proxy.ts:2
import { promises as fs } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5400f47155d776cd Filesystem access.
repo/packages/testing/containers/services/proxy.ts:205
					const fileContent = await fs.readFile(filePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6e77d76e28348b01 Filesystem access.
repo/packages/testing/containers/services/proxy.ts:488
				await fs.writeFile(filePath, JSON.stringify(processedExpectation, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f4af0a5d102b3acb Environment-variable access.
repo/packages/testing/containers/telemetry.ts:62
	const ref = process.env.GITHUB_REF ?? '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c6f95f7c4d8bc16e Environment-variable access.
repo/packages/testing/containers/telemetry.ts:66
		sha: process.env.GITHUB_SHA?.slice(0, 8) ?? 'local',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d005ebd3df9bde68 Environment-variable access.
repo/packages/testing/containers/telemetry.ts:67
		branch: process.env.GITHUB_HEAD_REF ?? process.env.GITHUB_REF_NAME ?? 'local',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9f4c58c80e53c331 Environment-variable access.
repo/packages/testing/containers/telemetry.ts:74
		runId: process.env.GITHUB_RUN_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1dfe9a786f0b6aa1 Environment-variable access.
repo/packages/testing/containers/telemetry.ts:75
		job: process.env.GITHUB_JOB,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #59c48cde4f19be31 Environment-variable access.
repo/packages/testing/containers/telemetry.ts:76
		workflow: process.env.GITHUB_WORKFLOW,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ba3f3d39f680d6e2 Environment-variable access.
repo/packages/testing/containers/telemetry.ts:77
		attempt: process.env.GITHUB_RUN_ATTEMPT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aa7c67bc603207c2 Environment-variable access.
repo/packages/testing/containers/telemetry.ts:78
			? parseInt(process.env.GITHUB_RUN_ATTEMPT, 10)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #55568c0d4c0a55d5 Environment-variable access.
repo/packages/testing/containers/telemetry.ts:85
	if (!process.env.CI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e96286881ed3bbec Environment-variable access.
repo/packages/testing/containers/telemetry.ts:89
	if (process.env.RUNNER_ENVIRONMENT === 'github-hosted') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a5fafcf5b2cda1f9 Environment-variable access.
repo/packages/testing/containers/telemetry.ts:182
		const isVerbose = process.env.CONTAINER_TELEMETRY_VERBOSE === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #56063b0345bb48b0 Environment-variable access.
repo/packages/testing/containers/telemetry.ts:183
		const webhookUrl = process.env.QA_METRICS_WEBHOOK_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #adf6cd7aa7a83e09 Environment-variable access.
repo/packages/testing/containers/telemetry.ts:211
		const repo = process.env.GITHUB_REPOSITORY ?? null;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9a0ce7cf87fd5a53 Environment-variable access.
repo/packages/testing/containers/telemetry.ts:283
		const webhookUser = process.env.QA_METRICS_WEBHOOK_USER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d0689f87ec5e8243 Environment-variable access.
repo/packages/testing/containers/telemetry.ts:284
		const webhookPassword = process.env.QA_METRICS_WEBHOOK_PASSWORD;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #efbea35181b0af4d Environment-variable access.
repo/packages/testing/containers/test-containers.ts:84
	let value = process.env[envVar];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #10a9dfa2349894da Environment-variable access.
repo/packages/testing/containers/test-containers.ts:87
		value = process.env.N8N_DOCKER_IMAGE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/@n8n/cli

npm first-party
high pii_flow production #bb9e0978c889272f User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/@n8n/cli/src/client.ts:89 · flow /tmp/closeopen-zwski0h_/repo/packages/@n8n/cli/src/client.ts:48 → /tmp/closeopen-zwski0h_/repo/packages/@n8n/cli/src/client.ts:89
			response = await fetch(url.toString(), { method, headers, body });

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 23 low-confidence finding(s)
low env_fs test-only #565ff2586d69d483 Environment-variable access.
repo/packages/@n8n/cli/src/__tests__/config.test.ts:25
		delete process.env.N8N_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #484c9970cd6d77cc Environment-variable access.
repo/packages/@n8n/cli/src/__tests__/config.test.ts:26
		delete process.env.N8N_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7fcf4e756ccbf17f Environment-variable access.
repo/packages/@n8n/cli/src/__tests__/config.test.ts:36
		process.env.N8N_URL = 'https://env.example.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #80e3e47b3219f660 Environment-variable access.
repo/packages/@n8n/cli/src/__tests__/config.test.ts:37
		process.env.N8N_API_KEY = 'env_key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d87907dcb1bb348c Environment-variable access.
repo/packages/@n8n/cli/src/__tests__/config.test.ts:49
		process.env.N8N_URL = 'https://env.example.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b493e5ef453bf685 Environment-variable access.
repo/packages/@n8n/cli/src/__tests__/config.test.ts:50
		process.env.N8N_API_KEY = 'env_key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3fcd9ac89c431e8a Environment-variable access.
repo/packages/@n8n/cli/src/__tests__/config.test.ts:88
		process.env.N8N_API_KEY = 'env_key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9dce4729ab591949 Filesystem access.
repo/packages/@n8n/cli/src/base-command.ts:156
			return fs.readFileSync(0, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9de388c238d96791 Filesystem access.
repo/packages/@n8n/cli/src/base-command.ts:159
			return fs.readFileSync(flags.file, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3031b7fe9c554b59 Filesystem access.
repo/packages/@n8n/cli/src/commands/package/export.ts:69
			fs.writeFileSync(flags.output, archive);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #71068a2daa7a6388 Filesystem access.
repo/packages/@n8n/cli/src/commands/package/import.ts:63
			const buffer = fs.readFileSync(flags.file);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4ea3e8fa2adf995d Filesystem access.
repo/packages/@n8n/cli/src/commands/skill/install.ts:39
		const content = fs.readFileSync(skillSource, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b42cf3544c56fa44 Filesystem access.
repo/packages/@n8n/cli/src/commands/skill/install.ts:61
		fs.writeFileSync(targetFile, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9a26e6e1a3d6e115 Filesystem access.
repo/packages/@n8n/cli/src/commands/skill/install.ts:77
			const existing = fs.readFileSync(targetFile, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #089012ec14e5d45f Filesystem access.
repo/packages/@n8n/cli/src/commands/skill/install.ts:82
			fs.writeFileSync(targetFile, `${existing}\n\n${stripped}`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a904606d61d7eaa4 Filesystem access.
repo/packages/@n8n/cli/src/commands/skill/install.ts:85
			fs.writeFileSync(targetFile, stripped);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d91eb60eda687380 Filesystem access.
repo/packages/@n8n/cli/src/commands/skill/install.ts:95
			const existing = fs.readFileSync(targetFile, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #47939a590e566624 Filesystem access.
repo/packages/@n8n/cli/src/commands/skill/install.ts:100
			fs.writeFileSync(targetFile, `${existing}\n\n${stripped}`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aa14be830f379585 Filesystem access.
repo/packages/@n8n/cli/src/commands/skill/install.ts:103
			fs.writeFileSync(targetFile, stripped);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2572862ecad6793d Filesystem access.
repo/packages/@n8n/cli/src/config.ts:21
		const raw = fs.readFileSync(CONFIG_FILE, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d07864ddb3c06fcb Filesystem access.
repo/packages/@n8n/cli/src/config.ts:30
	fs.writeFileSync(CONFIG_FILE, JSON.stringify(config, null, 2) + '\n', {
		mode: 0o600,
	});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d07d17cb44488838 Environment-variable access.
repo/packages/@n8n/cli/src/config.ts:52
		url: flags.url ?? process.env.N8N_URL ?? config.url,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b8324eac57b678d8 Environment-variable access.
repo/packages/@n8n/cli/src/config.ts:53
		apiKey: flags.apiKey ?? process.env.N8N_API_KEY ?? config.apiKey,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/@n8n/computer-use

npm first-party
high pii_flow production #5620367e95cbfa07 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/@n8n/computer-use/src/gateway-client.ts:302 · flow /tmp/closeopen-zwski0h_/repo/packages/@n8n/computer-use/src/gateway-client.ts:308 → /tmp/closeopen-zwski0h_/repo/packages/@n8n/computer-use/src/gateway-client.ts:302
		const response = await fetch(url, {
			method: 'POST',
			headers,
			body: JSON.stringify({
				rootPath: this.dir,
				tools,
				hostIdentifier: `${os.userInfo().username}@${os.hostname()}`,
				toolCategories: this.activeToolCategories,
			}),
		});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 37 low-confidence finding(s)
low env_fs production #8caa7a6fe09a21f3 Environment-variable access.
repo/packages/@n8n/computer-use/src/config.test.ts:102
		process.env.N8N_GATEWAY_ALLOWED_ORIGINS = 'https://from-env.example.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #39e48e151ef8dd99 Environment-variable access.
repo/packages/@n8n/computer-use/src/config.ts:78
	return process.env[`${ENV_PREFIX}${name}`];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #982fcb003bee6b44 Environment-variable access.
repo/packages/@n8n/computer-use/src/config.ts:167
	const logLevel = envString('LOG_LEVEL') ?? process.env.LOG_LEVEL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d9714e8f0abd28c5 Filesystem access.
repo/packages/@n8n/computer-use/src/settings-store.test.ts:44
		await fs.writeFile(path.join(dir, 'settings.json'), JSON.stringify(initial), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d1763c5ac2cb1a7c Filesystem access.
repo/packages/@n8n/computer-use/src/settings-store.test.ts:87
		await fs.writeFile(filePath, 'not-json', 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8c774de1097d2d6e Filesystem access.
repo/packages/@n8n/computer-use/src/settings-store.test.ts:102
		const raw = await fs.readFile(path.join(tmpDir, '.n8n-gateway', 'settings.json'), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b4f7b665bd61f8af Filesystem access.
repo/packages/@n8n/computer-use/src/settings-store.test.ts:121
		await fs.writeFile(file, existing, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4ea68fa032965474 Filesystem access.
repo/packages/@n8n/computer-use/src/settings-store.test.ts:124
		const raw = await fs.readFile(file, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3b421f10ff8b9348 Filesystem access.
repo/packages/@n8n/computer-use/src/settings-store.test.ts:243
		const raw = await fs.readFile(path.join(tmpDir, '.n8n-gateway', 'settings.json'), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0fcf8042aa0964ea Filesystem access.
repo/packages/@n8n/computer-use/src/settings-store.ts:107
		await fs.writeFile(filePath, JSON.stringify(initialSettings, null, 2), {
			encoding: 'utf-8',
			mode: 0o600,
		});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ea1bcef6ab17a2a2 Filesystem access.
repo/packages/@n8n/computer-use/src/settings-store.ts:264
		await fs.writeFile(this.filePath, JSON.stringify(this.persistent, null, 2), {
			encoding: 'utf-8',
			mode: 0o600,
		});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #20fc9f8fd5d53dae Filesystem access.
repo/packages/@n8n/computer-use/src/settings-store.ts:277
		const raw = await fs.readFile(filePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6292c2c2252fc9be Filesystem access.
repo/packages/@n8n/computer-use/src/startup-config-cli.test.ts:102
		const raw = await fs.readFile(nodePath.join(tmpDir, '.n8n-gateway', 'settings.json'), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d3b12fb66c1f0bf2 Filesystem access.
repo/packages/@n8n/computer-use/src/startup-config-cli.test.ts:123
		const raw = await fs.readFile(nodePath.join(tmpDir, '.n8n-gateway', 'settings.json'), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fff098bbf442a3c8 Filesystem access.
repo/packages/@n8n/computer-use/src/startup-config-cli.test.ts:137
		await fs.writeFile(file, existing, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #371c7e725106d88f Filesystem access.
repo/packages/@n8n/computer-use/src/startup-config-cli.test.ts:141
		const raw = await fs.readFile(file, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e64268b68abd5d1e Filesystem access.
repo/packages/@n8n/computer-use/src/startup-config-cli.test.ts:150
		const raw = await fs.readFile(nodePath.join(tmpDir, '.n8n-gateway', 'settings.json'), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b4654196ee63a3ce Filesystem access.
repo/packages/@n8n/computer-use/src/tools/filesystem/edit-file.ts:38
		const content = await fs.readFile(resolvedReadablePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cae6d46fc51c171e Filesystem access.
repo/packages/@n8n/computer-use/src/tools/filesystem/edit-file.ts:44
		await fs.writeFile(resolvedWritablePath, content.replace(oldString, newString), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5abbc8bf4ab44cb1 Filesystem access.
repo/packages/@n8n/computer-use/src/tools/filesystem/read-file.ts:47
		const fileContent = await fs.readFile(resolvedPath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bdefefcbccbc9ccb Filesystem access.
repo/packages/@n8n/computer-use/src/tools/filesystem/search-files.test.ts:29
	await fs.writeFile(fullPath, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a9501ad513232999 Filesystem access.
repo/packages/@n8n/computer-use/src/tools/filesystem/search-files.test.ts:231
			await fs.writeFile(path.join(baseDir, 'binary.dat'), Buffer.from([0xff, 0xfe, 0xfd, 0xfc]));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9828f232acb14dbe Filesystem access.
repo/packages/@n8n/computer-use/src/tools/filesystem/search-files.ts:95
				const fileContent = await fs.readFile(fullPath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3eeebc30041bdd71 Filesystem access.
repo/packages/@n8n/computer-use/src/tools/filesystem/write-file.ts:35
		await fs.writeFile(resolvedPath, content, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b3d678c55e936cca Environment-variable access.
repo/packages/@n8n/computer-use/src/tools/mouse-keyboard/index.ts:18
		if (process.env.WAYLAND_DISPLAY && !process.env.DISPLAY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #22dde78e7c918212 Environment-variable access.
repo/packages/@n8n/computer-use/src/tools/mouse-keyboard/mouse-keyboard.test.ts:259
	const originalWaylandDisplay = process.env.WAYLAND_DISPLAY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #355d6048d47bf426 Environment-variable access.
repo/packages/@n8n/computer-use/src/tools/mouse-keyboard/mouse-keyboard.test.ts:260
	const originalDisplay = process.env.DISPLAY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #76e8cc6d8cc8c4a8 Environment-variable access.
repo/packages/@n8n/computer-use/src/tools/mouse-keyboard/mouse-keyboard.test.ts:265
			delete process.env.WAYLAND_DISPLAY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f8a189f8a74437e9 Environment-variable access.
repo/packages/@n8n/computer-use/src/tools/mouse-keyboard/mouse-keyboard.test.ts:267
			process.env.WAYLAND_DISPLAY = originalWaylandDisplay;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #df8618ca04e95b5e Environment-variable access.
repo/packages/@n8n/computer-use/src/tools/mouse-keyboard/mouse-keyboard.test.ts:270
			delete process.env.DISPLAY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #38a472eaa449760c Environment-variable access.
repo/packages/@n8n/computer-use/src/tools/mouse-keyboard/mouse-keyboard.test.ts:272
			process.env.DISPLAY = originalDisplay;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5c868ec9da19bd5e Environment-variable access.
repo/packages/@n8n/computer-use/src/tools/mouse-keyboard/mouse-keyboard.test.ts:278
		process.env.WAYLAND_DISPLAY = 'wayland-0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f44f83017aa1e67c Environment-variable access.
repo/packages/@n8n/computer-use/src/tools/mouse-keyboard/mouse-keyboard.test.ts:279
		delete process.env.DISPLAY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e3593adcb0ced6d9 Environment-variable access.
repo/packages/@n8n/computer-use/src/tools/mouse-keyboard/mouse-keyboard.test.ts:287
		delete process.env.WAYLAND_DISPLAY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9cef3f93bc19f972 Environment-variable access.
repo/packages/@n8n/computer-use/src/tools/mouse-keyboard/mouse-keyboard.test.ts:288
		process.env.DISPLAY = ':0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #08b6146c8051f707 Environment-variable access.
repo/packages/@n8n/computer-use/src/tools/mouse-keyboard/mouse-keyboard.test.ts:297
		delete process.env.WAYLAND_DISPLAY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #43f642eed3adaab7 Environment-variable access.
repo/packages/@n8n/computer-use/src/tools/mouse-keyboard/mouse-keyboard.test.ts:298
		process.env.DISPLAY = ':0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/@n8n/mcp-apps

npm first-party
medium telemetry production #fe658a3df3a92326 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/mcp-apps/src/apps/workflow-preview/composables/use-workflow-preview.ts:120
		telemetry.track(WORKFLOW_PREVIEW_TELEMETRY_EVENTS.PREVIEW_RENDER_FAILED, {
			...getPreviewTelemetryPayload(),
			reason,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #23de33085221a7dd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/mcp-apps/src/apps/workflow-preview/composables/use-workflow-preview.ts:129
		telemetry.track(
			WORKFLOW_PREVIEW_TELEMETRY_EVENTS.PREVIEW_RENDERED_SUCCESSFULLY,
			getPreviewTelemetryPayload(),
		);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #fc45e20637bb0c71 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/mcp-apps/src/apps/workflow-preview/composables/use-workflow-preview.ts:147
		telemetry.track(WORKFLOW_PREVIEW_TELEMETRY_EVENTS.OPEN_IN_N8N_CLICKED, {
			...getPreviewTelemetryPayload(),
			source,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #f83aeb7bffebf451 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/mcp-apps/src/apps/workflow-preview/composables/use-workflow-preview.ts:193
		telemetry.track(WORKFLOW_PREVIEW_TELEMETRY_EVENTS.PREVIEW_TOOL_CALL_COMPLETED, {
			...getPreviewToolCallTelemetryPayload(requestId),
			duration_ms: Math.max(0, Math.round(performance.now() - startedAt)),
			outcome,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #9ed2ab2b8d3edd75 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/mcp-apps/src/apps/workflow-preview/composables/use-workflow-preview.ts:212
		telemetry.track(WORKFLOW_PREVIEW_TELEMETRY_EVENTS.PREVIEW_CRASHED, {
			...getPreviewTelemetryPayload(),
			...(message ? { error_message: sanitizeTelemetryErrorMessage(message) } : {}),
			source: WORKFLOW_PREVIEW_CRASH_SOURCES.PREVIEW_IFRAME_ERROR,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #66a80295e685afa4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/mcp-apps/src/apps/workflow-preview/composables/use-workflow-preview.ts:234
		telemetry.track(
			WORKFLOW_PREVIEW_TELEMETRY_EVENTS.PREVIEW_TOOL_CALL_REQUESTED,
			getPreviewToolCallTelemetryPayload(requestId),
		);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #8771f8fa52a6474c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/mcp-apps/src/composables/use-mcp-app-crash-telemetry.ts:33
		telemetry.track(event, {
			app,
			...getMcpClientTelemetryProperties(hostVersion.value),
			error_message: sanitizeTelemetryErrorMessage(getErrorMessage(error)),
			source,
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b4d948076079deaf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/mcp-apps/src/composables/use-mcp-app-telemetry.ts:48
			telemetry.track(events.renderFailed, {
				app,
				...getMcpClientTelemetryProperties(hostVersion.value),
				error_message: getConnectionErrorReason(connectionError.value),
				reason: renderFailedReason,
			});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b612db5611054cd1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/mcp-apps/src/telemetry/index.test.ts:54
		telemetry.track('Test event', { boot_ms: 42 });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #f94b10d4efd95dc4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/mcp-apps/src/telemetry/index.test.ts:70
		telemetry.track('Test event', {
			apiKey: 'secret-api-key',
			error_message: 'Authorization: Bearer abc.def-ghi_jkl/mno=',
		});

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #efd00e5d0b54519a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/mcp-apps/src/telemetry/index.test.ts:93
		telemetry.track('Test event');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #f6fe791a41d86d7f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/mcp-apps/src/telemetry/index.test.ts:103
		telemetry.track('Test event');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b3bec66e3917901c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/mcp-apps/src/telemetry/index.test.ts:111
		telemetry.track('Test event');

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #31b17d3f7dc62750 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/mcp-apps/src/telemetry/index.test.ts:118
		telemetry.track('Test event', { reason: 'x' });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #2d1d9058454b9b7e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/mcp-apps/src/telemetry/index.ts:88
			this.rudderStack?.track(
				event,
				{
					...sanitizedProperties,
					instance_id: this.config.instanceId,
					version_cli: this.config.versionCli,
				},
				// Send a fake IP so RudderStack does not capture the user's real one.
				{ context: { ip: '0.0.0.0' } },
			);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 2 low-confidence finding(s)
low env_fs production #872fad9b30a2b1a8 Filesystem access.
repo/packages/@n8n/mcp-apps/src/server/resource-loader.ts:35
	const html = await readFile(join(getPackageRoot(), 'dist', 'apps', fileName), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #357d3d5705159972 Filesystem access.
repo/packages/@n8n/mcp-apps/src/server/sdk-version.test.ts:31
			const pkg = JSON.parse(readFileSync(pkgJsonPath, 'utf8')) as PackageJson;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/@n8n/agents

npm first-party
medium telemetry test-only #bde4a435c3c1e2c2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/agents/src/runtime/__tests__/background-task-tracker.test.ts:10
		tracker.track(inner);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only #9517ef503aecbf1f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/agents/src/runtime/__tests__/background-task-tracker.test.ts:34
		tracker.track(a);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only #27549a253d70dde0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/agents/src/runtime/__tests__/background-task-tracker.test.ts:35
		tracker.track(b);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only #0c6733d31b6076bf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/agents/src/runtime/__tests__/background-task-tracker.test.ts:46
		tracker.track(rejected);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only #60c058ee0ddf85bd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/agents/src/runtime/__tests__/background-task-tracker.test.ts:58
		tracker.track(inner);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only #862cc0da4625d7e0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/agents/src/runtime/__tests__/background-task-tracker.test.ts:67
		tracker.track(Promise.resolve());

