Close Open Privacy Scan

bolt Snapshot: commit a666ba5
science engine v2
schedule 2026-07-05T05:07:34.205545+00:00

verified_user No application data leak found

No high-confidence exfiltration was found in application code. Dependency data flows are listed separately and do not affect this verdict.

App Privacy Score

97 /100
Low privacy risk

Low risk · 266 finding(s)

Dependency score: 37 (High risk)

bar_chart Score Breakdown

env_fs −3

list Scan Summary

3 high 0 medium 263 low
First-party packages: 1
Dependency packages: 15
Ecosystem: npm

swap_horiz Application data flows

No application data flows were found. See dependency data flows below.

hub Dependency data flows (3)
high dojo dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]/request/node.js:55 pkgs/npm/[email protected]/request/node.js:57
high coveralls dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]/lib/sendToCoveralls.js:9 pkgs/npm/[email protected]/lib/sendToCoveralls.js:19
high codecov.io dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]/lib/sendToCodeCov.io.js:13 pkgs/npm/[email protected]/lib/sendToCodeCov.io.js:25

</> First-Party Code

first-party (npm)

npm first-party
expand_more 9 low-confidence finding(s)
low env_fs production #a041c433d312c906 Filesystem access.
repo/lib/common/file.js:35
    result[key] = _.template(fs.readFileSync(filePath, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8bb08a88c000efe7 Filesystem access.
repo/lib/common/minify.js:36
  fs.writeFile(destPath, output.code, 'utf-8', callback);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #78de66b691a38ded Filesystem access.
repo/lib/fp/build-doc.js:75
  fs.writeFile(target, template.wiki(templateData), util.pitch);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #de06c3547551320e Filesystem access.
repo/lib/main/build-doc.js:80
  fs.writeFile(readmePath, postprocess(markdown), util.pitch);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #11cb0f898ab14511 Filesystem access.
repo/lib/main/build-site.js:5
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #494e3df94dc8a913 Filesystem access.
repo/lib/main/build-site.js:182
  const markdown = fs
    // Load markdown.
    .readFileSync(readmePath, 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6b2001412afbeb84 Filesystem access.
repo/lib/main/build-site.js:236
  fs.writeFile(path.join(docPath, version + '.html'), html, util.pitch);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c343ac1b430b8566 Filesystem access.
repo/perf/perf.js:46
        result = require('fs').realpathSync(result);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e12d6f8dbf41a105 Environment-variable access.
repo/playwright.config.js:7
    retries: process.env.CI ? 2 : 0,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

</> Dependencies

codecov.io

npm dependency
high pii_flow dependency Excluded from app score #a99d85a039634b7d User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]/lib/sendToCodeCov.io.js:25 · flow /tmp/closeopen-sjvvhxem/pkgs/npm/[email protected]/lib/sendToCodeCov.io.js:13 → /tmp/closeopen-sjvvhxem/pkgs/npm/[email protected]/lib/sendToCodeCov.io.js:25
  request.post(options, function(err, response, body){
    if (err){
      return cb(err);
    }
    if (response.statusCode !== 200){
      var error = new Error("non-success response");
      error.detail = {
        statusCode : response.statusCode,
        body : body,
        request : options
      };
      return cb(error);
    }
    return cb();
  });

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #5845156be9cfee79 Environment-variable access.
pkgs/npm/[email protected]/lib/getConfiguration.js:30
  var token = (process.env.codecov_token || process.env.CODECOV_TOKEN);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03d20347dc443361 Environment-variable access.
pkgs/npm/[email protected]/lib/sendToCodeCov.io.js:13
  var token = (process.env.codecov_token || process.env.CODECOV_TOKEN);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

coveralls

npm dependency
high pii_flow dependency Excluded from app score #723a1c7e167030a9 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]/lib/sendToCoveralls.js:19 · flow /tmp/closeopen-sjvvhxem/pkgs/npm/[email protected]/lib/sendToCoveralls.js:9 → /tmp/closeopen-sjvvhxem/pkgs/npm/[email protected]/lib/sendToCoveralls.js:19
    request.post({
      url,
      form: {
        json: str
      }
    }, (err, response, body) => {
      cb(err, response, body);
    });