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ae0bc39af06e028b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/agents/src/runtime/loop/agent-runtime.ts:669
		this.backgroundTasks.track(titlePromise);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #01936958d876c454 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/agents/src/runtime/memory/memory-orchestrator.ts:373
		this.backgroundTasks.track(queued);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d6ad1ac68c35a2ac Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/agents/src/runtime/memory/scoped-memory-task-runner.ts:130
		this.tracker.track(queued);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 92 low-confidence finding(s)
low env_fs test-only #8472f37740b600a9 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/fixtures/generate-bulk-vector-fixture.ts:87
	if (!process.env.OPENAI_API_KEY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8a39b3d5684eba92 Filesystem access.
repo/packages/@n8n/agents/src/__tests__/fixtures/generate-bulk-vector-fixture.ts:139
	await writeFile(OUT_PATH, JSON.stringify(fixture));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #76a7b8935ba5a220 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/agent-vector-store-pinecone.test.ts:21
const PINECONE_API_KEY = process.env.PINECONE_TEST_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bd14cce21fd75630 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/agent-vector-store-pinecone.test.ts:22
const hasKeys = Boolean(process.env.ANTHROPIC_API_KEY) && Boolean(process.env.OPENAI_API_KEY);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cc4f5345a4f7e89c Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/agent-vector-store-postgres.test.ts:20
const PG_URL = process.env.PG_VECTOR_TEST_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ee07144fb6b2f769 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/agent-vector-store-postgres.test.ts:21
const hasKeys = Boolean(process.env.ANTHROPIC_API_KEY) && Boolean(process.env.OPENAI_API_KEY);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4698674df20333be Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/agent-vector-store-qdrant.test.ts:18
const QDRANT_URL = process.env.QDRANT_TEST_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7c379f252d22b581 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/agent-vector-store-qdrant.test.ts:19
const QDRANT_API_KEY = process.env.QDRANT_TEST_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6f1b2fd1546b606f Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/agent-vector-store-qdrant.test.ts:20
const hasKeys = Boolean(process.env.ANTHROPIC_API_KEY) && Boolean(process.env.OPENAI_API_KEY);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6c0d0244511d7936 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/agent-vector-store-supabase.test.ts:21
const SUPABASE_URL = process.env.SUPABASE_TEST_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #62ce829f207446e9 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/agent-vector-store-supabase.test.ts:22
const SUPABASE_API_KEY = process.env.SUPABASE_TEST_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #78b5eb619aabcb78 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/agent-vector-store-supabase.test.ts:23
const SUPABASE_DB_URL = process.env.SUPABASE_TEST_DB_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5ccca95929348a29 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/agent-vector-store-supabase.test.ts:24
const hasKeys = Boolean(process.env.ANTHROPIC_API_KEY) && Boolean(process.env.OPENAI_API_KEY);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4b4bf6f7fe12e0b2 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/helpers.ts:24
		return Boolean(process.env[envVar]);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e01926d42e1e247e Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/helpers.ts:26
	const isReplayMode = Boolean(process.env.CI);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2b297d59d9a490f5 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/pg-vector-store.test.ts:14
const PG_URL = process.env.PG_VECTOR_TEST_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a682a61ae9368e52 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/pinecone-vector-store.test.ts:17
const PINECONE_API_KEY = process.env.PINECONE_TEST_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #622313dc66fc3966 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/qdrant-vector-store.test.ts:14
const QDRANT_URL = process.env.QDRANT_TEST_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0cc74bb58180f614 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/qdrant-vector-store.test.ts:15
const QDRANT_API_KEY = process.env.QDRANT_TEST_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #34e4853a0caee3d8 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/supabase-vector-store.test.ts:22
const SUPABASE_URL = process.env.SUPABASE_TEST_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6c10b90ca1a25d71 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/supabase-vector-store.test.ts:23
const SUPABASE_API_KEY = process.env.SUPABASE_TEST_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7e307f398ee163ee Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/supabase-vector-store.test.ts:24
const SUPABASE_DB_URL = process.env.SUPABASE_TEST_DB_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #41045978288882f3 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/telemetry-langsmith.test.ts:36
		previousTracingV2 = process.env.LANGCHAIN_TRACING_V2;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #55ec5b3f8c0107a9 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/telemetry-langsmith.test.ts:37
		process.env.LANGCHAIN_TRACING_V2 = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #49d906863c5058cb Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/telemetry-langsmith.test.ts:68
			delete process.env.LANGCHAIN_TRACING_V2;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #96eaba0ef3879995 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/telemetry-langsmith.test.ts:70
			process.env.LANGCHAIN_TRACING_V2 = previousTracingV2;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b6a1c01cdd03a5c8 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/vcr.ts:13
export const IS_RECORD_MODE = process.env.VCR_MODE === 'record';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9f100a0bee3b5ae4 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/vcr.ts:19
export const IS_REPLAY_MODE = Boolean(process.env.CI);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4c7658c5a272dc3b Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/vector-store-bulk-pinecone.test.ts:21
const PINECONE_API_KEY = process.env.PINECONE_TEST_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7193128eb59251c2 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/vector-store-bulk-postgres.test.ts:20
const PG_URL = process.env.PG_VECTOR_TEST_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e4019c9c66f16711 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/vector-store-bulk-qdrant.test.ts:19
const QDRANT_URL = process.env.QDRANT_TEST_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b187025f016ddd01 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/vector-store-bulk-qdrant.test.ts:20
const QDRANT_API_KEY = process.env.QDRANT_TEST_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e74b1af1fab5c6c7 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/vector-store-bulk-supabase.test.ts:22
const SUPABASE_URL = process.env.SUPABASE_TEST_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b0a6dc02e3b7d9fa Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/vector-store-bulk-supabase.test.ts:23
const SUPABASE_API_KEY = process.env.SUPABASE_TEST_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1155d357cc539511 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/integration/vector-store-bulk-supabase.test.ts:24
const SUPABASE_DB_URL = process.env.SUPABASE_TEST_DB_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2ec01787c76433b8 Filesystem access.
repo/packages/@n8n/agents/src/__tests__/integration/vector-store-helpers.ts:43
		readFileSync(path.resolve(__dirname, '../fixtures/bulk-vector-fixture.json'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f0db750cbae736a7 Filesystem access.
repo/packages/@n8n/agents/src/__tests__/integration/workspace-agent.test.ts:113
		await memFs.writeFile('/project/index.ts', 'console.log("hello")');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0a3ee6adf67081a9 Filesystem access.
repo/packages/@n8n/agents/src/__tests__/integration/workspace-agent.test.ts:114
		await memFs.writeFile('/project/README.md', '# Project');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9bdb413d486746f4 Filesystem access.
repo/packages/@n8n/agents/src/__tests__/integration/workspace-agent.test.ts:176
		await memFs.writeFile('/data.json', '{"key": "value", "count": 42}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1b20c6a2453002a6 Filesystem access.
repo/packages/@n8n/agents/src/__tests__/integration/workspace-agent.test.ts:206
		await memFs.writeFile('/project/source.txt', 'alpha');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6fa7b380f4a5d71d Filesystem access.
repo/packages/@n8n/agents/src/__tests__/integration/workspace-agent.test.ts:207
		await memFs.writeFile('/project/remove-me/old.txt', 'remove this');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d0b13c47c5bff5e7 Filesystem access.
repo/packages/@n8n/agents/src/__tests__/integration/workspace-agent.test.ts:296
		await memFs.writeFile(
			'/project/config.ts',
			[
				'export const region = "OLD_REGION";',
				'export const owner = "OLD_OWNER";',
				'export const status = "OLD_STATUS";',
			].join('\n'),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d435880ae12dad72 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/langsmith-telemetry.test.ts:76
	const previousTracingV2 = process.env.LANGCHAIN_TRACING_V2;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9a9cb72149d66f78 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/langsmith-telemetry.test.ts:89
		delete process.env.LANGCHAIN_TRACING_V2;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9c6b20e5e3b4243d Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/langsmith-telemetry.test.ts:94
			delete process.env.LANGCHAIN_TRACING_V2;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dc71bfde5cd1ce87 Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/langsmith-telemetry.test.ts:96
			process.env.LANGCHAIN_TRACING_V2 = previousTracingV2;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bf369e455aa3f13f Environment-variable access.
repo/packages/@n8n/agents/src/__tests__/langsmith-telemetry.test.ts:132
		expect(process.env.LANGCHAIN_TRACING_V2).toBe('true');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e4d687107bfaabff Filesystem access.
repo/packages/@n8n/agents/src/__tests__/workspace/base-filesystem.test.ts:211
			const content = await fs.readFile('/test');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e0f58b195338a5d2 Filesystem access.
repo/packages/@n8n/agents/src/__tests__/workspace/base-filesystem.test.ts:221
			await expect(fs.readFile('/test')).rejects.toThrow();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bc726a1d86a0f00b Filesystem access.
repo/packages/@n8n/agents/src/__tests__/workspace/sandbox/daytona-sandbox.test.ts:549
		await expect(filesystem.readFile('/workspace/file.txt')).resolves.toBeUndefined();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d16e341ce05b6588 Filesystem access.
repo/packages/@n8n/agents/src/__tests__/workspace/sandbox/n8n-sandbox-filesystem.test.ts:62
		await filesystem.writeFile('/workspace/nested/file.txt', 'hello', { recursive: true });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #27ead9fe3e35c312 Filesystem access.
repo/packages/@n8n/agents/src/__tests__/workspace/sandbox/n8n-sandbox-filesystem.test.ts:76
		const content = await filesystem.readFile('/workspace/file.txt', { encoding: 'utf8' });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #05b7270362ca7956 Filesystem access.
repo/packages/@n8n/agents/src/__tests__/workspace/test-utils.ts:93
		const content = await this.readFile(src);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0f47ee76210fa759 Filesystem access.
repo/packages/@n8n/agents/src/__tests__/workspace/test-utils.ts:94
		await this.writeFile(dest, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6ec44a5db28e6496 Filesystem access.
repo/packages/@n8n/agents/src/__tests__/workspace/workspace-integration.test.ts:215
			await memFs.writeFile('/log.txt', 'line1\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #303f4c0dfe76849c Filesystem access.
repo/packages/@n8n/agents/src/__tests__/workspace/workspace-integration.test.ts:218
			const content = await memFs.readFile('/log.txt', { encoding: 'utf-8' });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f819805f271dcd89 Filesystem access.
repo/packages/@n8n/agents/src/__tests__/workspace/workspace-integration.test.ts:223
			await memFs.writeFile('/original.txt', 'original');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #10fafc48d2fbf567 Filesystem access.
repo/packages/@n8n/agents/src/__tests__/workspace/workspace-integration.test.ts:226
			expect(await memFs.readFile('/copy.txt', { encoding: 'utf-8' })).toBe('original');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8e86fea7ec0b7960 Filesystem access.
repo/packages/@n8n/agents/src/__tests__/workspace/workspace-integration.test.ts:230
			expect(await memFs.readFile('/moved.txt', { encoding: 'utf-8' })).toBe('original');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0b9878859ef0861c Filesystem access.
repo/packages/@n8n/agents/src/__tests__/workspace/workspace-integration.test.ts:235
			await memFs.writeFile('/deep/nested/file.txt', 'data');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ff6d5bd9523c9d22 Filesystem access.
repo/packages/@n8n/agents/src/__tests__/workspace/workspace-integration.test.ts:244
			await expect(memFs.readFile('/nonexistent')).rejects.toThrow('ENOENT');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #610c40522558b034 Environment-variable access.
repo/packages/@n8n/agents/src/integrations/langsmith.ts:361
		process.env.LANGCHAIN_TRACING_V2 ??= 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #960ccf5f5df8abd6 Environment-variable access.
repo/packages/@n8n/agents/src/runtime/__tests__/model-factory.test.ts:195
		delete process.env.HTTPS_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #862474ebfbb64943 Environment-variable access.
repo/packages/@n8n/agents/src/runtime/__tests__/model-factory.test.ts:196
		delete process.env.HTTP_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #055e1e0a684aae6d Environment-variable access.
repo/packages/@n8n/agents/src/runtime/__tests__/model-factory.test.ts:282
		process.env.HTTPS_PROXY = 'http://proxy:8080';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ad805dd12551a9ad Environment-variable access.
repo/packages/@n8n/agents/src/runtime/__tests__/model-factory.test.ts:289
		process.env.HTTP_PROXY = 'http://proxy:9090';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c74b583b68c896ef Environment-variable access.
repo/packages/@n8n/agents/src/runtime/__tests__/model-factory.test.ts:308
		process.env.HTTPS_PROXY = 'http://https-proxy:8080';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e8c022100878f7ee Environment-variable access.
repo/packages/@n8n/agents/src/runtime/__tests__/model-factory.test.ts:309
		process.env.HTTP_PROXY = 'http://http-proxy:9090';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f56c01563953fba1 Environment-variable access.
repo/packages/@n8n/agents/src/runtime/model/model-factory.ts:40
	const proxyUrl = process.env.HTTPS_PROXY ?? process.env.HTTP_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #bb81e8a6da97f045 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/@n8n/agents/src/sdk/catalog.ts:129
	const response = await fetch(MODELS_DEV_URL);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only #a5a73dd71231c835 Filesystem access.
repo/packages/@n8n/agents/src/skills/__tests__/runtime-skills.test.ts:1
import { mkdtempSync, mkdirSync, rmSync, writeFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1e1ecb7d5afa17f4 Filesystem access.
repo/packages/@n8n/agents/src/skills/__tests__/runtime-skills.test.ts:277
			writeFileSync(
				join(skillDir, 'SKILL.md'),
				`---
name: workflow-builder
description: Build workflows.
---

Use the workflow SDK.`,
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4434f6c80797bb73 Filesystem access.
repo/packages/@n8n/agents/src/skills/__tests__/runtime-skills.test.ts:286
			writeFileSync(join(skillDir, 'references', 'guide.md'), 'Guide text');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #97ff179a4712a84b Filesystem access.
repo/packages/@n8n/agents/src/skills/__tests__/runtime-skills.test.ts:287
			writeFileSync(join(skillDir, 'examples', 'slack.workflow.ts'), 'export default {};');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #100646b8ea417f8e Filesystem access.
repo/packages/@n8n/agents/src/skills/__tests__/runtime-skills.test.ts:329
			writeFileSync(
				join(intentSkillDir, 'SKILL.md'),
				`---
name: intent-recognition
description: Classify intent.
---

Classify automation intent.`,
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4e940b81dddddb4d Filesystem access.
repo/packages/@n8n/agents/src/skills/__tests__/runtime-skills.test.ts:338
			writeFileSync(join(intentSkillDir, 'references', 'taxonomy.md'), 'Taxonomy text');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7763cea416510f9c Filesystem access.
repo/packages/@n8n/agents/src/skills/__tests__/runtime-skills.test.ts:339
			writeFileSync(
				join(workflowSkillDir, 'SKILL.md'),
				`---
name: workflow-builder
description: Build workflows.
---

Use the workflow SDK.`,
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #82412d89364aefe6 Filesystem access.
repo/packages/@n8n/agents/src/skills/registry.ts:3
import { existsSync, lstatSync, readdirSync, readFileSync, statSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #87a6eb4757add4f5 Filesystem access.
repo/packages/@n8n/agents/src/skills/registry.ts:115
				content: readFileSync(join(skill.directory, normalizedPath), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bd127d89d71a755f Filesystem access.
repo/packages/@n8n/agents/src/skills/registry.ts:131
		const content = readFileSync(skillPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #653b0b5c31d65c29 Filesystem access.
repo/packages/@n8n/agents/src/skills/registry.ts:317
			sha256: createHash('sha256').update(readFileSync(abs)).digest('hex'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e2b2d57d0e5a0936 Filesystem access.
repo/packages/@n8n/agents/src/workspace/filesystem/n8n-sandbox-filesystem.ts:49
		const content = await client.readFile(sandboxId, path);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9272c50c4dd0fc7e Filesystem access.
repo/packages/@n8n/agents/src/workspace/filesystem/n8n-sandbox-filesystem.ts:65
		await client.writeFile(sandboxId, path, content, options?.overwrite ?? true);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #10a58fa86f0ae72f Filesystem access.
repo/packages/@n8n/agents/src/workspace/tools/batch-str-replace-file.ts:61
				const content = await filesystem.readFile(input.path, { encoding: 'utf-8' });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #89ebbded95ad4545 Filesystem access.
repo/packages/@n8n/agents/src/workspace/tools/batch-str-replace-file.ts:74
				await filesystem.writeFile(input.path, editedContent, { overwrite: true });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c06a2964ea2adaa4 Filesystem access.
repo/packages/@n8n/agents/src/workspace/tools/read-file.ts:22
			const content = await filesystem.readFile(input.path, {
				encoding: (input.encoding ?? 'utf-8') as BufferEncoding,
			});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b36136d0c10c4603 Filesystem access.
repo/packages/@n8n/agents/src/workspace/tools/str-replace-file.ts:38
				const content = await filesystem.readFile(input.path, { encoding: 'utf-8' });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3862b4a8e6dd8d48 Filesystem access.
repo/packages/@n8n/agents/src/workspace/tools/str-replace-file.ts:51
				await filesystem.writeFile(input.path, editedContent, { overwrite: true });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8cce270517432455 Filesystem access.
repo/packages/@n8n/agents/src/workspace/tools/write-file.ts:26
			await filesystem.writeFile(input.path, input.content, { recursive: input.recursive });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #379ee22378555265 Filesystem access.
repo/packages/@n8n/agents/vitest.integration.setup.ts:11
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0550d21870b72269 Environment-variable access.
repo/packages/@n8n/agents/vitest.integration.setup.ts:174
	process.env.OPENAI_API_KEY = 'sk-proj-1234567890';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2c7e657f8e3804a2 Environment-variable access.
repo/packages/@n8n/agents/vitest.integration.setup.ts:175
	process.env.ANTHROPIC_API_KEY = 'sk-proj-1234567890';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/@n8n/errors

npm first-party
medium telemetry production #91c0552088c82ed8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/errors/src/application.error.ts:1
import type { Event } from '@sentry/node';

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #28d7b3fd10c22d70 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/errors/src/types.ts:1
import type { Event } from '@sentry/node';

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

first-party (npm): packages/@n8n/task-runner

npm first-party
medium telemetry test-only #7b701a40421aaf9b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/task-runner/src/__tests__/task-runner-sentry.test.ts:1
import type { ErrorEvent } from '@sentry/core';

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #c2c0dc927e2d7e11 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/task-runner/src/task-runner-sentry.ts:2
import type { ErrorEvent, Exception } from '@sentry/core';

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 6 low-confidence finding(s)
low env_fs test-only #a27a10e811d2bc0c Environment-variable access.
repo/packages/@n8n/task-runner/src/js-task-runner/__tests__/js-task-runner.test.ts:508
				process.env.N8N_RUNNERS_TASK_BROKER_URI = 'http://127.0.0.1:5679';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2020fa5b9682b224 Filesystem access.
repo/packages/@n8n/task-runner/src/js-task-runner/__tests__/js-task-runner.test.ts:1098
		const packageJson = JSON.parse(fs.readFileSync('package.json', 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6be61d264c61dc9d Filesystem access.
repo/packages/@n8n/task-runner/src/js-task-runner/__tests__/require-resolver-global-modules.test.ts:39
		fs.writeFileSync(
			scriptPath,
			`const Module = require("module");
if (process.env.NODE_PATH) { Module._initPaths(); }
try {
  require("${packageName}");
  console.log(JSON.stringify({ success: true }));
} catch (e) {
  console.log(JSON.stringify({ success: false, error: e.message }));
}`,
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9bd5dd5730ebc3c6 Filesystem access.
repo/packages/@n8n/task-runner/src/js-task-runner/__tests__/require-resolver-global-modules.test.ts:51
		fs.writeFileSync(
			scriptNoInitPath,
			`process.env.NODE_PATH = "${nodeModulesPath}";
try {
  require("${packageName}");
  console.log(JSON.stringify({ success: true }));
} catch (e) {
  console.log(JSON.stringify({ success: false, error: e.message }));
}`,
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5a0015ad64b228c6 Environment-variable access.
repo/packages/@n8n/task-runner/src/js-task-runner/js-task-runner.ts:193
		if (process.env.NODE_ENV !== 'test') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a9024ee2d115ba18 Environment-variable access.
repo/packages/@n8n/task-runner/src/start.ts:14
if (process.env.NODE_PATH) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/@n8n/nodes-langchain

npm first-party
medium telemetry production #b3f795f2a351870f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/@n8n/nodes-langchain/nodes/agents/Agent/agents/SqlAgent/other/handlers/sqlite.ts:32
	temp.track();

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 9 low-confidence finding(s)
low env_fs production #3f532f5a3f4770cb Filesystem access.
repo/packages/@n8n/nodes-langchain/nodes/agents/Agent/agents/SqlAgent/other/handlers/sqlite.ts:2
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #be8326dc1496d476 Filesystem access.
repo/packages/@n8n/nodes-langchain/nodes/agents/Agent/agents/SqlAgent/other/handlers/sqlite.ts:35
	fs.writeFileSync(tempDbPath, bufferString);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #c20648bda9582b46 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/@n8n/nodes-langchain/nodes/mcp/McpClientTool/__test__/McpClientTool.node.test.ts:304
			const url = new URL('https://my-mcp-endpoint.ai/sse');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #11859096d84699e7 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/@n8n/nodes-langchain/nodes/mcp/McpClientTool/__test__/McpClientTool.node.test.ts:356
			const url = new URL('https://my-mcp-endpoint.ai/sse');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #c30c5ad822b42116 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/@n8n/nodes-langchain/nodes/mcp/McpClientTool/__test__/McpClientTool.node.test.ts:2036
			await expect(customFetch!(new URL('https://allowed.example/sse'), {} as any)).rejects.toThrow(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only #1f35ef25ce8a63fc Environment-variable access.
repo/packages/@n8n/nodes-langchain/nodes/vendors/Microsoft/__tests__/microsoft-utils.test.ts:558
			process.env.ENABLE_OBSERVABILITY = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6a6865f17073d2c0 Environment-variable access.
repo/packages/@n8n/nodes-langchain/nodes/vendors/Microsoft/__tests__/microsoft-utils.test.ts:559
			process.env.ENABLE_A365_OBSERVABILITY_EXPORTER = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f2fcd915448ab940 Environment-variable access.
repo/packages/@n8n/nodes-langchain/nodes/vendors/Microsoft/microsoft-utils.ts:137
		process.env.ENABLE_OBSERVABILITY === 'true' &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee0ec06c8fdc2789 Environment-variable access.
repo/packages/@n8n/nodes-langchain/nodes/vendors/Microsoft/microsoft-utils.ts:138
		process.env.ENABLE_A365_OBSERVABILITY_EXPORTER === 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/workflow

npm first-party
medium telemetry production #416856d3b5c94398 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/workflow/src/errors/base/base.error.ts:1
import type { Event } from '@sentry/node';

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 4 low-confidence finding(s)
low env_fs production #4ad069e2a31fa198 Environment-variable access.
repo/packages/workflow/src/expression.ts:552
						env: process.env.N8N_BLOCK_ENV_ACCESS_IN_NODE !== 'false' ? {} : process.env,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f0718807fdb928e Filesystem access.
repo/packages/workflow/src/interfaces.ts:7
import type { PathLike } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e54761f13e7e9710 Environment-variable access.
repo/packages/workflow/src/workflow-data-proxy-env-provider.ts:16
		? process.env.N8N_BLOCK_ENV_ACCESS_IN_NODE !== 'false'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0396c085ec90330f Environment-variable access.
repo/packages/workflow/stryker.config.mjs:30
	concurrency: Number(process.env.STRYKER_CONCURRENCY ?? 4),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/@n8n/ai-utilities

npm first-party
expand_more 61 low-confidence finding(s)
low env_fs production #b97b341ae8038c28 Environment-variable access.
repo/packages/@n8n/ai-utilities/integration-tests/openai.ts:136
			if (process.env.NODE_ENV !== 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aa151f7ef6dea228 Filesystem access.
repo/packages/@n8n/ai-utilities/scripts/copy-tokenizer-json.js:2
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only #ecd7006f3f0bd6ee Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/follow-redirects.test.ts:149
		const url = new URL('https://example.com');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only #7c8dfa6f7d7860b8 Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:27
		delete process.env.HTTP_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #82939015bcda3151 Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:28
		delete process.env.http_proxy;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f9bb0f94f8f4be51 Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:29
		delete process.env.HTTPS_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #29a06808efdb5aa9 Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:30
		delete process.env.https_proxy;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b0ecee84565f19ec Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:31
		delete process.env.NO_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ef35828e88f3c3cf Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:32
		delete process.env.no_proxy;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #46d775759c6c480e Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:33
		delete process.env.N8N_AI_TIMEOUT_MAX;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cd1eecfc908bccce Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:59
			process.env.HTTPS_PROXY = proxyUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #73b47c26e34060ad Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:76
			process.env.https_proxy = proxyUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #75e1d84508c7bb1c Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:89
			process.env.HTTP_PROXY = 'http://http-proxy.example.com:8080';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fdcd457446b8c3b7 Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:90
			process.env.http_proxy = 'http://http-proxy-lowercase.example.com:8080';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #75b5533f79f7562e Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:91
			process.env.HTTPS_PROXY = 'https://https-proxy.example.com:8080';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2f0c3dd1d29f36d0 Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:92
			process.env.https_proxy = 'https://https-proxy-lowercase.example.com:8080';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d9daf1ff400b7e6e Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:108
			process.env.HTTPS_PROXY = proxyUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #89cca5eafd5657c8 Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:117
			process.env.HTTP_PROXY = proxyUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d0201c40497ee705 Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:127
			process.env.HTTP_PROXY = httpProxy;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #af4f23ed6b8ee8f6 Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:128
			process.env.HTTPS_PROXY = httpsProxy;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6362e4d731fe048e Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:137
			process.env.HTTP_PROXY = proxyUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d5aa4aa3fd00a1af Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:138
			process.env.NO_PROXY = 'localhost,127.0.0.1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e0caabc4051f4ce3 Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:148
			process.env.HTTPS_PROXY = proxyUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ebb5279427757dea Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:149
			process.env.NO_PROXY = '*.internal.company.com,localhost';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #aed7a155ad9a9332 Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:159
			process.env.HTTPS_PROXY = proxyUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6bb89dd60184357e Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:160
			process.env.NO_PROXY = 'localhost,127.0.0.1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #94a7dbfc87ae84df Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:169
			process.env.https_proxy = proxyUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e02bbaad6dabf011 Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:170
			process.env.no_proxy = 'localhost';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #872f558d9bdc81a3 Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:181
			process.env.HTTPS_PROXY = proxyUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #17719aa5569480c3 Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:235
			process.env.N8N_AI_TIMEOUT_MAX = '300000';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7cd1a9123b3ec181 Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:259
		delete process.env.HTTP_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6e7be74bfb8f794b Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:260
		delete process.env.http_proxy;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b20ea38158ff7f38 Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:261
		delete process.env.HTTPS_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4a60f07893ea51fe Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:262
		delete process.env.https_proxy;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #60d20869e9172df0 Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:263
		delete process.env.NO_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9beb6321f2aba7d5 Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:264
		delete process.env.no_proxy;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only #0817157c5d04e91c Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:318
			const url = new URL('https://api.openai.com/v1');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only #506fefe79ad60eb7 Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:343
			process.env.HTTPS_PROXY = proxyUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9a1be12b8562987e Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:356
			process.env.HTTPS_PROXY = proxyUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #000ac0c7b26bc6f7 Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:375
			process.env.HTTP_PROXY = proxyUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only #59e565aea6ca39bb Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:377
			const url = new URL('http://api.example.com/data');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only #ab3d9efe385a8dbd Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:388
			process.env.HTTPS_PROXY = proxyUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d1ad4c6cc177631c Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:401
			process.env.HTTPS_PROXY = proxyUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #295d3ade9b543231 Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:402
			process.env.NO_PROXY = 'localhost,127.0.0.1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #16de0a8175979e68 Environment-variable access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/http-proxy-agent.test.ts:415
			process.env.HTTPS_PROXY = proxyUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #48fb2a750efa07e3 Filesystem access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/n8n-binary-loader.real-pdf.test.ts:31
		const pdfBuffer = readFileSync(
			join(__dirname, '../../../../../nodes-base/nodes/ReadPdf/test/sample.pdf'),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dd086243634e792d Filesystem access.
repo/packages/@n8n/ai-utilities/src/__tests__/utils/tokenizer/tiktoken.test.ts:1
import { readFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c70bc149eeb58546 Filesystem access.
repo/packages/@n8n/ai-utilities/src/node-catalog/__tests__/get-node-type-definition.test.ts:14
		writeFileSync(join(setDir, 'mode_manual.ts'), '// manual mode def');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4feb7d61e01b0155 Filesystem access.
repo/packages/@n8n/ai-utilities/src/node-catalog/__tests__/get-node-type-definition.test.ts:15
		writeFileSync(join(setDir, 'mode_raw.ts'), '// raw mode def');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c3b5386f6a8ecd07 Filesystem access.
repo/packages/@n8n/ai-utilities/src/node-catalog/__tests__/get-node-type-definition.test.ts:19
		writeFileSync(join(msgDir, 'operation_post.ts'), '// slack post def');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5a3709d9f2ffda1d Filesystem access.
repo/packages/@n8n/ai-utilities/src/node-catalog/__tests__/get-node-type-definition.test.ts:20
		writeFileSync(join(msgDir, 'operation_update.ts'), '// slack update def');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b6654fcae11ceb26 Filesystem access.
repo/packages/@n8n/ai-utilities/src/node-catalog/get.ts:531
				(variant) => `// ── mode: ${variant.mode} ──\n${readFileSync(variant.filePath, 'utf-8')}`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6e4811aff9dc4b1a Filesystem access.
repo/packages/@n8n/ai-utilities/src/node-catalog/get.ts:555
		const content = readFileSync(pathResult.filePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8ad3f606f39b8a55 Environment-variable access.
repo/packages/@n8n/ai-utilities/src/utils/http-proxy-agent.ts:37
const DEFAULT_TIMEOUT = parseInt(process.env.N8N_AI_TIMEOUT_MAX ?? '3600000', 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #915ab3372455f7bd Filesystem access.
repo/packages/@n8n/ai-utilities/src/utils/n8n-binary-loader.ts:8
import { createWriteStream } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9889f5647d62b2d1 Filesystem access.
repo/packages/@n8n/ai-utilities/src/utils/tokenizer/tiktoken.ts:1
import { readFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a834006d7fa03292 Filesystem access.
repo/packages/@n8n/ai-utilities/src/utils/tokenizer/tiktoken.ts:11
	const content = await readFile(filePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1c3d5b5b846dafc7 Environment-variable access.
repo/packages/@n8n/ai-utilities/src/utils/vector-store/MemoryManager/config.ts:13
	if (process.env.N8N_VECTOR_STORE_MAX_MEMORY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f9f018351ec96d0c Environment-variable access.
repo/packages/@n8n/ai-utilities/src/utils/vector-store/MemoryManager/config.ts:14
		const parsed = parseInt(process.env.N8N_VECTOR_STORE_MAX_MEMORY, 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8d29b4a57e0fec0e Environment-variable access.
repo/packages/@n8n/ai-utilities/src/utils/vector-store/MemoryManager/config.ts:22
	if (process.env.N8N_VECTOR_STORE_TTL_HOURS) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e20b89c03183b6b7 Environment-variable access.
repo/packages/@n8n/ai-utilities/src/utils/vector-store/MemoryManager/config.ts:23
		const parsed = parseInt(process.env.N8N_VECTOR_STORE_TTL_HOURS, 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/@n8n/ai-workflow-builder.ee

npm first-party
expand_more 66 low-confidence finding(s)
low env_fs test-only #084a56bae0ed5caf Environment-variable access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/__tests__/cli.test.ts:403
				delete process.env.LANGSMITH_DATASET_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a6523c94b5810b9f Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/__tests__/csv-prompt-loader.test.ts:18
		fs.writeFileSync(csvPath, content, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #071ee39105050208 Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/__tests__/output.test.ts:5
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #256217c1bb786961 Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/__tests__/output.test.ts:157
			expect(fs.readFileSync(promptPath, 'utf-8')).toBe('Create a test workflow');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #67d07bec782c4f98 Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/__tests__/output.test.ts:170
			const workflow = jsonParse<ParsedWorkflow>(fs.readFileSync(workflowPath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1fd2c450731336c8 Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/__tests__/output.test.ts:186
			const feedback = jsonParse<ParsedFeedback>(fs.readFileSync(feedbackPath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8c56e3eae54ad83a Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/__tests__/output.test.ts:200
			const feedback = jsonParse<ParsedFeedback>(fs.readFileSync(feedbackPath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ebf508c49cd4beba Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/__tests__/output.test.ts:222
			const feedback = jsonParse<ParsedFeedback>(fs.readFileSync(feedbackPath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f5f822a33475ae3b Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/__tests__/output.test.ts:242
			expect(fs.readFileSync(errorPath, 'utf-8')).toBe('Generation failed: timeout');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9ca32b6c31672c89 Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/__tests__/output.test.ts:271
			const feedback = jsonParse<ParsedFeedback>(fs.readFileSync(feedbackPath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fbb77b8314a081ac Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/__tests__/output.test.ts:288
			const feedback = jsonParse<ParsedFeedback>(fs.readFileSync(feedbackPath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #63cf36353223eebd Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/__tests__/output.test.ts:321
			const savedSummary = jsonParse<ParsedSummary>(fs.readFileSync(summaryPath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7ce397470ab06e4f Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/__tests__/output.test.ts:333
			const savedSummary = jsonParse<ParsedSummary>(fs.readFileSync(summaryPath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3187fe8ba0f5cda9 Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/__tests__/output.test.ts:346
			const savedSummary = jsonParse<ParsedSummary>(fs.readFileSync(summaryPath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ccf8c785a79933bc Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/__tests__/output.test.ts:361
			const savedSummary = jsonParse<ParsedSummary>(fs.readFileSync(summaryPath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d8a4c1d81eaf2fe2 Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/__tests__/output.test.ts:388
			const savedSummary = jsonParse<ParsedSummary>(fs.readFileSync(summaryPath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #50c9f523c7067140 Environment-variable access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/cli/argument-parser.ts:602
	return process.env.LANGSMITH_DATASET_NAME ?? 'workflow-builder-canvas-prompts';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c3d878fc8f0f0e71 Environment-variable access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/cli/ci-metadata.ts:27
	const isCI = process.env.GITHUB_ACTIONS === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5102d9edd8cdb59b Environment-variable access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/cli/ci-metadata.ts:35
		trigger: process.env.GITHUB_EVENT_NAME,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cb985918ccdd3075 Environment-variable access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/cli/ci-metadata.ts:36
		runId: process.env.GITHUB_RUN_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #845c49259cd2b0ab Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/cli/csv-prompt-loader.ts:49
	const rows = parseCsv(readFileSync(resolvedPath, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #476f0b262cc5e6b2 Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/harness/__tests__/csv-writer.test.ts:71
		const content = readFileSync(outputPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b95c608fc03b24be Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/harness/__tests__/csv-writer.test.ts:112
		const content = readFileSync(outputPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1b7626c23eb0b90b Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/harness/__tests__/csv-writer.test.ts:187
		const content = readFileSync(outputPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f41874b0a5c9106d Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/harness/__tests__/csv-writer.test.ts:212
		const content = readFileSync(outputPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d7f0c7919070bb24 Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/harness/__tests__/csv-writer.test.ts:267
		const content = readFileSync(outputPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7596134152e6dfd5 Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/harness/__tests__/csv-writer.test.ts:322
		const content = readFileSync(outputPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #061c4924998601b5 Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/harness/__tests__/csv-writer.test.ts:363
		const content = readFileSync(outputPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3763e71cba157060 Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/harness/__tests__/csv-writer.test.ts:392
		const content = readFileSync(outputPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #44404f31d344435b Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/harness/__tests__/csv-writer.test.ts:429
		const content = readFileSync(outputPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3ea17a56f2af06cf Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/harness/csv-writer.ts:254
		writeFileSync(outputPath, '', 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #89816b6a0ca0824f Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/harness/csv-writer.ts:306
	writeFileSync(outputPath, lines.join('\n') + '\n', 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5bb72acb1d8746db Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/harness/output.ts:8
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5cfd6e33541a7251 Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/harness/output.ts:67
			fs.writeFileSync(path.join(exampleDir, 'prompt.txt'), result.prompt, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #772e297b855e7944 Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/harness/output.ts:72
				fs.writeFileSync(
					path.join(exampleDir, 'workflow.json'),
					JSON.stringify(workflowForExport, null, 2),
					'utf-8',
				);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a5f9442bf752370d Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/harness/output.ts:81
				fs.writeFileSync(path.join(exampleDir, 'code.ts'), result.generatedCode, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #084bfadef1c067b5 Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/harness/output.ts:86
				fs.writeFileSync(path.join(exampleDir, 'response.txt'), result.agentTextResponse, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e8796721fc459ac3 Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/harness/output.ts:91
			fs.writeFileSync(
				path.join(exampleDir, 'feedback.json'),
				JSON.stringify(feedbackOutput, null, 2),
				'utf-8',
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #344eb8724e671e3f Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/harness/output.ts:99
				fs.writeFileSync(path.join(exampleDir, 'error.txt'), result.error, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #31d5547c08de90fe Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/harness/output.ts:107
			fs.writeFileSync(
				path.join(outputDir, 'summary.json'),
				JSON.stringify(summaryOutput, null, 2),
				'utf-8',
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5f68f50c180daccc Environment-variable access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/harness/runner.ts:1362
	process.env.LANGSMITH_TRACING = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #264bcd8016008cea Environment-variable access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/langsmith/trace-filters.ts:154
	const envValue = process.env.LANGSMITH_MINIMAL_TRACING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #13a8e5fb2d546bad Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/lifecycles/introspection-analysis.ts:63
				await fs.writeFile(summaryPath, summaryContent);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5e9e2c818833349e Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/programmatic/evaluators/workflow-similarity.ts:111
			writeFile(generatedPath, JSON.stringify(generatedWorkflow)),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #944e2df530c0ce95 Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/programmatic/evaluators/workflow-similarity.ts:112
			writeFile(groundTruthPath, JSON.stringify(groundTruthWorkflow)),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b62bf74ea86a7c16 Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/support/environment.ts:4
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6453138bee3f9b31 Environment-variable access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/support/environment.ts:87
	const apiKey = process.env[envVar];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6198bf4be4a581d3 Environment-variable access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/support/environment.ts:151
	const apiKey = process.env.LANGSMITH_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f8df26d6a53af5b Environment-variable access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/support/environment.ts:308
	const envConcurrency = process.env.EVALUATION_CONCURRENCY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8fadc1f762d06932 Environment-variable access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/support/environment.ts:323
	return process.env.GENERATE_TEST_CASES === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ad6547d832889b4 Environment-variable access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/support/environment.ts:331
	const envCount = process.env.GENERATE_TEST_CASES_COUNT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a929d14712cde43f Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/support/load-nodes.test.ts:1
import { readFileSync, existsSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3921abf681ea6344 Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/support/load-nodes.ts:1
import { readFileSync, existsSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9fd7ff0c73de2596 Environment-variable access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/support/load-nodes.ts:20
	const disabledNodesEnv = process.env.N8N_EVALS_DISABLED_NODES ?? '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7e319a4ca65fdd2d Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/support/load-nodes.ts:72
	const nodesData = readFileSync(nodesPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #588a145243052629 Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/support/pin-data-generator.ts:11
import { existsSync, readFileSync, readdirSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3269e233e0243ceb Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/support/pin-data-generator.ts:143
							const content = readFileSync(join(entryPath, nodeFile), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #06a068c30e1efff2 Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/evaluations/support/pin-data-generator.ts:218
				return JSON.parse(readFileSync(schemaFile, 'utf-8')) as Record<string, unknown>;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b0b9a45e122c962a Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/scripts/categorize-prompts.ts:3
import { writeFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8ed6f80c735868d1 Environment-variable access.
repo/packages/@n8n/ai-workflow-builder.ee/scripts/categorize-prompts.ts:31
	const parsedConcurrency = parseInt(process.env.CONCURRENCY ?? '', 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #71150050401be28b Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/scripts/categorize-prompts.ts:154
	writeFileSync(summaryPath, summaryLines.join('\n'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ebfa2ab57a15af93 Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/scripts/workflow-to-mermaid.ts:3
import { readFileSync, writeFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7e3c5cfe2419f12b Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/scripts/workflow-to-mermaid.ts:132
	const content = readFileSync(filePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #11b49b2abfbb82d1 Filesystem access.
repo/packages/@n8n/ai-workflow-builder.ee/scripts/workflow-to-mermaid.ts:204
		writeFileSync(outputFile, markdownContent);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9703c0342bd0fc12 Environment-variable access.
repo/packages/@n8n/ai-workflow-builder.ee/src/ai-workflow-builder-agent.service.ts:146
			const envConfig = { apiKey: process.env.N8N_AI_ANTHROPIC_KEY ?? '' };

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0d09c397f4a2df87 Environment-variable access.
repo/packages/@n8n/ai-workflow-builder.ee/src/tools/add-node.tool.ts:165
				if (process.env.E2E_TESTS) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/@n8n/api-types

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #11a0c14a6b7fd5be Environment-variable access.
repo/packages/@n8n/api-types/src/schemas/password.schema.ts:6
const envMinLength = parseInt(process.env.N8N_PASSWORD_MIN_LENGTH ?? '', 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/@n8n/backend-common

npm first-party
expand_more 13 low-confidence finding(s)
low env_fs test-only #8fe7c6b945f5b88e Environment-variable access.
repo/packages/@n8n/backend-common/src/logging/__tests__/logger.test.ts:528
			delete process.env.NO_COLOR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c6fd39ea1b3823cc Environment-variable access.
repo/packages/@n8n/backend-common/src/logging/__tests__/logger.test.ts:564
			process.env.NO_COLOR = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bff812b56b20ba62 Environment-variable access.
repo/packages/@n8n/backend-common/src/logging/__tests__/logger.test.ts:590
			delete process.env.NO_COLOR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2d5213a451706fdb Environment-variable access.
repo/packages/@n8n/backend-common/src/logging/logger.ts:35
	private readonly noColor = process.env.NO_COLOR !== undefined && process.env.NO_COLOR !== '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8e80c2f6389f0bb2 Environment-variable access.
repo/packages/@n8n/backend-common/src/logging/logger.ts:39
		process.env.NO_COLOR !== 'false' && process.env.NO_COLOR !== '0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #94e7c1ce1fc9ca7b Environment-variable access.
repo/packages/@n8n/backend-common/src/modules/__tests__/module-registry.test.ts:22
		process.env.N8N_DISABLED_MODULES = 'insights';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #32bc382a9b6785d1 Environment-variable access.
repo/packages/@n8n/backend-common/src/modules/__tests__/module-registry.test.ts:55
		process.env.N8N_ENABLED_MODULES = 'instance-ai';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a8b7430508304bd5 Environment-variable access.
repo/packages/@n8n/backend-common/src/modules/__tests__/module-registry.test.ts:90
		process.env.N8N_ENABLED_MODULES = 'insights';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0f2937990bca9aab Environment-variable access.
repo/packages/@n8n/backend-common/src/modules/__tests__/module-registry.test.ts:91
		process.env.N8N_DISABLED_MODULES = 'insights';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #da7fa1fda047bffd Environment-variable access.
repo/packages/@n8n/backend-common/src/modules/__tests__/modules.config.test.ts:13
	process.env.N8N_ENABLED_MODULES = 'insights,invalidModule';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3f14acec6f590325 Environment-variable access.
repo/packages/@n8n/backend-common/src/modules/__tests__/modules.config.test.ts:18
	process.env.N8N_DISABLED_MODULES = 'insights,invalidModule';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5d2e83d3db96032a Filesystem access.
repo/packages/@n8n/backend-common/src/modules/module-registry.ts:5
import { existsSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4971f82c4e01acad Environment-variable access.
repo/packages/@n8n/backend-common/src/modules/module-registry.ts:96
			const dir = process.env.NODE_ENV === 'test' && srcDirExists ? 'src' : 'dist';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/@n8n/backend-network

npm first-party
expand_more 116 low-confidence finding(s)
low env_fs test-only #6cc30d41f5a2d5dd Environment-variable access.
repo/packages/@n8n/backend-network/src/http/__tests__/http-proxy.test.ts:98
		delete process.env.HTTP_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c6992c9537c3bc0e Environment-variable access.
repo/packages/@n8n/backend-network/src/http/__tests__/http-proxy.test.ts:99
		delete process.env.HTTPS_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #727ec11b78eb96e5 Environment-variable access.
repo/packages/@n8n/backend-network/src/http/__tests__/http-proxy.test.ts:100
		delete process.env.NO_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #71595b3a1458be46 Environment-variable access.
repo/packages/@n8n/backend-network/src/http/__tests__/http-proxy.test.ts:101
		delete process.env.ALL_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4d79a8b5bbe3246c Environment-variable access.
repo/packages/@n8n/backend-network/src/http/__tests__/http-proxy.test.ts:216
		if (env.HTTP_PROXY) process.env.HTTP_PROXY = proxyServer.url;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #781c587e1f386d75 Environment-variable access.
repo/packages/@n8n/backend-network/src/http/__tests__/http-proxy.test.ts:217
		if (env.HTTPS_PROXY) process.env.HTTPS_PROXY = proxyServer.url;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b57b24f21c1cc7fc Environment-variable access.
repo/packages/@n8n/backend-network/src/http/__tests__/http-proxy.test.ts:218
		if (env.ALL_PROXY === true) process.env.ALL_PROXY = proxyServer.url;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1b6e31c3f2be19b9 Environment-variable access.
repo/packages/@n8n/backend-network/src/http/__tests__/http-proxy.test.ts:219
		if (env.ALL_PROXY && env.ALL_PROXY !== true) process.env.ALL_PROXY = env.ALL_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3d2cadb3b76665b7 Environment-variable access.
repo/packages/@n8n/backend-network/src/http/__tests__/http-proxy.test.ts:220
		if (env.NO_PROXY) process.env.NO_PROXY = env.NO_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #938770a1ac3cbdd7 Environment-variable access.
repo/packages/@n8n/backend-network/src/http/__tests__/http-proxy.test.ts:240
			process.env.HTTP_PROXY = proxyServer.url;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f7c0fab5c6a2d8fc Environment-variable access.
repo/packages/@n8n/backend-network/src/http/__tests__/http-proxy.test.ts:256
			process.env.HTTP_PROXY = proxyServer.url;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only #f8a1674bbe162c8c Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/@n8n/backend-network/src/http/__tests__/legacy-request.test.ts:227
			expect(validateUrl).toHaveBeenCalledWith(new URL(`${baseUrl}/ok`));

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only #88eb9e7f5a89db73 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/@n8n/backend-network/src/http/__tests__/outbound-http.test.ts:71
		const url = new URL('https://api.example.com/data');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only #8a81c2028be63abf Environment-variable access.
repo/packages/@n8n/backend-network/src/http/__tests__/transport-integration.test.ts:61
		delete process.env.HTTP_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4697e0e30a1a8334 Environment-variable access.
repo/packages/@n8n/backend-network/src/http/__tests__/transport-integration.test.ts:62
		delete process.env.HTTPS_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d453b7b50c21844e Environment-variable access.
repo/packages/@n8n/backend-network/src/http/__tests__/transport-integration.test.ts:63
		delete process.env.NO_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c4e09be5547d49c9 Environment-variable access.
repo/packages/@n8n/backend-network/src/http/__tests__/transport-integration.test.ts:64
		delete process.env.ALL_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3105cfadd064de8b Environment-variable access.
repo/packages/@n8n/backend-network/src/http/__tests__/transport-integration.test.ts:86
			process.env.HTTP_PROXY = proxy.url;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d3d414c1dfe46fb0 Environment-variable access.
repo/packages/@n8n/backend-network/src/http/__tests__/transport-integration.test.ts:111
			process.env.HTTP_PROXY = proxy.url;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a19a3462ff0ae0d7 Environment-variable access.
repo/packages/@n8n/backend-network/src/http/__tests__/transport-integration.test.ts:112
			process.env.NO_PROXY = '127.0.0.1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7362286257ca3cee Environment-variable access.
repo/packages/@n8n/backend-network/src/http/__tests__/transport-integration.test.ts:146
			process.env.HTTP_PROXY = proxy.url;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #aeaf4d0b34efb346 Environment-variable access.
repo/packages/@n8n/backend-network/src/http/__tests__/transport-integration.test.ts:172
			process.env.HTTP_PROXY = proxy.url;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cad037b7d03bbf22 Filesystem access.
repo/packages/@n8n/backend-network/src/http/__tests__/transport-subpath-purity.test.ts:69
		const source = readFileSync(file, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d136bba09e331cf4 Environment-variable access.
repo/packages/@n8n/backend-network/src/http/axios/__tests__/ssrf-redirect.test.ts:75
			savedEnv[key] = process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #34013eb91769981b Environment-variable access.
repo/packages/@n8n/backend-network/src/http/axios/__tests__/ssrf-redirect.test.ts:79
		process.env.HTTP_PROXY = 'http://127.0.0.1:1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #428056841d146155 Environment-variable access.
repo/packages/@n8n/backend-network/src/http/axios/__tests__/ssrf-redirect.test.ts:80
		process.env.HTTPS_PROXY = 'http://127.0.0.1:1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2887a7335dda161f Environment-variable access.
repo/packages/@n8n/backend-network/src/http/axios/__tests__/ssrf-redirect.test.ts:81
		process.env.NO_PROXY = '127.0.0.1,localhost';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #afdcb60e41ce971b Environment-variable access.
repo/packages/@n8n/backend-network/src/http/axios/__tests__/ssrf-redirect.test.ts:89
				delete process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #919887457d446f32 Environment-variable access.
repo/packages/@n8n/backend-network/src/http/axios/__tests__/ssrf-redirect.test.ts:91
				process.env[key] = savedEnv[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ac06572883797342 Environment-variable access.
repo/packages/@n8n/backend-network/src/http/axios/__tests__/utils.test.ts:577
			if (isProxyVar(key)) delete process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d7222dc33cf055e7 Environment-variable access.
repo/packages/@n8n/backend-network/src/http/axios/__tests__/utils.test.ts:598
		process.env.HTTPS_PROXY = 'http://env-proxy:3128';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1ac0f55f7daf9616 Environment-variable access.
repo/packages/@n8n/backend-network/src/http/axios/__tests__/utils.test.ts:603
		process.env.HTTP_PROXY = 'http://env-proxy:3128';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1f24995b1cf59deb Environment-variable access.
repo/packages/@n8n/backend-network/src/http/axios/__tests__/utils.test.ts:608
		process.env.HTTP_PROXY = '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #99aad1bef8c1d9c2 Environment-variable access.
repo/packages/@n8n/backend-network/src/http/axios/__tests__/utils.test.ts:613
		process.env.HTTP_PROXY = '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #05626acdcaf2d282 Environment-variable access.
repo/packages/@n8n/backend-network/src/http/axios/__tests__/utils.test.ts:614
		process.env.HTTPS_PROXY = 'http://env-proxy:3128';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #beaa873a10955921 Environment-variable access.
repo/packages/@n8n/backend-network/src/http/http-proxy.ts:12
			HTTP_PROXY: process.env.HTTP_PROXY ?? process.env.http_proxy,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a41d1685287677ff Environment-variable access.
repo/packages/@n8n/backend-network/src/http/http-proxy.ts:13
			HTTPS_PROXY: process.env.HTTPS_PROXY ?? process.env.https_proxy,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8d956f8c82553c5d Environment-variable access.
repo/packages/@n8n/backend-network/src/http/http-proxy.ts:14
			NO_PROXY: process.env.NO_PROXY ?? process.env.no_proxy,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5941d8c3d7b5b4f9 Environment-variable access.
repo/packages/@n8n/backend-network/src/http/http-proxy.ts:15
			ALL_PROXY: process.env.ALL_PROXY ?? process.env.all_proxy,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c02c376f72598ab4 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:6
	const originalNoProxy = process.env.NO_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c35a24e10e9f4c0c Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:7
	const originalNoProxyLower = process.env.no_proxy;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #235d850847311086 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:11
			delete process.env[name];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #853ac10bc7338513 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:13
			process.env[name] = value;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #987c24351a2f8d68 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:20
		delete process.env.no_proxy;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4cb4226b1d43e46f Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:33
		delete process.env.NO_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #82c9cb92ec4ef800 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:37
		expect(process.env.NO_PROXY).toBe('127.0.0.1,localhost');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2003a0c868f574ab Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:40
		expect(process.env.NO_PROXY).toBeUndefined();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #71a95d5ccad422d0 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:44
		process.env.NO_PROXY = '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d809a1f8f5c9adfc Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:48
		expect(process.env.NO_PROXY).toBe('127.0.0.1,localhost');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #148318d60e0674eb Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:51
		expect(process.env.NO_PROXY).toBe('');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e737c5e6f20b4b2b Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:55
		process.env.NO_PROXY = 'example.com,internal.net';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a8395575c80b526d Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:59
		expect(process.env.NO_PROXY).toBe('127.0.0.1,localhost,example.com,internal.net');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c2371f9b4a7892fc Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:62
		expect(process.env.NO_PROXY).toBe('example.com,internal.net');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d7d7494b866f305a Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:66
		process.env.NO_PROXY = '127.0.0.1, localhost, example.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bbae5f583174d2fa Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:70
		expect(process.env.NO_PROXY).toBe('127.0.0.1, localhost, example.com');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #537dcb16e0459abe Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:73
		expect(process.env.NO_PROXY).toBe('127.0.0.1, localhost, example.com');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2e32bbd0e77234cb Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:77
		process.env.NO_PROXY = '127.0.0.1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a108b59ed7ce3f7f Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:81
		expect(process.env.NO_PROXY).toBe('localhost,127.0.0.1');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fbecc09e15a9dd0e Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:84
		expect(process.env.NO_PROXY).toBe('127.0.0.1');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1be53a4943aa6611 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:88
		delete process.env.NO_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5ad43a663acd2471 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:93
		expect(process.env.NO_PROXY).toBe('127.0.0.1,localhost');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b520af52f0af8070 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:94
		expect(process.env.no_proxy).toBe('127.0.0.1,localhost');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a58de4cf399d1e62 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:97
		expect(process.env.NO_PROXY).toBeUndefined();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2e55257f4d5a916b Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:98
		expect(process.env.no_proxy).toBeUndefined();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f422db02b69c863f Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:102
		delete process.env.NO_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #545fba8b54b606e9 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:103
		process.env.no_proxy = 'internal.lan';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4c401e98aeb08517 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:108
		expect(process.env.no_proxy).toBe('127.0.0.1,localhost,internal.lan');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fab5c406b87df515 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:109
		expect(process.env.NO_PROXY).toBe('127.0.0.1,localhost,internal.lan');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #aaf24cd2ca24ad4f Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:112
		expect(process.env.no_proxy).toBe('internal.lan');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #19d821dead42b706 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:113
		expect(process.env.NO_PROXY).toBeUndefined();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #abd6e75bb0a4a0da Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:117
		delete process.env.NO_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #22212aec686534c1 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:127
			process.env.NO_PROXY = 'example.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d9bd3821842d0eae Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:130
			expect(process.env.NO_PROXY).toBe('127.0.0.1,localhost,example.com');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #be98fb47e6f60a88 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:135
			expect(process.env.NO_PROXY).toBe('127.0.0.1,localhost,example.com');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6e896699dedc534a Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:139
			expect(process.env.NO_PROXY).toBe('127.0.0.1,localhost,example.com');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #62e54c5d6a3ab205 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:143
			expect(process.env.NO_PROXY).toBe('example.com');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #da6b19bd4f97cf0c Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:147
			process.env.NO_PROXY = 'example.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a30ebdbb8de6caed Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:154
			expect(process.env.NO_PROXY).toBe('127.0.0.1,localhost,example.com');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e5f250ba1666b797 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:157
			expect(process.env.NO_PROXY).toBe('example.com');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #767c768f2278d57b Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:161
			delete process.env.NO_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #51e9122dfbed1df9 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:164
			expect(process.env.NO_PROXY).toBe('127.0.0.1');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cbf07f503805971d Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:167
			expect(process.env.NO_PROXY).toBe('example.internal,127.0.0.1');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b05d01bb457dc9af Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:171
			expect(process.env.NO_PROXY).toBe('example.internal,127.0.0.1');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #88e1befa18507012 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:178
			delete process.env.NO_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1bbfbbc65cb17415 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:182
			expect(process.env.NO_PROXY).toBe('127.0.0.1,localhost');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #98820c3a563257b9 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:185
			expect(process.env.NO_PROXY).toBe('127.0.0.1,localhost');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #22e598259ff85d63 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:192
			process.env.NO_PROXY = 'first.example.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9a2e3cfb9a04a395 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:195
			expect(process.env.NO_PROXY).toBe('first.example.com');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #35e0f3452599acfa Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:199
			process.env.NO_PROXY = 'second.example.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1c113bde78a60269 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:201
			expect(process.env.NO_PROXY).toBe('127.0.0.1,localhost,second.example.com');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f37e88f627016332 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/no-proxy-patch.test.ts:204
			expect(process.env.NO_PROXY).toBe('second.example.com');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #098b37d90d71ed0c Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/proxy-resolution.test.ts:7
		delete process.env.HTTP_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8b5b8c922957cf88 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/proxy-resolution.test.ts:8
		delete process.env.HTTPS_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fdcc7f26b6470c02 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/proxy-resolution.test.ts:9
		delete process.env.NO_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9fdad8d718180687 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/proxy-resolution.test.ts:10
		delete process.env.ALL_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #807d4664fc2b9ed0 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/proxy-resolution.test.ts:14
		process.env.HTTP_PROXY = PROXY_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #927e74b4a4978909 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/proxy-resolution.test.ts:24
		process.env.HTTP_PROXY = PROXY_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #523748dc60ea16c5 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/proxy-resolution.test.ts:25
		process.env.NO_PROXY = 'api.example.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #af87848592e3f724 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/proxy-resolution.test.ts:31
		process.env.ALL_PROXY = PROXY_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f28063b683e2e47a Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/proxy-resolution.test.ts:37
		process.env.HTTPS_PROXY = PROXY_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7db46a25f3a586bb Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/proxy-resolution.test.ts:43
		process.env.HTTP_PROXY = PROXY_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0a267edfcd2f6700 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/proxy-resolution.test.ts:44
		process.env.NO_PROXY = 'api.example.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5bfafb2d39fabf09 Filesystem access.
repo/packages/@n8n/backend-network/src/proxy/__tests__/proxy-subpath-purity.test.ts:73
		const source = readFileSync(file, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a5723c89a92e5445 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/no-proxy-patch.ts:38
		value: process.env[name],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9520c1f855f80e8f Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/no-proxy-patch.ts:44
		delete process.env[name];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3f17cc1768bc0197 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/no-proxy-patch.ts:46
		process.env[name] = captured.value;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f0333538a4e92205 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/no-proxy-patch.ts:55
	const lower = process.env.no_proxy;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f0a35cfaab8f9bd0 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/no-proxy-patch.ts:57
	const upper = process.env.NO_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d1f4b3b0472f7641 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/no-proxy-patch.ts:101
		process.env.NO_PROXY = merged;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #17277436df2f4fbf Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/no-proxy-patch.ts:102
		process.env.no_proxy = merged;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8d1acce1563ad612 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/proxy-resolution.ts:74
		process.env.HTTP_PROXY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a4823e7b33146dc7 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/proxy-resolution.ts:75
		process.env.http_proxy,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e6234eac961567c1 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/proxy-resolution.ts:76
		process.env.HTTPS_PROXY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ce02071096b32ac7 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/proxy-resolution.ts:77
		process.env.https_proxy,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #330388d9ba58bda2 Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/proxy-resolution.ts:78
		process.env.ALL_PROXY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f25bfbc6a3c7c1cd Environment-variable access.
repo/packages/@n8n/backend-network/src/proxy/proxy-resolution.ts:79
		process.env.all_proxy,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/@n8n/backend-test-utils

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #6b52930c32ba8031 Environment-variable access.
repo/packages/@n8n/backend-test-utils/src/test-db.ts:45
	const templateDb = dbType === 'postgresdb' ? process.env.N8N_TEST_TEMPLATE_DB : undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/@n8n/benchmark

npm first-party
expand_more 24 low-confidence finding(s)
low env_fs test-only #82fe9a68bd52afa6 Environment-variable access.
repo/packages/@n8n/benchmark/scripts/run-for-n8n-setup.mjs:37
	const n8nTag = argv.n8nDockerTag || process.env.N8N_DOCKER_TAG || 'latest';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8943a657839b3201 Environment-variable access.
repo/packages/@n8n/benchmark/scripts/run-for-n8n-setup.mjs:38
	const benchmarkTag = argv.benchmarkDockerTag || process.env.BENCHMARK_DOCKER_TAG || 'latest';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fee2748f6dfb12b7 Environment-variable access.
repo/packages/@n8n/benchmark/scripts/run-for-n8n-setup.mjs:39
	const k6ApiToken = argv.k6ApiToken || process.env.K6_API_TOKEN || undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fdf456e33c72fc2b Environment-variable access.
repo/packages/@n8n/benchmark/scripts/run-for-n8n-setup.mjs:41
		argv.resultWebhookUrl || process.env.BENCHMARK_RESULT_WEBHOOK_URL || undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #32a1f571b8d655d8 Environment-variable access.
repo/packages/@n8n/benchmark/scripts/run-for-n8n-setup.mjs:43
		argv.resultWebhookAuthHeader || process.env.BENCHMARK_RESULT_WEBHOOK_AUTH_HEADER || undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3cd4678b7b51e39b Environment-variable access.
repo/packages/@n8n/benchmark/scripts/run-for-n8n-setup.mjs:44
	const baseRunDir = argv.runDir || process.env.RUN_DIR || '/n8n';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #236453b4f5529405 Environment-variable access.
repo/packages/@n8n/benchmark/scripts/run-for-n8n-setup.mjs:45
	const n8nLicenseCert = argv.n8nLicenseCert || process.env.N8N_LICENSE_CERT || undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e5d974558a680836 Environment-variable access.
repo/packages/@n8n/benchmark/scripts/run-for-n8n-setup.mjs:46
	const n8nLicenseActivationKey = process.env.N8N_LICENSE_ACTIVATION_KEY || undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ac8c113116dbf163 Environment-variable access.
repo/packages/@n8n/benchmark/scripts/run-for-n8n-setup.mjs:47
	const n8nLicenseTenantId = argv.n8nLicenseTenantId || process.env.N8N_LICENSE_TENANT_ID || '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0a3da753a65d01c1 Environment-variable access.
repo/packages/@n8n/benchmark/scripts/run-for-n8n-setup.mjs:76
				PATH: process.env.PATH,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bb6ec4cd48214537 Filesystem access.
repo/packages/@n8n/benchmark/scripts/run.mjs:9
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b42f06d7582bfcc0 Environment-variable access.
repo/packages/@n8n/benchmark/scripts/run.mjs:103
	const n8nTag = args.n8nTag || process.env.N8N_DOCKER_TAG || 'latest';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6e04e57e9e242611 Environment-variable access.
repo/packages/@n8n/benchmark/scripts/run.mjs:104
	const benchmarkTag = args.benchmarkTag || process.env.BENCHMARK_DOCKER_TAG || 'latest';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #55d4d7a427229eaf Environment-variable access.
repo/packages/@n8n/benchmark/scripts/run.mjs:105
	const k6ApiToken = args.k6ApiToken || process.env.K6_API_TOKEN || undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #45f18ea6ac9e2e31 Environment-variable access.
repo/packages/@n8n/benchmark/scripts/run.mjs:107
		args.resultWebhookUrl || process.env.BENCHMARK_RESULT_WEBHOOK_URL || undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #de381d6b4d90a30f Environment-variable access.
repo/packages/@n8n/benchmark/scripts/run.mjs:109
		args.resultWebhookAuthHeader || process.env.BENCHMARK_RESULT_WEBHOOK_AUTH_HEADER || undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2edec915d32933c8 Environment-variable access.
repo/packages/@n8n/benchmark/scripts/run.mjs:110
	const n8nLicenseCert = args.n8nLicenseCert || process.env.N8N_LICENSE_CERT || undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #147bc85cdfe5a121 Filesystem access.
repo/packages/@n8n/benchmark/src/scenario/scenario-data-loader.ts:44
		const fileContent = fs.readFileSync(credentialFilePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2635e1581cb412e2 Filesystem access.
repo/packages/@n8n/benchmark/src/scenario/scenario-data-loader.ts:55
		const fileContent = fs.readFileSync(workflowFilePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #93d6c3884f31779e Filesystem access.
repo/packages/@n8n/benchmark/src/scenario/scenario-data-loader.ts:66
		const fileContent = fs.readFileSync(dataTableFilePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d4ef0c202acd0a29 Filesystem access.
repo/packages/@n8n/benchmark/src/scenario/scenario-loader.ts:77
				fs.readFileSync(scenarioManifestPath, 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #50b21ddf5ae5be7f Filesystem access.
repo/packages/@n8n/benchmark/src/test-execution/k6-executor.ts:1
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #81b06cd9cd4e0bfc Filesystem access.
repo/packages/@n8n/benchmark/src/test-execution/k6-executor.ts:158
		const testScript = fs.readFileSync(fullTestScriptPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #926bb9dbd44b972c Filesystem access.
repo/packages/@n8n/benchmark/src/test-execution/k6-executor.ts:170
		const summaryReport = fs.readFileSync(summaryReportPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/@n8n/config

npm first-party
expand_more 6 low-confidence finding(s)
low env_fs production #e4c6fbae7d351391 Environment-variable access.
repo/packages/@n8n/config/src/configs/database.config.ts:146
	const raw = process.env.N8N_DB_PING_TIMEOUT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1bc5d5c0a85756ed Filesystem access.
repo/packages/@n8n/config/src/decorators.ts:3
import { readFileSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9c69da13bbaadd96 Environment-variable access.
repo/packages/@n8n/config/src/decorators.ts:20
	if (envName in process.env) return process.env[envName];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d62683858b5f824c Environment-variable access.
repo/packages/@n8n/config/src/decorators.ts:23
	const filePath = process.env[`${envName}_FILE`];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #719bf4c34d1a4ef4 Filesystem access.
repo/packages/@n8n/config/src/decorators.ts:25
		const value = readFileSync(filePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ff352ac8a1a4e300 Environment-variable access.
repo/packages/@n8n/config/src/utils/utils.ts:9
	const userHome = process.env.N8N_USER_FOLDER ?? process.env[homeVarName] ?? process.cwd();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/@n8n/db

npm first-party
expand_more 33 low-confidence finding(s)
low env_fs production #9cc3149f708b0bcf Filesystem access.
repo/packages/@n8n/db/scripts/new-migration.mjs:74
	const original = readFileSync(indexPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9dfb91f4119bd0cd Filesystem access.
repo/packages/@n8n/db/scripts/new-migration.mjs:100
	writeFileSync(indexPath, lines.join('\n'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #30526fb493b86925 Filesystem access.
repo/packages/@n8n/db/scripts/new-migration.mjs:129
	writeFileSync(targetFile, migrationTemplate(className));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6150d95a42025e42 Environment-variable access.
repo/packages/@n8n/db/scripts/schema-docs.mjs:55
	const args = { command: null, dbType: null, docker: !!process.env.CI };

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f8c646880d074aa4 Environment-variable access.
repo/packages/@n8n/db/scripts/schema-docs.mjs:115
		process.env.DB_TYPE = 'sqlite';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c1d07d1ece19a60a Environment-variable access.
repo/packages/@n8n/db/scripts/schema-docs.mjs:116
		process.env.DB_SQLITE_DATABASE = file;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #444f4b7af0a53685 Environment-variable access.
repo/packages/@n8n/db/scripts/schema-docs.mjs:117
		process.env.DB_TABLE_PREFIX = '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #29059218c245fb17 Environment-variable access.
repo/packages/@n8n/db/scripts/schema-docs.mjs:137
	process.env.DB_TYPE = 'postgresdb';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #63b5e467519b7fc8 Environment-variable access.
repo/packages/@n8n/db/scripts/schema-docs.mjs:138
	process.env.DB_POSTGRESDB_HOST = conn.host;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f0a13c0353a13267 Environment-variable access.
repo/packages/@n8n/db/scripts/schema-docs.mjs:139
	process.env.DB_POSTGRESDB_PORT = String(conn.port);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #05305b1f86e34555 Environment-variable access.
repo/packages/@n8n/db/scripts/schema-docs.mjs:140
	process.env.DB_POSTGRESDB_DATABASE = conn.database;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7b7a0d3e10e17cf0 Environment-variable access.
repo/packages/@n8n/db/scripts/schema-docs.mjs:141
	process.env.DB_POSTGRESDB_USER = conn.username;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5469022a3384116d Environment-variable access.
repo/packages/@n8n/db/scripts/schema-docs.mjs:142
	process.env.DB_POSTGRESDB_PASSWORD = conn.password;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #19d5cbd9457ef856 Environment-variable access.
repo/packages/@n8n/db/scripts/schema-docs.mjs:143
	process.env.DB_POSTGRESDB_SCHEMA = conn.schema;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9acf473bd8c7e320 Environment-variable access.
repo/packages/@n8n/db/scripts/schema-docs.mjs:144
	process.env.DB_TABLE_PREFIX = '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5ada62987e0d9363 Environment-variable access.
repo/packages/@n8n/db/src/connection/__tests__/db-connection-monitor.recovery.postgres.test.ts:106
const externalHost = process.env.DB_POSTGRESDB_HOST ?? '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c045f0b93d7f578a Environment-variable access.
repo/packages/@n8n/db/src/connection/__tests__/db-connection-monitor.recovery.postgres.test.ts:169
				port: Number(process.env.DB_POSTGRESDB_PORT ?? '5432'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #88674aa962bb8728 Environment-variable access.
repo/packages/@n8n/db/src/connection/__tests__/db-connection-monitor.recovery.postgres.test.ts:170
				username: process.env.DB_POSTGRESDB_USER ?? 'postgres',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f32674ff77fabca3 Environment-variable access.
repo/packages/@n8n/db/src/connection/__tests__/db-connection-monitor.recovery.postgres.test.ts:171
				password: process.env.DB_POSTGRESDB_PASSWORD ?? 'postgres',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e0025c831af26fb7 Environment-variable access.
repo/packages/@n8n/db/src/connection/__tests__/db-connection-monitor.recovery.postgres.test.ts:172
				database: process.env.DB_POSTGRESDB_DATABASE ?? 'postgres',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4db78c27fdb3dc79 Environment-variable access.
repo/packages/@n8n/db/src/connection/db-connection.ts:60
		if (process.env.N8N_DB_PING_TIMEOUT) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b6c017349f1dec36 Filesystem access.
repo/packages/@n8n/db/src/migrations/common/1711390882123-MoveSshKeysToDatabase.ts:31
				readFile(this.privateKeyPath, { encoding: 'utf8' }),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8893efc9a7e2512f Filesystem access.
repo/packages/@n8n/db/src/migrations/common/1711390882123-MoveSshKeysToDatabase.ts:32
				readFile(this.publicKeyPath, { encoding: 'utf8' }),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #de836ae3e7081df3 Filesystem access.
repo/packages/@n8n/db/src/migrations/common/1711390882123-MoveSshKeysToDatabase.ts:111
				writeFile(this.privateKeyPath, privateKey, { encoding: 'utf8', mode: 0o600 }),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #07a92ec3cde484bb Filesystem access.
repo/packages/@n8n/db/src/migrations/common/1711390882123-MoveSshKeysToDatabase.ts:112
				writeFile(this.publicKeyPath, publicKey, { encoding: 'utf8', mode: 0o600 }),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0aa1d4d8432a3555 Filesystem access.
repo/packages/@n8n/db/src/migrations/migration-helpers.ts:6
import { readFileSync, rmSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b52cfbac98f1d1d6 Filesystem access.
repo/packages/@n8n/db/src/migrations/migration-helpers.ts:20
		const surveyFile = readFileSync(filename, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #06ed83c82bba0b31 Environment-variable access.
repo/packages/@n8n/db/src/migrations/migration-helpers.ts:46
	if (process.env.NODE_ENV === 'test') return;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ac2980bdb929a2cc Environment-variable access.
repo/packages/@n8n/db/src/migrations/migration-helpers.ts:58
	if (process.env.NODE_ENV === 'test') return;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a3c12fbff25c8d34 Filesystem access.
repo/packages/@n8n/db/src/migrations/sqlite/1690000000002-MigrateIntegerKeysToString.ts:3
import { statSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7f6ebafd120842c6 Environment-variable access.
repo/packages/@n8n/db/src/migrations/sqlite/1690000000002-MigrateIntegerKeysToString.ts:191
const migrationsPruningEnabled = process.env.MIGRATIONS_PRUNING_ENABLED === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #62b1d4fa9d7ec082 Filesystem access.
repo/packages/@n8n/db/vite.config.ts:75
			const next = fs.existsSync(norm) ? fs.readFileSync(norm, 'utf-8') : undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ec9ab14106b8a4b3 Filesystem access.
repo/packages/@n8n/db/vite.config.ts:93
				const text = cached ?? (fs.existsSync(f) ? fs.readFileSync(f, 'utf-8') : undefined);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/@n8n/eslint-config

npm first-party
expand_more 3 low-confidence finding(s)
low env_fs production #8717fdfb5883ad35 Environment-variable access.
repo/packages/@n8n/eslint-config/src/configs/base.ts:418
			'unused-imports/no-unused-imports': process.env.NODE_ENV === 'development' ? 'warn' : 'error',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9339deeb29b48003 Environment-variable access.
repo/packages/@n8n/eslint-config/src/configs/base.ts:436
			'n8n-local-rules/no-skipped-tests': process.env.NODE_ENV === 'development' ? 'warn' : 'error',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #30b7d90401d544bd Environment-variable access.
repo/packages/@n8n/eslint-config/src/configs/frontend.ts:8
const isCI = process.env.CI === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/@n8n/eslint-plugin-community-nodes

npm first-party
expand_more 3 low-confidence finding(s)
low env_fs production #cd9efb49cdee7eb2 Filesystem access.
repo/packages/@n8n/eslint-plugin-community-nodes/src/utils/file-utils.ts:78
		const content = readFileSync(packageJsonPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c7d1feb670aebbe9 Filesystem access.
repo/packages/@n8n/eslint-plugin-community-nodes/src/utils/file-utils.ts:127
		const sourceCode = readFileSync(credentialFilePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8d3dfac702f40129 Filesystem access.
repo/packages/@n8n/eslint-plugin-community-nodes/src/utils/file-utils.ts:250
		const sourceCode = readFileSync(nodeFile, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/@n8n/expression-runtime

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #4a4e08c9f9b2e20a Filesystem access.
repo/packages/@n8n/expression-runtime/src/bridge/isolated-vm-bridge.ts:70
			return await readFile(path.join(dir, BUNDLE_RELATIVE_PATH), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/@n8n/extension-sdk

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #5d422d3588dddfd6 Filesystem access.
repo/packages/@n8n/extension-sdk/scripts/create-json-schema.ts:3
import { writeFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #41dc6b85f98ea588 Filesystem access.
repo/packages/@n8n/extension-sdk/scripts/create-json-schema.ts:21
	await writeFile(resolve(rootDir, filepath), formattedSchema);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/@n8n/json-schema-to-zod

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #1ecc82d4bd87c418 Filesystem access.
repo/packages/@n8n/json-schema-to-zod/postcjs.cjs:1
require('fs').writeFileSync('./dist/cjs/package.json', '{"type":"commonjs"}', 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #25ac9a95aefb1d8f Filesystem access.
repo/packages/@n8n/json-schema-to-zod/postesm.cjs:1
require('fs').writeFileSync('./dist/esm/package.json', '{"type":"module"}', 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/@n8n/local-gateway

npm first-party
expand_more 4 low-confidence finding(s)
low env_fs production #a94d25dd61972db0 Filesystem access.
repo/packages/@n8n/local-gateway/scripts/copy-assets.js:1
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aef7392db858b1db Filesystem access.
repo/packages/@n8n/local-gateway/scripts/copy-renderer.js:1
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fe02c44786cc2d25 Filesystem access.
repo/packages/@n8n/local-gateway/src/main/tray.ts:33
	img.addRepresentation({ scaleFactor: 1.0, buffer: fs.readFileSync(path1x) });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7603980c8b8d46f5 Filesystem access.
repo/packages/@n8n/local-gateway/src/main/tray.ts:35
		img.addRepresentation({ scaleFactor: 2.0, buffer: fs.readFileSync(path2x) });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/@n8n/mcp-browser

npm first-party
expand_more 17 low-confidence finding(s)
low env_fs test-only #699865a78aa2fc5d Environment-variable access.
repo/packages/@n8n/mcp-browser/src/__tests__/server-config.test.ts:9
				delete process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7856cad1f5b8e61c Environment-variable access.
repo/packages/@n8n/mcp-browser/src/__tests__/server-config.test.ts:81
			process.env.N8N_MCP_BROWSER_DEFAULT_BROWSER = 'edge';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #23fd691a6482e4de Environment-variable access.
repo/packages/@n8n/mcp-browser/src/__tests__/server-config.test.ts:89
			process.env.N8N_MCP_BROWSER_TRANSPORT = 'stdio';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #eb3029045de35151 Environment-variable access.
repo/packages/@n8n/mcp-browser/src/__tests__/server-config.test.ts:90
			process.env.N8N_MCP_BROWSER_PORT = '4000';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cd7dae861a8f4fdc Environment-variable access.
repo/packages/@n8n/mcp-browser/src/__tests__/server-config.test.ts:99
			process.env.N8N_MCP_BROWSER_HOST = '0.0.0.0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #10d276ecdfde488c Environment-variable access.
repo/packages/@n8n/mcp-browser/src/__tests__/server-config.test.ts:100
			process.env.N8N_MCP_BROWSER_AUTH_TOKEN = 'env-token';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f75e58e70d4fae28 Environment-variable access.
repo/packages/@n8n/mcp-browser/src/__tests__/server-config.test.ts:112
			process.env.N8N_MCP_BROWSER_DEFAULT_BROWSER = 'firefox';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #48e9beeac45a20fc Environment-variable access.
repo/packages/@n8n/mcp-browser/src/__tests__/server-config.test.ts:113
			process.env.N8N_MCP_BROWSER_PORT = '5000';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a7418951fea36def Environment-variable access.
repo/packages/@n8n/mcp-browser/src/__tests__/server-config.test.ts:114
			process.env.N8N_MCP_BROWSER_HOST = '0.0.0.0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #deb892886067424a Environment-variable access.
repo/packages/@n8n/mcp-browser/src/__tests__/server-config.test.ts:115
			process.env.N8N_MCP_BROWSER_AUTH_TOKEN = 'env-token';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #324496c5c79d83e1 Environment-variable access.
repo/packages/@n8n/mcp-browser/src/adapters/agent-browser.ts:200
			const autoConnect = process.env.N8N_EVAL_AUTO_BROWSER_CONNECT === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7c54ef513dc594eb Filesystem access.
repo/packages/@n8n/mcp-browser/src/adapters/agent-browser.ts:471
			return readFileSync(path).toString('base64');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6a692f84cfaeb85f Environment-variable access.
repo/packages/@n8n/mcp-browser/src/adapters/playwright.ts:135
		const autoConnect = process.env.N8N_EVAL_AUTO_BROWSER_CONNECT === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c2bc35a6d2cb012c Environment-variable access.
repo/packages/@n8n/mcp-browser/src/browser-discovery.ts:160
		const programFiles = process.env.ProgramFiles ?? 'C:\\Program Files';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b2132d547d41b85d Environment-variable access.
repo/packages/@n8n/mcp-browser/src/browser-discovery.ts:161
		const programFilesX86 = process.env['ProgramFiles(x86)'] ?? 'C:\\Program Files (x86)';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #127f2ea5e5d77e72 Environment-variable access.
repo/packages/@n8n/mcp-browser/src/browser-discovery.ts:162
		const localAppData = process.env.LOCALAPPDATA ?? path.join(os.homedir(), 'AppData\\Local');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b5b4c6a7778be8aa Environment-variable access.
repo/packages/@n8n/mcp-browser/src/server-config.ts:20
	return process.env[`${ENV_PREFIX}${envKey}`];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/@n8n/node-cli

npm first-party
expand_more 80 low-confidence finding(s)
low env_fs production #7c45f9d5bcdc28f9 Filesystem access.
repo/packages/@n8n/node-cli/src/commands/build.test.ts:21
			await fs.writeFile(`${tmpdir}/src/icons/icon.png`, 'fake-png-content');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #715f7820ba609d66 Filesystem access.
repo/packages/@n8n/node-cli/src/commands/build.test.ts:22
			await fs.writeFile(`${tmpdir}/src/assets/logo.svg`, '<svg>fake-svg</svg>');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #99d7e8e545fdbdb7 Filesystem access.
repo/packages/@n8n/node-cli/src/commands/build.test.ts:23
			await fs.writeFile(`${tmpdir}/src/__schema__/node.json`, '{"fake": "schema"}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e6f277f578cbe4c4 Filesystem access.
repo/packages/@n8n/node-cli/src/commands/build.test.ts:66
		await fs.writeFile(
			`${tmpdir}/package.json`,
			JSON.stringify({
				name: 'regular-package',
				version: '1.0.0',
				// No n8n field - this makes it an invalid n8n package
			}),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f6daf83a3f3788a9 Filesystem access.
repo/packages/@n8n/node-cli/src/commands/build.test.ts:95
		await fs.writeFile(`${tmpdir}/src/nodes/icons/node1.png`, 'fake-node1-png');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cde4e52e047a217b Filesystem access.
repo/packages/@n8n/node-cli/src/commands/build.test.ts:96
		await fs.writeFile(`${tmpdir}/src/nodes/subdir/__schema__/schema.json`, '{"node": "schema"}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e17092ccae0c7240 Filesystem access.
repo/packages/@n8n/node-cli/src/commands/build.test.ts:97
		await fs.writeFile(`${tmpdir}/src/assets/images/logo.svg`, '<svg>logo</svg>');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6ed8ebd13a3df1b0 Filesystem access.
repo/packages/@n8n/node-cli/src/commands/build.test.ts:120
		await fs.writeFile(`${tmpdir}/dist/old-file.js`, 'old content');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c9e2750199a5f32b Filesystem access.
repo/packages/@n8n/node-cli/src/commands/cloud-support.ts:106
		await fs.writeFile(eslintConfigPath, newConfig, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #372fbd15916edec9 Filesystem access.
repo/packages/@n8n/node-cli/src/commands/cloud-support.ts:130
				const eslintConfig = await fs.readFile(eslintConfigPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ea12e7d5cee9c749 Filesystem access.
repo/packages/@n8n/node-cli/src/commands/dev/utils.ts:568
	return await fs
		.readFile('package.json', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #39f86fa9177b2e5b Filesystem access.
repo/packages/@n8n/node-cli/src/commands/lint.test.ts:98
		await fs.writeFile(
			`${tmpdir}/package.json`,
			JSON.stringify({
				name: 'regular-package',
				version: '1.0.0',
				// No n8n field - this makes it an invalid n8n package
			}),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4900efde84546c8f Filesystem access.
repo/packages/@n8n/node-cli/src/commands/lint.test.ts:171
		await fs.writeFile(`${tmpdir}/pnpm-lock.yaml`, 'lockfileVersion: 5.4\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b2cd971616dda590 Filesystem access.
repo/packages/@n8n/node-cli/src/commands/lint.test.ts:187
		await fs.writeFile(`${tmpdir}/pnpm-lock.yaml`, 'lockfileVersion: 5.4\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d93aa288de74407a Filesystem access.
repo/packages/@n8n/node-cli/src/commands/lint.ts:85
		const expectedConfig = await fs.readFile(templatePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #de23acfa80b7717a Filesystem access.
repo/packages/@n8n/node-cli/src/commands/lint.ts:88
			const currentConfig = await fs.readFile(eslintConfigPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #65f8972599332bdb Environment-variable access.
repo/packages/@n8n/node-cli/src/commands/prerelease.test.ts:10
		delete process.env.RELEASE_MODE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #53467bcae67df583 Environment-variable access.
repo/packages/@n8n/node-cli/src/commands/prerelease.test.ts:28
		process.env.RELEASE_MODE = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #669e691c3585f342 Environment-variable access.
repo/packages/@n8n/node-cli/src/commands/prerelease.ts:17
		if (!process.env.RELEASE_MODE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8a4b771ede9da5e4 Environment-variable access.
repo/packages/@n8n/node-cli/src/commands/release.test.ts:31
		delete process.env.npm_config_user_agent;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #004bb7c487a812f6 Environment-variable access.
repo/packages/@n8n/node-cli/src/commands/release.test.ts:32
		delete process.env.GITHUB_ACTIONS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #76528e80b763edb0 Filesystem access.
repo/packages/@n8n/node-cli/src/commands/release.test.ts:40
		await fs.writeFile(
			`${tmpdir}/package.json`,
			JSON.stringify({
				name: 'test-node',
				version: '1.0.0',
				n8n: {
					nodes: ['dist/nodes/TestNode.node.js'],
				},
			}),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #13dff1d9d689a301 Filesystem access.
repo/packages/@n8n/node-cli/src/commands/release.test.ts:50
		await fs.writeFile(`${tmpdir}/pnpm-lock.yaml`, '# pnpm lock file');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f27a95e15eaf2e36 Filesystem access.
repo/packages/@n8n/node-cli/src/commands/release.test.ts:60
		await fs.writeFile(
			`${tmpdir}/package.json`,
			JSON.stringify({
				name: 'test-node',
				version: '1.0.0',
				n8n: {
					nodes: ['dist/nodes/TestNode.node.js'],
				},
			}),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7da56159ee563e80 Filesystem access.
repo/packages/@n8n/node-cli/src/commands/release.test.ts:70
		await fs.writeFile(`${tmpdir}/pnpm-lock.yaml`, '# pnpm lock file');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b19f94e360e8f72a Filesystem access.
repo/packages/@n8n/node-cli/src/commands/release.test.ts:80
		await fs.writeFile(
			`${tmpdir}/package.json`,
			JSON.stringify({
				name: 'test-node',
				version: '1.0.0',
				n8n: {
					nodes: ['dist/nodes/TestNode.node.js'],
				},
			}),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f383c2cf771d0213 Environment-variable access.
repo/packages/@n8n/node-cli/src/commands/release.test.ts:100
		process.env.GITHUB_ACTIONS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a965e48be0e21f6 Filesystem access.
repo/packages/@n8n/node-cli/src/commands/release.test.ts:102
		await fs.writeFile(
			`${tmpdir}/package.json`,
			JSON.stringify({
				name: 'test-node',
				version: '1.0.0',
				n8n: {
					nodes: ['dist/nodes/TestNode.node.js'],
				},
			}),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4aa97db28728fc31 Filesystem access.
repo/packages/@n8n/node-cli/src/commands/release.test.ts:112
		await fs.writeFile(`${tmpdir}/pnpm-lock.yaml`, '# pnpm lock file');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e5f58f73b9a5fce6 Filesystem access.
repo/packages/@n8n/node-cli/src/commands/release.test.ts:126
		await fs.writeFile(`${tmpdir}/pnpm-lock.yaml`, '# pnpm lock file');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd4aaaabd39843c6 Filesystem access.
repo/packages/@n8n/node-cli/src/commands/release.test.ts:140
			await fs.writeFile(`${tmpdir}/pnpm-lock.yaml`, '# pnpm lock file');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #248d0aca2ca57273 Filesystem access.
repo/packages/@n8n/node-cli/src/commands/release.test.ts:145
			const content = await fs.readFile(workflowPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #90367f1fb83012a8 Filesystem access.
repo/packages/@n8n/node-cli/src/commands/release.test.ts:160
		await fs.writeFile(workflowPath, originalContent);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5c04a9ded4255c42 Filesystem access.
repo/packages/@n8n/node-cli/src/commands/release.test.ts:164
		const content = await fs.readFile(workflowPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a1205b6f8e0f385c Environment-variable access.
repo/packages/@n8n/node-cli/src/commands/release.test.ts:172
		process.env.GITHUB_ACTIONS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6b90749e1076cf98 Filesystem access.
repo/packages/@n8n/node-cli/src/commands/release.test.ts:174
		await fs.writeFile(
			`${tmpdir}/package.json`,
			JSON.stringify({
				name: 'test-node',
				version: '1.0.0',
				n8n: {
					nodes: ['dist/nodes/TestNode.node.js'],
				},
			}),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e554ebcf140581ad Filesystem access.
repo/packages/@n8n/node-cli/src/commands/release.test.ts:184
		await fs.writeFile(`${tmpdir}/pnpm-lock.yaml`, '# pnpm lock file');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c92dc1b38ac3f8db Environment-variable access.
repo/packages/@n8n/node-cli/src/commands/release.ts:56
		const isCI = Boolean(process.env.GITHUB_ACTIONS);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5d526a959391a063 Filesystem access.
repo/packages/@n8n/node-cli/src/commands/release.ts:156
		const templateContent = await fs.readFile(templatePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e68ef0c81255b1c8 Filesystem access.
repo/packages/@n8n/node-cli/src/commands/release.ts:163
		await fs.writeFile(dest, rendered);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e9ec9d5116c33df Filesystem access.
repo/packages/@n8n/node-cli/src/configs/eslint.test.ts:50
			await fs.writeFile(pkgPath, packageJsonWithOverrides);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #07116761c5d00013 Filesystem access.
repo/packages/@n8n/node-cli/src/configs/eslint.test.ts:61
		await fs.writeFile(pkgPath, packageJsonWithLifecycleScript);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a4c0d3e466fdc68f Filesystem access.
repo/packages/@n8n/node-cli/src/configs/eslint.test.ts:71
		await fs.writeFile(pkgPath, packageJsonWithOverrides);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2c254f62311328df Filesystem access.
repo/packages/@n8n/node-cli/src/template/core.ts:75
			const content = await fs.readFile(file, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #004869bba7a3cce1 Filesystem access.
repo/packages/@n8n/node-cli/src/template/core.ts:79
				await fs.writeFile(file, newContent);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0f364d8bea946bd Filesystem access.
repo/packages/@n8n/node-cli/src/test-utils/matchers.ts:53
			content = await fs.readFile(fullPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0a75e8b18dfdfe53 Filesystem access.
repo/packages/@n8n/node-cli/src/test-utils/matchers.ts:90
			content = await fs.readFile(fullPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #477b6b9bfdc2daea Filesystem access.
repo/packages/@n8n/node-cli/src/test-utils/matchers.ts:114
			content = await fs.readFile(fullPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #75234b1b14d82fe4 Filesystem access.
repo/packages/@n8n/node-cli/src/test-utils/package-setup.ts:34
	await fs.writeFile(`${tmpdir}/package.json`, JSON.stringify(packageConfig, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52407b225ae19847 Filesystem access.
repo/packages/@n8n/node-cli/src/test-utils/package-setup.ts:37
		await fs.writeFile(`${tmpdir}/eslint.config.mjs`, DEFAULT_ESLINT_CONFIG);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #85050d526c279fad Filesystem access.
repo/packages/@n8n/node-cli/src/test-utils/package-setup.ts:39
		await fs.writeFile(`${tmpdir}/eslint.config.mjs`, options.eslintConfig);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #83feb9303f430d9f Filesystem access.
repo/packages/@n8n/node-cli/src/utils/filesystem.ts:58
	await fs.writeFile(filePath, contents);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0a7fb879c9c7659c Environment-variable access.
repo/packages/@n8n/node-cli/src/utils/package-manager.test.ts:20
			process.env.npm_config_user_agent = 'pnpm/8.6.0 npm/? node/v18.16.0 darwin x64';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d95577157be32dc5 Environment-variable access.
repo/packages/@n8n/node-cli/src/utils/package-manager.test.ts:28
			process.env.npm_config_user_agent = 'yarn/1.22.19 npm/? node/v18.16.0 darwin x64';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bbe20dbce35949e0 Environment-variable access.
repo/packages/@n8n/node-cli/src/utils/package-manager.test.ts:36
			process.env.npm_config_user_agent = 'npm/9.5.1 node/v18.16.0 darwin x64 workspaces/false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9697646814a15d3a Environment-variable access.
repo/packages/@n8n/node-cli/src/utils/package-manager.test.ts:44
			process.env.npm_config_user_agent = 'pnpm/8.6.0 yarn/1.22.19 npm/9.5.1 node/v18.16.0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cba99de606c3fef4 Environment-variable access.
repo/packages/@n8n/node-cli/src/utils/package-manager.test.ts:52
			process.env.npm_config_user_agent = 'yarn/1.22.19 npm/9.5.1 node/v18.16.0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #66e86a20bc934a7d Environment-variable access.
repo/packages/@n8n/node-cli/src/utils/package-manager.test.ts:60
			delete process.env.npm_config_user_agent;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #49fb94433c0d41cd Environment-variable access.
repo/packages/@n8n/node-cli/src/utils/package-manager.test.ts:68
			process.env.npm_config_user_agent = 'node/v18.16.0 darwin x64';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f62dc68cba55bdeb Environment-variable access.
repo/packages/@n8n/node-cli/src/utils/package-manager.test.ts:76
			process.env.npm_config_user_agent = '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5dbde1349c3b475b Environment-variable access.
repo/packages/@n8n/node-cli/src/utils/package-manager.test.ts:86
			process.env.npm_config_user_agent = 'pnpm/8.6.0 npm/? node/v18.16.0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bc8cbf505110830a Environment-variable access.
repo/packages/@n8n/node-cli/src/utils/package-manager.test.ts:96
				delete process.env.npm_config_user_agent;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e6e22ec85a35f706 Filesystem access.
repo/packages/@n8n/node-cli/src/utils/package-manager.test.ts:98
				await fs.writeFile(`${tmpdir}/package-lock.json`, '{}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4ac69deb48ecfdb1 Environment-variable access.
repo/packages/@n8n/node-cli/src/utils/package-manager.test.ts:109
				delete process.env.npm_config_user_agent;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b1a515e8a5951fd6 Filesystem access.
repo/packages/@n8n/node-cli/src/utils/package-manager.test.ts:111
				await fs.writeFile(`${tmpdir}/yarn.lock`, '');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #86e677cfac7c63ed Environment-variable access.
repo/packages/@n8n/node-cli/src/utils/package-manager.test.ts:122
				delete process.env.npm_config_user_agent;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1d31fce97a8b11c3 Filesystem access.
repo/packages/@n8n/node-cli/src/utils/package-manager.test.ts:124
				await fs.writeFile(`${tmpdir}/pnpm-lock.yaml`, '');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #182f0317146f9574 Environment-variable access.
repo/packages/@n8n/node-cli/src/utils/package-manager.test.ts:133
			delete process.env.npm_config_user_agent;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d82179ad051d3bcb Filesystem access.
repo/packages/@n8n/node-cli/src/utils/package-manager.test.ts:135
			await fs.writeFile(`${tmpdir}/package-lock.json`, '{}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #24a0fa859cbdc676 Filesystem access.
repo/packages/@n8n/node-cli/src/utils/package-manager.test.ts:136
			await fs.writeFile(`${tmpdir}/yarn.lock`, '');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #20725c7e35fcd4f2 Filesystem access.
repo/packages/@n8n/node-cli/src/utils/package-manager.test.ts:137
			await fs.writeFile(`${tmpdir}/pnpm-lock.yaml`, '');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e754b96ffe7e36e8 Environment-variable access.
repo/packages/@n8n/node-cli/src/utils/package-manager.test.ts:145
			delete process.env.npm_config_user_agent;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6203345d758beab0 Environment-variable access.
repo/packages/@n8n/node-cli/src/utils/package-manager.test.ts:153
			delete process.env.npm_config_user_agent;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f9cbac3328a11d13 Environment-variable access.
repo/packages/@n8n/node-cli/src/utils/package-manager.ts:7
		const ua = process.env['npm_config_user_agent'] ?? '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #96ccc0c1ff8afac8 Filesystem access.
repo/packages/@n8n/node-cli/src/utils/package.ts:23
	const packageJson = jsonParse<N8nPackageJson>(await fs.readFile(packageJsonPath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c8363b6f4e98251d Filesystem access.
repo/packages/@n8n/node-cli/src/utils/package.ts:37
	const packageJson = jsonParse<N8nPackageJson>(await fs.readFile(packageJsonPath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fe391aad3336f6af Filesystem access.
repo/packages/@n8n/node-cli/src/utils/prompts.ts:42
		const content = await fs.readFile(packageJsonPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e4cefa172a28572 Environment-variable access.
repo/packages/@n8n/node-cli/vite.config.ts:8
		reporters: process.env.CI === 'true' ? ['default', 'junit'] : ['default'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f458cc3b7a1f05ee Environment-variable access.
repo/packages/@n8n/node-cli/vite.config.ts:10
		...(process.env.COVERAGE_ENABLED === 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #91eb42c5440cc243 Environment-variable access.
repo/packages/@n8n/node-cli/vite.config.ts:15
						reporter: process.env.CI === 'true' ? ['cobertura'] : ['text-summary'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/@n8n/scan-community-package

npm first-party
expand_more 3 low-confidence finding(s)
low env_fs production #a53da5074ae37ef4 Filesystem access.
repo/packages/@n8n/scan-community-package/scanner/scanner.mjs:3
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5dca120f00451719 Filesystem access.
repo/packages/@n8n/scan-community-package/scanner/scanner.test.mjs:1
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cb89f7efbca9d3a2 Filesystem access.
repo/packages/@n8n/scan-community-package/scanner/scanner.test.mjs:18
		fs.writeFileSync(
			fullPath,
			typeof contents === 'string' ? contents : JSON.stringify(contents, null, 2),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/@n8n/typeorm

npm first-party
expand_more 8 low-confidence finding(s)
low env_fs production #f3873cfd684e2405 Environment-variable access.
repo/packages/@n8n/typeorm/src/driver/postgres/PostgresDriver.ts:320
			process.env.PGTZ = 'UTC';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4d27317883b407ff Filesystem access.
repo/packages/@n8n/typeorm/src/platform/PlatformTools.ts:2
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a667d755d172f2fe Filesystem access.
repo/packages/@n8n/typeorm/src/platform/PlatformTools.ts:6
export { ReadStream } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fe4778c403f9d5a6 Filesystem access.
repo/packages/@n8n/typeorm/src/platform/PlatformTools.ts:43
		return fs.readFileSync(filename);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #21db4f88115f3e2f Filesystem access.
repo/packages/@n8n/typeorm/src/platform/PlatformTools.ts:52
			fs.writeFile(path, data, (err) => {
				if (err) fail(err);
				ok();
			});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bc978de4e2bd79ce Environment-variable access.
repo/packages/@n8n/typeorm/src/platform/PlatformTools.ts:72
		return process.env[name];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #27a5a02e39b14ddb Filesystem access.
repo/packages/@n8n/typeorm/src/util/ImportUtils.ts:1
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #84d10d5cf3e61114 Filesystem access.
repo/packages/@n8n/typeorm/src/util/ImportUtils.ts:57
						fs.readFile(potentialPackageJson, 'utf8', (err, data) => {
							if (err != null) accept(null);
							else {
								try {
									accept(JSON.parse(data));
								} catch (err) {
									accept(null);
								}
							}
						});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/@n8n/vitest-config

npm first-party
expand_more 7 low-confidence finding(s)
low env_fs production #2aa01f6194e2683b Environment-variable access.
repo/packages/@n8n/vitest-config/frontend.ts:29
			reporters: process.env.CI === 'true' ? ['default', 'junit'] : ['default'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #af38c16347e7d412 Environment-variable access.
repo/packages/@n8n/vitest-config/frontend.ts:47
	if (process.env.COVERAGE_ENABLED === 'true' && vitestConfig.test?.coverage) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b5f51d27cd71c803 Environment-variable access.
repo/packages/@n8n/vitest-config/frontend.ts:50
		if (process.env.CI === 'true' && coverage.provider === 'v8') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c4b8046de8d0f899 Environment-variable access.
repo/packages/@n8n/vitest-config/node.ts:44
	if (process.env.CI !== 'true') return {};

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #92206ba54ee717ff Environment-variable access.
repo/packages/@n8n/vitest-config/node.ts:61
	reporters: process.env.CI === 'true' ? ['default', 'junit'] : ['default'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0df496929f53f66f Environment-variable access.
repo/packages/@n8n/vitest-config/node.ts:63
	...(process.env.COVERAGE_ENABLED === 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #748775fa03bc0632 Environment-variable access.
repo/packages/@n8n/vitest-config/node.ts:68
					reporter: process.env.CI === 'true' ? 'lcov' : 'text-summary',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/@n8n/workflow-sdk

npm first-party
expand_more 54 low-confidence finding(s)
low env_fs production #a0325d7f6a47c9f8 Filesystem access.
repo/packages/@n8n/workflow-sdk/scripts/create-workflows-zip.ts:11
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee0cd73abc8b770b Filesystem access.
repo/packages/@n8n/workflow-sdk/scripts/extract-workflows.ts:12
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #edc6798eca457851 Filesystem access.
repo/packages/@n8n/workflow-sdk/scripts/extract-workflows.ts:46
		fs.writeFileSync(outputPath, entry.getData());

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #560f66e725d32d05 Filesystem access.
repo/packages/@n8n/workflow-sdk/scripts/fetch-test-workflows.ts:18
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6ca1e0d379e0d3d5 Filesystem access.
repo/packages/@n8n/workflow-sdk/scripts/fetch-test-workflows.ts:87
		const manifest = JSON.parse(fs.readFileSync(manifestPath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #81738269ef92762e Filesystem access.
repo/packages/@n8n/workflow-sdk/scripts/fetch-test-workflows.ts:146
			fs.writeFileSync(outputPath, JSON.stringify(workflow, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f14b72e3bcf32567 Filesystem access.
repo/packages/@n8n/workflow-sdk/scripts/fetch-test-workflows.ts:162
		const manifest = JSON.parse(fs.readFileSync(manifestPath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #af560665fb3d4e10 Filesystem access.
repo/packages/@n8n/workflow-sdk/scripts/fetch-test-workflows.ts:179
	fs.writeFileSync(manifestPath, JSON.stringify(manifest, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9eeca22bd6033d1d Filesystem access.
repo/packages/@n8n/workflow-sdk/src/__tests__/fixtures-zip.ts:9
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e4da22c50f8ba8c1 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/__tests__/fixtures-zip.ts:48
	const manifest = JSON.parse(fs.readFileSync(MANIFEST_PATH, 'utf-8')) as Manifest;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d9b9ec8910041cce Filesystem access.
repo/packages/@n8n/workflow-sdk/src/__tests__/fixtures-zip.ts:105
	const manifest = JSON.parse(fs.readFileSync(MANIFEST_PATH, 'utf-8')) as Manifest;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #373ee4dc0959622c Filesystem access.
repo/packages/@n8n/workflow-sdk/src/cli/code-to-json.ts:1
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e5896609419ab010 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/cli/code-to-json.ts:26
		code = fs.readFileSync(filePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d040c3ed1285a04a Filesystem access.
repo/packages/@n8n/workflow-sdk/src/cli/code-to-json.ts:60
	fs.writeFileSync(outputPath, JSON.stringify(json, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7345558fcc1ae83d Filesystem access.
repo/packages/@n8n/workflow-sdk/src/cli/json-to-code.ts:1
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a3a90019ec1c2379 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/cli/json-to-code.ts:27
		const content = fs.readFileSync(filePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #509f902df910d5bc Filesystem access.
repo/packages/@n8n/workflow-sdk/src/cli/json-to-code.ts:75
	fs.writeFileSync(outputPath, code);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #24ac6e175de2cf3e Filesystem access.
repo/packages/@n8n/workflow-sdk/src/codegen/code-generator.test.ts:1
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e13f03d63a2817a5 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/codegen/code-generator.test.ts:2064
				const json = JSON.parse(fs.readFileSync(jsonPath, 'utf8')) as WorkflowJSON;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cb7ce1e4f48d6447 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/codegen/codegen-roundtrip.test.ts:1
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6465e5ed8c4bfec5 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/codegen/codegen-roundtrip.test.ts:51
	const manifest = JSON.parse(fs.readFileSync(manifestPath, 'utf-8')) as {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #158984d155a4d9f4 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/codegen/codegen-roundtrip.test.ts:71
			const json = JSON.parse(fs.readFileSync(filePath, 'utf-8')) as WorkflowJSON;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7c4edc7d5deffa82 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/generate-types/generate-node-defs-cli.test.ts:7
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a06ba88dab570ad4 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/generate-types/generate-node-defs-cli.test.ts:34
	await fs.promises.writeFile(nodesJsonPath, JSON.stringify(nodes));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8a19ffb2ba3520ce Filesystem access.
repo/packages/@n8n/workflow-sdk/src/generate-types/generate-node-defs-cli.test.ts:129
			const hashBefore = await fs.promises.readFile(path.join(outputDir, '.nodes-hash'), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fa2c3b41ee1f9906 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/generate-types/generate-node-defs-cli.test.ts:137
			await fs.promises.writeFile(nodesJsonPath, JSON.stringify([modifiedNode]));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #63ce89664d8818e2 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/generate-types/generate-node-defs-cli.test.ts:141
			const hashAfter = await fs.promises.readFile(path.join(outputDir, '.nodes-hash'), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #af9dc6f0639f6ff6 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/generate-types/generate-node-defs-cli.test.ts:218
				const tsContent = await fs.promises.readFile(path.join(nodeDir, 'v1.ts'), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7e43ced9fcd5168b Filesystem access.
repo/packages/@n8n/workflow-sdk/src/generate-types/generate-node-defs-cli.ts:17
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #14b5415d0fea8250 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/generate-types/generate-node-defs-cli.ts:47
		const pkg = JSON.parse(fs.readFileSync(sdkPackageJsonPath, 'utf-8')) as { version: string };

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b2d7af7c81fb3acd Filesystem access.
repo/packages/@n8n/workflow-sdk/src/generate-types/generate-node-defs-cli.ts:68
	const content = await fs.promises.readFile(nodesJsonPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3ef5544b9311b159 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/generate-types/generate-node-defs-cli.ts:76
		const existingHash = await fs.promises.readFile(hashFilePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4971efa2ffc0d39a Filesystem access.
repo/packages/@n8n/workflow-sdk/src/generate-types/generate-node-defs-cli.ts:99
	await fs.promises.writeFile(hashFilePath, inputHash);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b61ef43e7d093666 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/generate-types/generate-node-defs-cli.ts:111
	const packageJson = jsonParse<{ name: string }>(fs.readFileSync(packageJsonPath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f10614a0e3d8fa0a Filesystem access.
repo/packages/@n8n/workflow-sdk/src/generate-types/generate-types.test.ts:8
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ab94dcec73744c3b Filesystem access.
repo/packages/@n8n/workflow-sdk/src/generate-types/generate-types.test.ts:4993
				fs.writeFileSync(fullPath, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c90963ed6dfdbace Filesystem access.
repo/packages/@n8n/workflow-sdk/src/generate-types/generate-types.test.ts:5103
				fs.writeFileSync(fullPath, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e04a7e25ce9cbbb1 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/generate-types/generate-types.test.ts:5269
		const content = fs.readFileSync(indexFile, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #46ad282c1b47efca Filesystem access.
repo/packages/@n8n/workflow-sdk/src/generate-types/generate-types.ts:21
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e8dcbb13dee383de Filesystem access.
repo/packages/@n8n/workflow-sdk/src/generate-types/generate-types.ts:660
					const schemaContent = fs.readFileSync(filePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ad779bf62b1ae8ca Filesystem access.
repo/packages/@n8n/workflow-sdk/src/generate-types/generate-types.ts:686
					const schemaContent = fs.readFileSync(schemaPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9033d3be9dbef888 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/generate-types/generate-types.ts:4193
	const content = await fs.promises.readFile(jsonPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a6cd64b056ef31bc Filesystem access.
repo/packages/@n8n/workflow-sdk/src/generate-types/generate-types.ts:4323
		await Promise.all(batch.map((f) => fs.promises.writeFile(f.path, f.content)));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a3216c89d5d97599 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/generate-types/generate-types.ts:4490
		await fs.promises.writeFile(path.join(outputDir, 'index.ts'), indexContent);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b2bd0f0fce613745 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/generate-types/generate-types.ts:4544
		await fs.promises.writeFile(path.join(DEV_OUTPUT_PATH, 'index.ts'), placeholderContent);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1189c79c82d55c0b Filesystem access.
repo/packages/@n8n/workflow-sdk/src/real-workflow.test.ts:1
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ab3efa6d12029ce5 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/real-workflow.test.ts:28
		fs.writeFileSync(generatedPath, code, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7e0a79d5b325cd96 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/real-workflow.test.ts:48
	const manifest = JSON.parse(fs.readFileSync(manifestPath, 'utf-8')) as {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #62bededa7ef27221 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/real-workflow.test.ts:65
			const json = JSON.parse(fs.readFileSync(filePath, 'utf-8')) as WorkflowJSON;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #298a05689c15d8f6 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/validation/test-schema-setup.ts:10
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2791d13812a4f1c9 Environment-variable access.
repo/packages/@n8n/workflow-sdk/src/validation/test-schema-setup.ts:23
const WORKER_ID = process.env.VITEST_POOL_ID ?? '0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f96c2dbf40bff029 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/validation/test-schema-setup.ts:36
		const content = fs.readFileSync(generatorPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6ec6f858d40f34b4 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/validation/test-schema-setup.ts:51
		const storedHash = fs.readFileSync(STAMP_FILE, 'utf-8').trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #48ce515c2b8f3e33 Filesystem access.
repo/packages/@n8n/workflow-sdk/src/validation/test-schema-setup.ts:103
			fs.writeFileSync(STAMP_FILE, hash);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/frontend/@n8n/design-system

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #a1113dc81ac78077 Filesystem access.
repo/packages/frontend/@n8n/design-system/src/icons/lucide/vite.ts:36
			const raw = readFileSync(jsonPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/frontend/@n8n/i18n

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs test-only #9acb474ec530dc4e Environment-variable access.
repo/packages/frontend/@n8n/i18n/src/__tests__/setup.ts:2
process.env.TZ = 'UTC';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/frontend/@n8n/stores

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs test-only #97990bbc31e3916f Environment-variable access.
repo/packages/frontend/@n8n/stores/src/__tests__/setup.ts:5
process.env.TZ = 'UTC';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/node-dev

npm first-party
expand_more 5 low-confidence finding(s)
low env_fs production #2c79e03f137c6e07 Filesystem access.
repo/packages/node-dev/commands/new.ts:7
import { access } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2dbcf045069ac050 Filesystem access.
repo/packages/node-dev/src/Build.ts:6
import { copyFile, mkdir, readFile, writeFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c53c98532c57cdc4 Filesystem access.
repo/packages/node-dev/src/Build.ts:25
	const tsConfigString = await readFile(tsconfigPath, { encoding: 'utf8' });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9f1a8d8dececcde5 Filesystem access.
repo/packages/node-dev/src/Build.ts:39
	await writeFile(path, JSON.stringify(tsConfig, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #447b76990eaccf64 Filesystem access.
repo/packages/node-dev/src/Create.ts:1
import { copyFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/testing/code-health

npm first-party
expand_more 13 low-confidence finding(s)
low env_fs production #33064a60068204fb Environment-variable access.
repo/packages/testing/code-health/src/cli.ts:27
		changedFiles: parseChangedFiles(process.env.CODE_HEALTH_CHANGED_FILES),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #271c573703566f86 Environment-variable access.
repo/packages/testing/code-health/src/cli.ts:28
		addedFiles: parseChangedFiles(process.env.CODE_HEALTH_ADDED_FILES),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d0ef112af0dec156 Filesystem access.
repo/packages/testing/code-health/src/rules/catalog-violations.rule.test.ts:16
	fs.writeFileSync(fullPath, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ff47505eae690a17 Filesystem access.
repo/packages/testing/code-health/src/rules/migration-timestamp.rule.test.ts:25
	fs.writeFileSync(fullPath, 'export {};\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #40c071876d797eb4 Filesystem access.
repo/packages/testing/code-health/src/rules/stale-overrides.rule.test.ts:16
	fs.writeFileSync(fullPath, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f92031c13e4d3af7 Filesystem access.
repo/packages/testing/code-health/src/rules/subpath-purity.rule.test.ts:16
		writeFileSync(abs, source, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #25dbe6eca8ad65a8 Filesystem access.
repo/packages/testing/code-health/src/rules/workflow-pr-target-safety.rule.test.ts:16
	fs.writeFileSync(fullPath, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #54c3edeb77fb4864 Filesystem access.
repo/packages/testing/code-health/src/utils/node-modules-deps-scanner.ts:34
			pkg = JSON.parse(fs.readFileSync(filePath, 'utf-8')) as OnDiskPackageJson;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d9f7908e2eda7d97 Filesystem access.
repo/packages/testing/code-health/src/utils/overrides-parser.ts:21
	const content = fs.readFileSync(filePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ec662ed06a5f41e1 Filesystem access.
repo/packages/testing/code-health/src/utils/package-json-scanner.ts:28
	const content = fs.readFileSync(filePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0a3e7acc3605141 Filesystem access.
repo/packages/testing/code-health/src/utils/pnpm-lock-parser.ts:31
	const content = fs.readFileSync(filePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #978f0743caf4bb71 Filesystem access.
repo/packages/testing/code-health/src/utils/workflow-scanner.ts:35
	const content = fs.readFileSync(filePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #543ed242d0b4728f Filesystem access.
repo/packages/testing/code-health/src/utils/workspace-parser.ts:17
	const content = fs.readFileSync(filePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/testing/janitor

npm first-party
expand_more 66 low-confidence finding(s)
low env_fs production #ffc3e93f85fb9fc7 Filesystem access.
repo/packages/testing/janitor/src/cli.test.ts:92
			fs.writeFileSync(
				path.join(tempDir, 'tsconfig.json'),
				JSON.stringify({
					compilerOptions: {
						target: 'ES2020',
						module: 'ESNext',
						moduleResolution: 'node',
						strict: true,
					},
					include: ['**/*.ts'],
				}),
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1d93fe9fd80d3a70 Filesystem access.
repo/packages/testing/janitor/src/cli.test.ts:106
			fs.writeFileSync(
				path.join(tempDir, 'janitor.config.js'),
				`module.exports = {
					rootDir: '${tempDir}',
					patterns: {
						pages: ['pages/**/*.ts'],
						components: [],
						flows: [],
						tests: ['tests/**/*.spec.ts'],
						services: [],
						fixtures: [],
						helpers: [],
						factories: [],
						testData: [],
					},
					excludeFromPages: [],
					facade: { file: 'pages/AppPage.ts', className: 'AppPage', excludeTypes: [] },
					fixtureObjectName: 'app',
					apiFixtureName: 'api',
					rawApiPatterns: [],
					flowLayerName: 'Composable',
					architectureLayers: [],
					rules: {},
				};`,
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e9326b79cb65b349 Filesystem access.
repo/packages/testing/janitor/src/cli.test.ts:142
			fs.writeFileSync(path.join(tempDir, 'pages', 'CleanPage.ts'), 'export class CleanPage {}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7db301257b702fc6 Filesystem access.
repo/packages/testing/janitor/src/cli.test.ts:165
			fs.writeFileSync(
				path.join(tempDir, 'pages', 'VerbosePage.ts'),
				'export class VerbosePage {}',
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4964ab8335e6e83e Filesystem access.
repo/packages/testing/janitor/src/cli.test.ts:186
			fs.writeFileSync(
				path.join(tempDir, 'pages', 'BaselinePage.ts'),
				'export class BaselinePage {}',
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a17f5deb63a461f0 Environment-variable access.
repo/packages/testing/janitor/src/cli.ts:451
	const attempt = Number(process.env.GITHUB_RUN_ATTEMPT ?? '1');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4c6a111e6bc2739f Environment-variable access.
repo/packages/testing/janitor/src/cli.ts:460
		firstNonEmpty(options.url, process.env.JANITOR_FILTER_SHARD_URL) ?? DEFAULT_FILTER_SHARD_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #730fd2eb835ca853 Environment-variable access.
repo/packages/testing/janitor/src/cli.ts:461
	const runId = process.env.GITHUB_RUN_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #76a448495f79c387 Filesystem access.
repo/packages/testing/janitor/src/cli.ts:546
		const includeRaw = fs.readFileSync(options.includeSpecsFile, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #18b95542fa8b0b16 Filesystem access.
repo/packages/testing/janitor/src/cli.ts:568
				const raw = JSON.parse(fs.readFileSync(metricsPath, 'utf-8')) as {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #01ec2a9e04b540bb Environment-variable access.
repo/packages/testing/janitor/src/cli.ts:610
	const env = process.env.CHANGED_FILES;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6273ec3383506985 Filesystem access.
repo/packages/testing/janitor/src/cli.ts:670
	const inputs = files.map((f) => ({ text: fs.readFileSync(f, 'utf8'), spec: f }));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d6b5fe0e7f5ed724 Filesystem access.
repo/packages/testing/janitor/src/cli.ts:672
	fs.writeFileSync(options.outLcov, result.lcov);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb05a0ff18ec49f4 Filesystem access.
repo/packages/testing/janitor/src/cli.ts:674
	fs.writeFileSync(options.outMap, JSON.stringify(encodeImpactMap(result.impactMap)));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #252a57aab492b3de Filesystem access.
repo/packages/testing/janitor/src/core/affected-packages-analyzer.test.ts:25
	writeFileSync(
		join(root, 'pnpm-workspace.yaml'),
		`packages:\n${opts.patterns.map((p) => `  - '${p}'`).join('\n')}\n`,
	);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1c61aa138b3e4bfc Filesystem access.
repo/packages/testing/janitor/src/core/affected-packages-analyzer.test.ts:29
	writeFileSync(join(root, 'package.json'), JSON.stringify({ name: 'monorepo-root' }));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ab2f5a48cbbc7f55 Filesystem access.
repo/packages/testing/janitor/src/core/affected-packages-analyzer.test.ts:38
		writeFileSync(join(pkgDir, 'package.json'), JSON.stringify(pkg));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52fec950277f6469 Filesystem access.
repo/packages/testing/janitor/src/core/affected-packages-analyzer.test.ts:42
		writeFileSync(
			join(root, 'turbo.json'),
			JSON.stringify({
				tasks: Object.fromEntries(opts.turboTasks.map((t) => [t.taskId, { inputs: t.inputs }])),
			}),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #42f32a7451e0d155 Filesystem access.
repo/packages/testing/janitor/src/core/affected-packages-analyzer.ts:18
		return JSON.parse(readFileSync(path, 'utf-8')) as T;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3bf6f9280715e4d2 Filesystem access.
repo/packages/testing/janitor/src/core/affected-packages-analyzer.ts:42
		(parseYaml(readFileSync(wsFile, 'utf-8')) as { packages?: string[] } | null)?.packages ?? [];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b8c2f4f42ea1cc61 Filesystem access.
repo/packages/testing/janitor/src/core/ast-diff-analyzer.ts:81
		const currentContent = fs.readFileSync(filePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2859c02d618fb170 Filesystem access.
repo/packages/testing/janitor/src/core/baseline.test.ts:42
			fs.writeFileSync(path.join(tempDir, '.janitor-baseline.json'), '{}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #75e03402dc1d0014 Filesystem access.
repo/packages/testing/janitor/src/core/impact-analyzer.ts:315
				const content = fs.readFileSync(file, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #549ccf7eb5e31741 Filesystem access.
repo/packages/testing/janitor/src/core/inventory-analyzer.test.ts:24
		fs.writeFileSync(fullPath, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f72c2a80b674b0a6 Filesystem access.
repo/packages/testing/janitor/src/core/inventory-analyzer.test.ts:49
		fs.writeFileSync(
			path.join(tempDir, 'tsconfig.json'),
			JSON.stringify({
				compilerOptions: {
					target: 'ES2020',
					module: 'ESNext',
					moduleResolution: 'node',
					strict: true,
				},
				include: ['**/*.ts'],
			}),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #10e787694ffa3553 Filesystem access.
repo/packages/testing/janitor/src/core/inventory-analyzer.test.ts:203
			fs.writeFileSync(
				path.join(tempDir, 'workflows', 'simple-webhook.json'),
				JSON.stringify({ name: 'Simple Webhook' }),
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #903c6addc23c4bd0 Filesystem access.
repo/packages/testing/janitor/src/core/inventory-analyzer.test.ts:207
			fs.writeFileSync(
				path.join(tempDir, 'workflows', 'complex-flow.json'),
				JSON.stringify({ name: 'Complex Flow' }),
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ac8ac7ca500efba1 Filesystem access.
repo/packages/testing/janitor/src/core/inventory-analyzer.test.ts:346
			fs.writeFileSync(
				path.join(tempDir, 'workflows', 'test-workflow.json'),
				JSON.stringify({ name: 'Test' }),
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a024f1e567ce235c Filesystem access.
repo/packages/testing/janitor/src/core/method-usage-analyzer.ts:114
			const content = fs.readFileSync(testFilePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f9c110dc214272d8 Filesystem access.
repo/packages/testing/janitor/src/core/project-loader.test.ts:24
		fs.writeFileSync(path.join(tempDir, 'tsconfig.json'), JSON.stringify(tsconfig, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b91669628f14fecb Filesystem access.
repo/packages/testing/janitor/src/core/project-loader.test.ts:52
			fs.writeFileSync(path.join(pagesDir, 'TestPage.ts'), 'export class TestPage { foo() {} }');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #17e0a8b82594d9f4 Filesystem access.
repo/packages/testing/janitor/src/core/project-loader.test.ts:65
			fs.writeFileSync(
				path.join(tempDir, 'TestClass.ts'),
				`export class TestClass {
					publicMethod() { return 1; }
					private privateMethod() { return 2; }
				}`,
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #77ef7cdd762250a0 Filesystem access.
repo/packages/testing/janitor/src/core/read-lockfile-importers.ts:25
		doc = parse(readFileSync(lockPath, 'utf8')) as typeof doc;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a4386bc33688d166 Filesystem access.
repo/packages/testing/janitor/src/core/read-manifest-diffs.ts:17
		return existsSync(abs) ? readFileSync(abs, 'utf8') : '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c2413157115129eb Filesystem access.
repo/packages/testing/janitor/src/core/scope-analyzer.test.ts:12
	writeFileSync(join(pkgDir, 'package.json'), JSON.stringify({ name: 'some-pkg' }));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a8b8a8db832f104 Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:28
		fs.writeFileSync(path.join(tempDir, 'pages', '.gitkeep'), '');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #894edabe344cf41a Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:29
		fs.writeFileSync(path.join(tempDir, 'tests', '.gitkeep'), '');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e440827869f505c9 Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:32
		fs.writeFileSync(
			path.join(tempDir, 'tsconfig.json'),
			JSON.stringify({
				compilerOptions: {
					target: 'ES2020',
					module: 'ESNext',
					moduleResolution: 'node',
					strict: true,
					skipLibCheck: true,
					noEmit: true,
				},
				include: ['**/*.ts'],
			}),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #08c731735dea9f85 Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:48
		fs.writeFileSync(
			path.join(tempDir, 'package.json'),
			JSON.stringify({
				name: 'tcr-test',
				scripts: {
					typecheck: 'tsc --noEmit',
				},
			}),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f3d683eb701f7157 Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:97
			fs.writeFileSync(path.join(tempDir, 'pages', 'NewPage.ts'), 'export class NewPage {}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d8dda55ac7456c5b Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:108
			fs.writeFileSync(path.join(tempDir, 'pages', 'TestPage.ts'), 'export class TestPage {}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5965bf7a9fd6edfa Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:112
			fs.writeFileSync(
				path.join(tempDir, 'pages', 'TestPage.ts'),
				'export class TestPage { modified() {} }',
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c4d74b3cb3aad441 Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:136
			fs.writeFileSync(
				path.join(newDir, 'new-feature.spec.ts'),
				'import { test } from "@playwright/test"; test("new feature", () => {});',
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ef851d4e8ec67aa Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:158
			fs.writeFileSync(
				path.join(newDir, 'staged-feature.spec.ts'),
				'export const test = { name: "staged feature test" };\n',
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aaee5cb153f13496 Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:167
			fs.writeFileSync(
				path.join(tempDir, 'package.json'),
				JSON.stringify({ name: 'tcr-test', scripts: { typecheck: 'node -e ""' } }),
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c8b5d1436e6fa6db Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:188
			fs.writeFileSync(
				path.join(tempDir, 'pages', 'ToDelete.ts'),
				'export class ToDelete { method() {} }',
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c0499455b8687de9 Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:205
			fs.writeFileSync(
				path.join(tempDir, 'pages', 'OldName.ts'),
				'export class OldName { method() {} }',
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e85daa9076c770ff Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:225
			fs.writeFileSync(
				path.join(tempDir, 'MethodClass.ts'),
				`export class MethodClass {
	existing() {}
}`,
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9cd75611690784e5 Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:234
			fs.writeFileSync(
				path.join(tempDir, 'MethodClass.ts'),
				`export class MethodClass {
	existing() {}
	newMethod() {}
}`,
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bdebc6ac8c73284b Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:254
			fs.writeFileSync(
				path.join(tempDir, 'RemoveClass.ts'),
				`export class RemoveClass {
	keepMe() {}
	removeMe() {}
}`,
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b49a432ea78ad23c Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:264
			fs.writeFileSync(
				path.join(tempDir, 'RemoveClass.ts'),
				`export class RemoveClass {
	keepMe() {}
}`,
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1407c43c5a0f484a Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:283
			fs.writeFileSync(
				path.join(tempDir, 'ModifyClass.ts'),
				`export class ModifyClass {
	myMethod() { return 1; }
}`,
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #acf7f608b1ff3ed2 Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:292
			fs.writeFileSync(
				path.join(tempDir, 'ModifyClass.ts'),
				`export class ModifyClass {
	myMethod() { return 2; }
}`,
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #71c301a48d1fa3f7 Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:313
			fs.writeFileSync(path.join(tempDir, 'pages', 'LargePage.ts'), 'export class LargePage {}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3f8c69e030fbec6b Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:318
			fs.writeFileSync(path.join(tempDir, 'pages', 'LargePage.ts'), largeContent);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3ed03a3025131831 Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:330
			fs.writeFileSync(path.join(tempDir, 'pages', 'SmallPage.ts'), 'export class SmallPage {}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fe78e04e8b9b16e1 Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:334
			fs.writeFileSync(
				path.join(tempDir, 'pages', 'SmallPage.ts'),
				'export class SmallPage { x = 1; }',
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #df97b394bbee9437 Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:387
			fs.writeFileSync(path.join(tempDir, 'pages', 'OtherPage.ts'), 'export class OtherPage {}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d5bc6ec4b1672071 Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:400
			fs.writeFileSync(
				path.join(tempDir, 'pages', 'PageA.ts'),
				`import { PageB } from './PageB';
				export class PageA {}`,
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #074eb723120b47d0 Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:405
			fs.writeFileSync(path.join(tempDir, 'pages', 'PageB.ts'), 'export class PageB {}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e5155e04de0421aa Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:437
			fs.writeFileSync(path.join(tempDir, 'pages', 'DryRunPage.ts'), 'export class DryRunPage {}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #21568f48cdc03332 Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:452
			fs.writeFileSync(path.join(tempDir, 'pages', 'ResultPage.ts'), 'export class ResultPage {}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c601a8e7fafce9f1 Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:483
			fs.writeFileSync(
				path.join(tempDir, 'tests', 'example.spec.ts'),
				'import { test } from "@playwright/test"; test("example", () => {});',
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f98e58614fc29a1f Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:569
			fs.writeFileSync(path.join(tempDir, 'pages', 'FailPage.ts'), 'export class FailPage {}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #42ff95dfd87cd2af Filesystem access.
repo/packages/testing/janitor/src/core/tcr-executor.test.ts:574
			fs.writeFileSync(headFile, 'corrupted');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f2e1ea5b9b18aef8 Environment-variable access.
repo/packages/testing/janitor/vitest.config.ts:9
	process.env.CI === 'true' ? { pool: 'forks' as const, maxWorkers: '50%' } : {};

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/testing/performance

npm first-party
expand_more 10 low-confidence finding(s)
low env_fs production #f5e7936fcdbc3962 Filesystem access.
repo/packages/testing/performance/scripts/check-regression.mjs:13
import { readFileSync, existsSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2cdea029cf3b3e5d Filesystem access.
repo/packages/testing/performance/scripts/check-regression.mjs:34
const baseline = JSON.parse(readFileSync(BASELINE_PATH, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #49cf09ff58a17b0d Filesystem access.
repo/packages/testing/performance/scripts/check-regression.mjs:35
const current = JSON.parse(readFileSync(CURRENT_PATH, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #be341fd8f82f5350 Filesystem access.
repo/packages/testing/performance/scripts/extract-expressions.mjs:12
import { readFileSync, writeFileSync, readdirSync, existsSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c689ac6e1f604b94 Filesystem access.
repo/packages/testing/performance/scripts/extract-expressions.mjs:81
		const wf = JSON.parse(readFileSync(join(inputDir, file), 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c5b68a64e0755525 Filesystem access.
repo/packages/testing/performance/scripts/extract-expressions.mjs:166
writeFileSync(outputPath, JSON.stringify(fixture, null, '\t'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #75da5dce07281a09 Filesystem access.
repo/packages/testing/performance/scripts/save-baseline.mjs:9
import { readFileSync, writeFileSync, existsSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1473c914767bf2ca Filesystem access.
repo/packages/testing/performance/scripts/save-baseline.mjs:39
const results = JSON.parse(readFileSync(resultsPath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a18b6d4cafac8e87 Filesystem access.
repo/packages/testing/performance/scripts/save-baseline.mjs:69
writeFileSync(baselinePath, JSON.stringify(results, null, '\t'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #23290d8164d1cb11 Environment-variable access.
repo/packages/testing/performance/vitest.config.ts:5
	plugins: [process.env.CODSPEED ? codspeedPlugin() : null].filter(Boolean),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/testing/rules-engine

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #8bb19b7a5d3b3ff6 Filesystem access.
repo/packages/testing/rules-engine/src/baseline.ts:33
		const content = fs.readFileSync(filePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #130c6983ac7decdb Filesystem access.
repo/packages/testing/rules-engine/src/baseline.ts:74
	fs.writeFileSync(filePath, JSON.stringify(baseline, null, '\t') + '\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/testing/test-impact

npm first-party
expand_more 22 low-confidence finding(s)
low env_fs production #3b3711a215c88c0d Filesystem access.
repo/packages/testing/test-impact/src/map-build.test.ts:49
		writeFileSync(join(bs, 'spec_a', '.spec'), 'tests/e2e/a.spec.ts');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #99a2dfd0d57a7872 Filesystem access.
repo/packages/testing/test-impact/src/map-build.test.ts:50
		writeFileSync(join(bs, 'spec_a', 'raw-1.json'), '{}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #17d4be0e1f6a735b Filesystem access.
repo/packages/testing/test-impact/src/map-build.test.ts:52
		writeFileSync(join(bs, 'no_marker', 'raw-1.json'), '{}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bc899b57eb85406a Filesystem access.
repo/packages/testing/test-impact/src/map-build.test.ts:54
		writeFileSync(join(bs, 'no_raw', '.spec'), 'x');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #27abe73ffcefa2ed Filesystem access.
repo/packages/testing/test-impact/src/map-build.test.ts:57
		writeFileSync(join(bs, 'spec_jsonl', '.spec'), 'tests/e2e/b.spec.ts');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #44c91e31fdf38cc2 Filesystem access.
repo/packages/testing/test-impact/src/map-build.test.ts:58
		writeFileSync(join(bs, 'spec_jsonl', 'raw-1.jsonl'), '{}\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2c663fce0ae4a7d9 Filesystem access.
repo/packages/testing/test-impact/src/map-build.ts:66
		const spec = readFileSync(specMarker, 'utf8').trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3914551de5981bae Filesystem access.
repo/packages/testing/test-impact/src/map-build.ts:84
		writeFileSync(
			join(outDir, `${slug}${suffix}.lcov`),
			forceSpecTn(readFileSync(lcovPath, 'utf8'), spec),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7ff42735344563a1 Filesystem access.
repo/packages/testing/test-impact/src/map-build.ts:86
			forceSpecTn(readFileSync(lcovPath, 'utf8'), spec),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f65800f3a60a4d2e Filesystem access.
repo/packages/testing/test-impact/src/select.test.ts:29
		fs.writeFileSync(p, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #51fdbfb1ecb142ce Filesystem access.
repo/packages/testing/test-impact/src/select.test.ts:57
		fs.writeFileSync(mapPath, '{not valid json,,,');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c6471730ddc2ddb3 Filesystem access.
repo/packages/testing/test-impact/src/select.test.ts:73
		fs.writeFileSync(mapPath, '{}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d6849298db716122 Filesystem access.
repo/packages/testing/test-impact/src/select.test.ts:92
		fs.writeFileSync(mapPath, JSON.stringify(interned));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fd595a45eb614add Filesystem access.
repo/packages/testing/test-impact/src/select.test.ts:109
		fs.writeFileSync(mapPath, JSON.stringify(map));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f07d19b2faf9f365 Filesystem access.
repo/packages/testing/test-impact/src/select.test.ts:127
		fs.writeFileSync(mapPath, JSON.stringify(map));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0c1a586f3f6cb5ca Filesystem access.
repo/packages/testing/test-impact/src/select.test.ts:140
		fs.writeFileSync(mapPath, JSON.stringify(map));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1c48bef79e8d64a4 Filesystem access.
repo/packages/testing/test-impact/src/select.test.ts:155
		fs.writeFileSync(mapPath, JSON.stringify(map));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9f3d3cea34bf13f3 Filesystem access.
repo/packages/testing/test-impact/src/select.test.ts:169
		fs.writeFileSync(mapPath, JSON.stringify(map));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #84fe11b71c2e6eed Filesystem access.
repo/packages/testing/test-impact/src/select.test.ts:191
		fs.writeFileSync(mapPath, JSON.stringify(map));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #402db84f83a1b940 Filesystem access.
repo/packages/testing/test-impact/src/select.test.ts:204
		fs.writeFileSync(mapPath, JSON.stringify(map));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a50f3343f0624495 Filesystem access.
repo/packages/testing/test-impact/src/select.ts:70
		const parsed: unknown = JSON.parse(fs.readFileSync(mapFile, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #636ec01a82849b35 Filesystem access.
repo/packages/testing/test-impact/src/select.ts:93
		? parseSpecList(fs.readFileSync(input.allSpecsFile, 'utf8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

</> Dependencies

@oclif/core

npm dependency
expand_more 20 low-confidence finding(s)
low env_fs dependency Excluded from app score #cd781fb3d993bbef Environment-variable access.
pkgs/npm/@[email protected]/lib/command.js:323
        keys.map((key) => delete process.env[key]);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34ca7bf6d8eb768c Environment-variable access.
pkgs/npm/@[email protected]/lib/config/config.js:201
        const base = process.env[`XDG_${category.toUpperCase()}_HOME`] ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e9fbbcae1474ded Environment-variable access.
pkgs/npm/@[email protected]/lib/config/config.js:202
            (this.windows && process.env.LOCALAPPDATA) ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e98994893f052cf Environment-variable access.
pkgs/npm/@[email protected]/lib/config/config.js:310
        this.home = process.env.HOME || (this.windows && this.windowsHome()) || (0, os_1.getHomeDir)() || (0, node_os_1.tmpdir)();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bda0e2c29a41ba68 Environment-variable access.
pkgs/npm/@[email protected]/lib/config/config.js:548
        return process.env[this.scopedEnvVarKeys(k).find((k) => process.env[k])];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a103f154e82d8bf2 Environment-variable access.
pkgs/npm/@[email protected]/lib/config/config.js:579
        return process.env.HOMEDRIVE && process.env.HOMEPATH && (0, node_path_1.join)(process.env.HOMEDRIVE, process.env.HOMEPATH);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5243e6958ca147bd Environment-variable access.
pkgs/npm/@[email protected]/lib/config/config.js:582
        return process.env.USERPROFILE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #384667ec5742c495 Environment-variable access.
pkgs/npm/@[email protected]/lib/config/config.js:587
        const SHELL = process.env.SHELL ?? (0, node_os_1.userInfo)().shell?.split(node_path_1.sep)?.pop();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2302b9f8f395711f Environment-variable access.
pkgs/npm/@[email protected]/lib/config/plugin.js:222
                if (!process.env.OCLIF_NEXT_VERSION && manifest.version.split('-')[0] !== this.version.split('-')[0]) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1bcc53affa6b68af Environment-variable access.
pkgs/npm/@[email protected]/lib/config/ts-path.js:266
        debug(`Skipping typescript path lookup for ${root} because it's an ESM module (NODE_ENV: ${process.env.NODE_ENV}, root plugin module type: ${rootPlugin?.moduleType})`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #36d23f155ecda260 Environment-variable access.
pkgs/npm/@[email protected]/lib/execute.js:55
        process.env.NODE_ENV = 'development';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cbc17f422d429a0f Environment-variable access.
pkgs/npm/@[email protected]/lib/parser/parse.js:16
        process.env.CLI_FLAGS_DEBUG === '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7995b9464fb07d72 Environment-variable access.
pkgs/npm/@[email protected]/lib/parser/parse.js:337
            if (fws.inputFlag.flag.env && process.env[fws.inputFlag.flag.env]) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86c986d4a43e4b60 Environment-variable access.
pkgs/npm/@[email protected]/lib/parser/parse.js:338
                const valueFromEnv = process.env[fws.inputFlag.flag.env];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04c9ca831958dc0f Environment-variable access.
pkgs/npm/@[email protected]/lib/parser/parse.js:348
                        valueFunction: async (i) => (0, util_1.isTruthy)(process.env[i.inputFlag.flag.env] ?? 'false'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6bdd18150da756a8 Environment-variable access.
pkgs/npm/@[email protected]/lib/screen.js:18
const columns = Number.parseInt(process.env.OCLIF_COLUMNS, 10) || settings_1.settings.columns;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67c0daf37d926757 Environment-variable access.
pkgs/npm/@[email protected]/lib/util/read-pjson.js:16
    if (process.env.OCLIF_DISABLE_RC) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2fa00fc0d1ef06df Environment-variable access.
pkgs/npm/@[email protected]/lib/util/util.js:58
    return !['development', 'test'].includes(process.env.NODE_ENV ?? '');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5fd014adbf0e91ec Environment-variable access.
pkgs/npm/@[email protected]/lib/ux/index.js:29
    !process.env.CI &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea84b2a881ee55dc Environment-variable access.
pkgs/npm/@[email protected]/lib/ux/index.js:30
    !['dumb', 'emacs-color'].includes(process.env.TERM) &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

fast-glob

npm dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #fae6a2af959177b6 Filesystem access.
pkgs/npm/[email protected]/out/readers/reader.d.ts:2
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #46c9891d261a5b16 Filesystem access.
pkgs/npm/[email protected]/out/settings.js:4
const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #08cdd430e20f32c5 Filesystem access.
pkgs/npm/[email protected]/out/utils/fs.d.ts:2
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

n8n-core

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #21d9db85f187b048 Filesystem access.
pkgs/npm/[email protected]/bin/common.js:13
	await writeFile(filePath, payload, { encoding: 'utf-8' });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

replace-in-file

npm dependency
expand_more 118 low-confidence finding(s)
low env_fs dependency Excluded from app score #b5386f738eb2d6f6 Filesystem access.
pkgs/npm/[email protected]/src/helpers/config.js:16
  const json = await fs.readFile(path.resolve(file), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d19add3e8cdc390 Filesystem access.
pkgs/npm/[email protected]/src/helpers/config.spec.js:36
      fs.writeFileSync('config.json', JSON.stringify(config), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91236d788b8bc38f Filesystem access.
pkgs/npm/[email protected]/src/helpers/process.js:29
  const contents = fsSync.readFileSync(file, encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d01b3b95efd6847b Filesystem access.
pkgs/npm/[email protected]/src/helpers/process.js:36
    fsSync.writeFileSync(file, newContents, encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #27977d97941ee326 Filesystem access.
pkgs/npm/[email protected]/src/helpers/process.js:72
  const contents = await fs.readFile(file, encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a92489cbf38ea991 Filesystem access.
pkgs/npm/[email protected]/src/helpers/process.js:79
    await fs.writeFile(file, newContents, encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5518e5c7570d342f Filesystem access.
pkgs/npm/[email protected]/src/helpers/replace.js:93
  const contents = fsSync.readFileSync(source, encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e29e30e84764b33 Filesystem access.
pkgs/npm/[email protected]/src/helpers/replace.js:105
    fsSync.writeFileSync(target, newContents, encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0d98700efe44340 Filesystem access.
pkgs/npm/[email protected]/src/helpers/replace.js:119
  const contents = await fs.readFile(source, encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dffaa44a5176d384 Filesystem access.
pkgs/npm/[email protected]/src/helpers/replace.js:131
    await fs.writeFile(target, newContents, encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b4fcbc0a93c93770 Filesystem access.
pkgs/npm/[email protected]/src/process-file.spec.js:23
    fsAsync.writeFile('test1', testData, 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #95a53d6dc2c6d53e Filesystem access.
pkgs/npm/[email protected]/src/process-file.spec.js:24
    fsAsync.writeFile('test2', testData, 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #780c004c5ad603e7 Filesystem access.
pkgs/npm/[email protected]/src/process-file.spec.js:25
    fsAsync.writeFile('test3', 'nope', 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5dd38c6f2918fe1 Filesystem access.
pkgs/npm/[email protected]/src/process-file.spec.js:67
        const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82041ae65c136a3e Filesystem access.
pkgs/npm/[email protected]/src/process-file.spec.js:68
        const test2 = fs.readFileSync('test2', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec5cea772f510fb9 Filesystem access.
pkgs/npm/[email protected]/src/process-file.spec.js:83
        const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #500273cac963a7be Filesystem access.
pkgs/npm/[email protected]/src/process-file.spec.js:84
        const test2 = fs.readFileSync('test2', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #051a0d41cf23a6e6 Filesystem access.
pkgs/npm/[email protected]/src/process-file.spec.js:97
        const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d0d6803bf89d7127 Filesystem access.
pkgs/npm/[email protected]/src/process-file.spec.js:98
        const test2 = fs.readFileSync('test2', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad4cdea05330baef Filesystem access.
pkgs/npm/[email protected]/src/process-file.spec.js:111
        const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0591115622e0d2e7 Filesystem access.
pkgs/npm/[email protected]/src/process-file.spec.js:123
        const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b07e9cefddc263f Filesystem access.
pkgs/npm/[email protected]/src/process-file.spec.js:124
        const test2 = fs.readFileSync('test2', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9024803d332df562 Filesystem access.
pkgs/npm/[email protected]/src/process-file.spec.js:137
        const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #111f9e595a11ddbd Filesystem access.
pkgs/npm/[email protected]/src/process-file.spec.js:138
        const test2 = fs.readFileSync('test2', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6aab0b4fc38e81ba Filesystem access.
pkgs/npm/[email protected]/src/process-file.spec.js:152
        const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7317ae4e7b5e29fb Filesystem access.
pkgs/npm/[email protected]/src/process-file.spec.js:153
        const test2 = fs.readFileSync('test2', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #40ea96a3bb98a9b3 Filesystem access.
pkgs/npm/[email protected]/src/process-file.spec.js:166
        const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f4ba3f61b3db624 Filesystem access.
pkgs/npm/[email protected]/src/process-file.spec.js:256
        const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e49ba162b6170478 Filesystem access.
pkgs/npm/[email protected]/src/process-file.spec.js:257
        const test2 = fs.readFileSync('test2', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bce79d98dae277e5 Filesystem access.
pkgs/npm/[email protected]/src/process-file.spec.js:292
        const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b419d461817e3b4c Filesystem access.
pkgs/npm/[email protected]/src/process-file.spec.js:305
        const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c96c648a7a4d0025 Filesystem access.
pkgs/npm/[email protected]/src/process-file.spec.js:350
      const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ab7c4a7c001cb84 Filesystem access.
pkgs/npm/[email protected]/src/process-file.spec.js:351
      const test2 = fs.readFileSync('test2', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e578c63be8a8c1a4 Filesystem access.
pkgs/npm/[email protected]/src/process-file.spec.js:362
      const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70a07a9c87472446 Filesystem access.
pkgs/npm/[email protected]/src/process-file.spec.js:372
      const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ed1fd05db610e47 Filesystem access.
pkgs/npm/[email protected]/src/process-file.spec.js:373
      const test2 = fs.readFileSync('test2', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #497ea47539821f5a Filesystem access.
pkgs/npm/[email protected]/src/process-file.spec.js:384
      const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6700b8cfe8ea765 Filesystem access.
pkgs/npm/[email protected]/src/process-file.spec.js:385
      const test2 = fs.readFileSync('test2', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad14660f18088044 Filesystem access.
pkgs/npm/[email protected]/src/process-file.spec.js:441
      const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #459d170dace3fbe4 Filesystem access.
pkgs/npm/[email protected]/src/process-file.spec.js:442
      const test2 = fs.readFileSync('test2', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f17c67ab4583491 Filesystem access.
pkgs/npm/[email protected]/src/process-file.spec.js:454
      const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd8bea1f24db5852 Filesystem access.
pkgs/npm/[email protected]/src/process-file.spec.js:455
      const test2 = fs.readFileSync('test2', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f83bf849a0176c75 Filesystem access.
pkgs/npm/[email protected]/src/process-file.spec.js:467
      const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86f48fb0adf31a51 Filesystem access.
pkgs/npm/[email protected]/src/process-file.spec.js:468
      const test2 = fs.readFileSync('test2', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a55819c1ec1d97d9 Filesystem access.
pkgs/npm/[email protected]/src/process-file.spec.js:480
      const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2dde4b205beb7e4c Filesystem access.
pkgs/npm/[email protected]/src/process-file.spec.js:481
      const test2 = fs.readFileSync('test2', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc3bd1519158311a Filesystem access.
pkgs/npm/[email protected]/src/process-file.spec.js:493
      const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54dfb99ada7d3d54 Filesystem access.
pkgs/npm/[email protected]/src/process-file.spec.js:494
      const test2 = fs.readFileSync('test2', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5ddcc617a12db18 Filesystem access.
pkgs/npm/[email protected]/src/process-file.spec.js:519
      const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5222801bfd8e74df Filesystem access.
pkgs/npm/[email protected]/src/process-file.spec.js:520
      const test2 = fs.readFileSync('test2', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #495e517937d6276b Filesystem access.
pkgs/npm/[email protected]/src/process-file.spec.js:521
      const test3 = fs.readFileSync('test3', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5385eb0a2df163d4 Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:24
    fsAsync.writeFile('test1', testData, 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22992370390a713c Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:25
    fsAsync.writeFile('test2', testData, 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a8477905aac4db3 Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:26
    fsAsync.writeFile('test3', 'nope', 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bbb9cbf17b4c95e6 Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:27
    fsAsync.writeFile('test4', testData2, 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #74a893e19753cb62 Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:51
        const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c59d6e6133228fc Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:52
        const test2 = fs.readFileSync('test2', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42a276f484993c94 Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:68
        const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e0317db1e5973a0 Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:69
        const test2 = fs.readFileSync('test2', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b6c9ae4590ee69e Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:87
        const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6247e96824a7b175 Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:88
        const test2 = fs.readFileSync('test2', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f2950964854fbbc Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:101
        const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa7737852d14f1af Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:115
          const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #834d3251e44dc80e Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:116
          const test2 = fs.readFileSync('test2', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #485cf3ea49a600f0 Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:134
        const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48b9824159d622e2 Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:146
        const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b9964e288cca12a Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:147
        const test2 = fs.readFileSync('test2', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c9322f017a83d84 Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:160
        const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11427db01f3af74a Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:161
        const test2 = fs.readFileSync('test2', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd504aa49308908c Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:175
        const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b573a52650625dc Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:176
        const test2 = fs.readFileSync('test2', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8bcb537f99b9022c Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:189
        const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c470697b16ac45e Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:278
        const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e9719b7e6b24807 Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:279
        const test2 = fs.readFileSync('test2', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c5581052fc5577e Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:292
        const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97ef86c584d8ab5e Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:293
        const test2 = fs.readFileSync('test2', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb63524c2ab8c920 Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:306
        const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #acfc86dd9cd5a631 Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:307
        const test2 = fs.readFileSync('test2', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a0efdf64f7def561 Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:321
        const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #990baf1bec276fec Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:322
        const test2 = fs.readFileSync('test2', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2ea4472aaafd1e2 Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:357
        const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #662feb33984f990f Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:370
        const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a13702584c88116c Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:419
            const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #39934bfebb1a4dea Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:433
            const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1866029cbedee647 Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:488
      const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7bd2aebf678214f0 Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:489
      const test2 = fs.readFileSync('test2', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3575802df5ee7756 Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:503
      const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1639f814bbefc3c Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:504
      const test2 = fs.readFileSync('test2', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60e840d6ee403162 Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:520
      const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ed6e4357c655860 Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:521
      const test2 = fs.readFileSync('test2', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c39190a13147566e Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:532
      const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2da38fa47496bea9 Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:543
      const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bee8819e2805ae5e Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:544
      const test2 = fs.readFileSync('test2', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13f92b08ce01aadb Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:560
      const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b35e977d06ea8f0b Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:570
      const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #305d11aadb2b6ba5 Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:571
      const test2 = fs.readFileSync('test2', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9511276b5942a983 Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:582
      const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3acdffc2a434dcc5 Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:583
      const test2 = fs.readFileSync('test2', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #974329d2891587ac Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:638
      const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f69a66db5ed65a1c Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:639
      const test2 = fs.readFileSync('test2', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #864195455ed53ce9 Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:650
      const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f81b8bc08eaa8dc Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:651
      const test2 = fs.readFileSync('test2', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #142c30ddaba1f469 Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:662
      const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb81b109eccd9ef6 Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:663
      const test2 = fs.readFileSync('test2', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77ce4ae6bd661c5e Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:675
      const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3954753e538d6763 Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:676
      const test2 = fs.readFileSync('test2', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2e0e01b7203e9bd Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:688
      const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04b7503ee6776c7c Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:689
      const test2 = fs.readFileSync('test2', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a749d3f6836f3dfd Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:701
      const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #979915929077b699 Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:702
      const test2 = fs.readFileSync('test2', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2bc3062010177ae2 Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:714
      const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f0795a5322bd24c Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:715
      const test2 = fs.readFileSync('test2', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #743d15b4ac9e170b Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:824
        const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b825c871f4fd045a Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:835
        const test1 = fs.readFileSync('test1', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c4b2ad3f9865280 Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:842
      before(() => fs.writeFileSync('test197', 'ABC 123\n6666666\nDEF 456', 'utf8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #133758e8c5e74095 Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:850
        const test197 = fs.readFileSync('test197', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #407c2557a67cf2f0 Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:872
      const test4 = fs.readFileSync('test4', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9542a186a4301026 Filesystem access.
pkgs/npm/[email protected]/src/replace-in-file.spec.js:887
      const test4 = fs.readFileSync('test4', 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

tmp-promise

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #e8a4348211ebbc03 Filesystem access.
pkgs/npm/[email protected]/test.js:3
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a88ef24a5175f451 Filesystem access.
pkgs/npm/[email protected]/test.js:24
  assert.equal(fs.readFileSync(path), message)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

Skipped dependencies

Production

  • @n8n/di prod — dist-only: no readable source
  • change-case prod — dist-only: no readable source
  • inquirer prod — dist-only: no readable source
  • n8n-workflow prod — dist-only: no readable source
  • @azure/identity prod — dist-only: no readable source
  • @azure/storage-blob prod — scan budget exceeded
  • @langchain/core prod — scan budget exceeded
  • @n8n/backend-common prod — scan budget exceeded
  • @n8n/backend-network prod — scan budget exceeded
  • @n8n/client-oauth2 prod — scan budget exceeded
  • @n8n/config prod — scan budget exceeded
  • @n8n/constants prod — scan budget exceeded
  • @n8n/decorators prod — scan budget exceeded
  • @n8n/errors prod — scan budget exceeded
  • @n8n/utils prod — scan budget exceeded
  • @sentry/core prod — scan budget exceeded
  • @sentry/node prod — scan budget exceeded
  • @sentry/node-native prod — scan budget exceeded
  • @sentry/profiling-node prod — scan budget exceeded
  • callsites prod — scan budget exceeded
  • chardet prod — scan budget exceeded
  • cron prod — scan budget exceeded
  • file-type prod — scan budget exceeded
  • form-data prod — scan budget exceeded
  • htmlparser2 prod — scan budget exceeded
  • jsonwebtoken prod — scan budget exceeded
  • lodash prod — scan budget exceeded
  • luxon prod — scan budget exceeded
  • mime-types prod — scan budget exceeded
  • ms prod — scan budget exceeded
  • @n8n/workflow-sdk prod — scan budget exceeded
  • nanoid prod — scan budget exceeded
  • oauth-1.0a prod — scan budget exceeded
  • p-cancelable prod — scan budget exceeded
  • picocolors prod — scan budget exceeded
  • pretty-bytes prod — scan budget exceeded
  • ssh2 prod — scan budget exceeded
  • uuid prod — scan budget exceeded
  • winston prod — scan budget exceeded
  • xml2js prod — scan budget exceeded
  • qs prod — scan budget exceeded
  • @codemirror/autocomplete prod — scan budget exceeded
  • @n8n/expression-runtime prod — scan budget exceeded
  • @n8n/tournament prod — scan budget exceeded
  • ast-types prod — scan budget exceeded
  • esprima-next prod — scan budget exceeded
  • jmespath prod — scan budget exceeded
  • js-base64 prod — scan budget exceeded
  • jssha prod — scan budget exceeded
  • json-schema prod — scan budget exceeded
  • md5 prod — scan budget exceeded
  • recast prod — scan budget exceeded
  • title-case prod — scan budget exceeded
  • transliteration prod — scan budget exceeded
  • jsonrepair prod — scan budget exceeded
  • @1password/connect prod — scan budget exceeded
  • @ai-sdk/anthropic prod — scan budget exceeded
  • @apidevtools/json-schema-ref-parser prod — scan budget exceeded
  • @aws-sdk/client-secrets-manager prod — scan budget exceeded
  • @azure/keyvault-secrets prod — scan budget exceeded
  • @chat-adapter/linear prod — scan budget exceeded
  • @chat-adapter/slack prod — scan budget exceeded
  • @chat-adapter/state-memory prod — scan budget exceeded
  • @chat-adapter/telegram prod — scan budget exceeded
  • @daytona/sdk prod — scan budget exceeded
  • @google-cloud/secret-manager prod — scan budget exceeded
  • @joplin/turndown-plugin-gfm prod — scan budget exceeded
  • @modelcontextprotocol/sdk prod — scan budget exceeded
  • @mozilla/readability prod — scan budget exceeded
  • @n8n/agents prod — scan budget exceeded
  • @n8n/ai-node-sdk prod — scan budget exceeded
  • @n8n/ai-utilities prod — scan budget exceeded
  • @n8n/ai-workflow-builder prod — scan budget exceeded
  • @n8n/api-types prod — scan budget exceeded
  • @n8n/chat-hub prod — scan budget exceeded
  • @n8n/db prod — scan budget exceeded
  • @n8n/instance-ai prod — scan budget exceeded
  • @n8n/mcp-apps prod — scan budget exceeded
  • @n8n/mcp-browser prod — scan budget exceeded
  • @n8n/n8n-nodes-langchain prod — scan budget exceeded
  • @n8n/permissions prod — scan budget exceeded
  • @n8n/scheduler prod — scan budget exceeded
  • @n8n/syslog-client prod — scan budget exceeded
  • @n8n/task-runner prod — scan budget exceeded
  • @n8n_io/ai-assistant-sdk prod — scan budget exceeded
  • @n8n_io/license-sdk prod — scan budget exceeded
  • @opentelemetry/api prod — scan budget exceeded
  • @opentelemetry/core prod — scan budget exceeded
  • @opentelemetry/exporter-trace-otlp-proto prod — scan budget exceeded
  • @opentelemetry/instrumentation prod — scan budget exceeded
  • @opentelemetry/resources prod — scan budget exceeded
  • @opentelemetry/sdk-node prod — scan budget exceeded
  • @opentelemetry/sdk-trace-base prod — scan budget exceeded
  • @opentelemetry/sdk-trace-node prod — scan budget exceeded
  • @opentelemetry/semantic-conventions prod — scan budget exceeded
  • @parcel/watcher prod — scan budget exceeded
  • @pinecone-database/pinecone prod — scan budget exceeded
  • @qdrant/js-client-rest prod — scan budget exceeded
  • @rudderstack/rudder-sdk-node prod — scan budget exceeded
  • @supabase/supabase-js prod — scan budget exceeded
  • ai prod — scan budget exceeded
  • aws4 prod — scan budget exceeded
  • bcryptjs prod — scan budget exceeded
  • bull prod — scan budget exceeded
  • cache-manager prod — scan budget exceeded
  • chat prod — scan budget exceeded
  • class-transformer prod — scan budget exceeded
  • class-validator prod — scan budget exceeded
  • compression prod — scan budget exceeded
  • convict prod — scan budget exceeded
  • cookie-parser prod — scan budget exceeded
  • csrf prod — scan budget exceeded
  • csv-parse prod — scan budget exceeded
  • dotenv prod — scan budget exceeded
  • express prod — scan budget exceeded
  • express-handlebars prod — scan budget exceeded
  • express-openapi-validator prod — scan budget exceeded
  • express-prom-bundle prod — scan budget exceeded
  • express-rate-limit prod — scan budget exceeded
  • fast-json-patch prod — scan budget exceeded
  • fastest-levenshtein prod — scan budget exceeded
  • fflate prod — scan budget exceeded
  • flat prod — scan budget exceeded
  • flatted prod — scan budget exceeded
  • formidable prod — scan budget exceeded
  • handlebars prod — scan budget exceeded
  • helmet prod — scan budget exceeded
  • http-proxy-middleware prod — scan budget exceeded
  • ioredis prod — scan budget exceeded
  • isbot prod — scan budget exceeded
  • isolated-vm prod — scan budget exceeded
  • jose prod — scan budget exceeded
  • json-diff prod — scan budget exceeded
  • jsonschema prod — scan budget exceeded
  • langsmith prod — scan budget exceeded
  • ldapts prod — scan budget exceeded
  • linkedom prod — scan budget exceeded
  • lru-cache prod — scan budget exceeded
  • moment-timezone prod — scan budget exceeded
  • multer prod — scan budget exceeded
  • n8n-editor-ui prod — scan budget exceeded
  • n8n-nodes-base prod — scan budget exceeded
  • nodemailer prod — scan budget exceeded
  • open prod — scan budget exceeded
  • openid-client prod — scan budget exceeded
  • otpauth prod — scan budget exceeded
  • p-lazy prod — scan budget exceeded
  • pdf-parse prod — scan budget exceeded
  • pg prod — scan budget exceeded
  • pkce-challenge prod — scan budget exceeded
  • posthog-node prod — scan budget exceeded
  • prom-client prod — scan budget exceeded
  • psl prod — scan budget exceeded
  • raw-body prod — scan budget exceeded
  • replacestream prod — scan budget exceeded
  • samlify prod — scan budget exceeded
  • semver prod — scan budget exceeded
  • shelljs prod — scan budget exceeded
  • simple-git prod — scan budget exceeded
  • source-map-support prod — scan budget exceeded
  • sqlite3 prod — scan budget exceeded
  • sshpk prod — scan budget exceeded
  • sucrase prod — scan budget exceeded
  • swagger-ui-express prod — scan budget exceeded
  • tar prod — scan budget exceeded
  • turndown prod — scan budget exceeded
  • validator prod — scan budget exceeded
  • ws prod — scan budget exceeded
  • xmllint-wasm prod — scan budget exceeded
  • xss prod — scan budget exceeded
  • yargs-parser prod — scan budget exceeded
  • zod-to-json-schema prod — scan budget exceeded
  • @aws-crypto/sha256-js prod — scan budget exceeded
  • @aws-sdk/credential-providers prod — scan budget exceeded
  • @smithy/node-http-handler prod — scan budget exceeded
  • @smithy/protocol-http prod — scan budget exceeded
  • @smithy/signature-v4 prod — scan budget exceeded
  • @smithy/types prod — scan budget exceeded
  • @kafkajs/confluent-schema-registry prod — scan budget exceeded
  • @n8n/imap prod — scan budget exceeded
  • @thednp/dommatrix prod — scan budget exceeded
  • alasql prod — scan budget exceeded
  • amqplib prod — scan budget exceeded
  • basic-auth prod — scan budget exceeded
  • cheerio prod — scan budget exceeded
  • chokidar prod — scan budget exceeded
  • currency-codes prod — scan budget exceeded
  • eventsource prod — scan budget exceeded
  • generate-schema prod — scan budget exceeded
  • get-system-fonts prod — scan budget exceeded
  • gm prod — scan budget exceeded
  • html-to-text prod — scan budget exceeded
  • iconv-lite prod — scan budget exceeded
  • ics prod — scan budget exceeded