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 105 low-confidence finding(s)
low env_fs dependency Excluded from app score #04713e598ecf742a Filesystem access.
pkgs/npm/[email protected]/lib/convertLcovToCoveralls.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c022cc9657187440 Filesystem access.
pkgs/npm/[email protected]/lib/convertLcovToCoveralls.js:33
  const source = fs.readFileSync(filepath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac7a236a70558ed3 Filesystem access.
pkgs/npm/[email protected]/lib/detectLocalGit.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8d2de091fb6794d Filesystem access.
pkgs/npm/[email protected]/lib/detectLocalGit.js:26
  const head = fs.readFileSync(path.join(dir, '.git', 'HEAD'), 'utf-8').trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca4c7c548a77e53d Filesystem access.
pkgs/npm/[email protected]/lib/detectLocalGit.js:43
    return fs.readFileSync(ref, 'utf-8').trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b08f032c9ebb58ca Filesystem access.
pkgs/npm/[email protected]/lib/detectLocalGit.js:49
  const packedRefsText = fs.readFileSync(packedRefs, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ac2dc4ce9734c2e Filesystem access.
pkgs/npm/[email protected]/lib/getOptions.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #341d0d1e499abc65 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:13
  let git_commit = process.env.COVERALLS_GIT_COMMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ff656507bed3039 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:14
  let git_branch = process.env.COVERALLS_GIT_BRANCH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7dbb7bac616bbca Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:19
  const match = (process.env.CI_PULL_REQUEST || '').match(/(\d+)$/);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef1c558344d07376 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:25
  if (process.env.TRAVIS) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a4aabcd1f0420ef Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:27
    options.service_number = process.env.TRAVIS_BUILD_NUMBER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c6645ad38a9dd74 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:28
    options.service_job_id = process.env.TRAVIS_JOB_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d5f57fa0e7d42a6 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:29
    options.service_pull_request = process.env.TRAVIS_PULL_REQUEST;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4facf0b0cbb6fc9b Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:31
    git_branch = process.env.TRAVIS_BRANCH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3cb1d0cde33f27e4 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:34
  if (process.env.DRONE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef816f7c805a915b Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:36
    options.service_job_id = process.env.DRONE_BUILD_NUMBER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #067c7a0c71fa93c2 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:37
    options.service_pull_request = process.env.DRONE_PULL_REQUEST;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c01514c1e2d858a Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:38
    git_committer_name = process.env.DRONE_COMMIT_AUTHOR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f59786117bdae77b Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:39
    git_committer_email = process.env.DRONE_COMMIT_AUTHOR_EMAIL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d26ab8d6e1178cd6 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:40
    git_commit = process.env.DRONE_COMMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94b4387b62415968 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:41
    git_branch = process.env.DRONE_BRANCH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a00796748597732 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:42
    git_message = process.env.DRONE_COMMIT_MESSAGE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #838cdad96552fdb8 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:45
  if (process.env.JENKINS_URL || process.env.JENKINS_HOME) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94c35f987e5ee56d Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:47
    options.service_job_id = process.env.BUILD_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2ec05b75e8ee3f4 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:48
    options.service_pull_request = process.env.CHANGE_ID || process.env.ghprbPullId;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #105a0657cbe33a20 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:49
    git_committer_name = process.env.CHANGE_AUTHOR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd2087616f9ccda3 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:50
    git_committer_email = process.env.CHANGE_AUTHOR_EMAIL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #01f863ae33400908 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:51
    git_commit = process.env.GIT_COMMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #320ffb3c0d54f89b Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:52
    git_branch = process.env.CHANGE_BRANCH || process.env.GIT_BRANCH || process.env.BRANCH_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42fc9daf0e3e07db Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:55
  if (process.env.CIRCLECI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e8d52de5a8bf4d5 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:57
    options.service_number = process.env.CIRCLE_WORKFLOW_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #abdae84793fa1d9f Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:58
    options.service_job_number = process.env.CIRCLE_BUILD_NUM;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #244565f8f8559b2d Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:60
    if (process.env.CI_PULL_REQUEST) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51e9c9576725408e Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:61
      const pr = process.env.CI_PULL_REQUEST.split('/pull/');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d4cafb1852af2e2 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:65
    git_commit = process.env.CIRCLE_SHA1;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0644162ee888c611 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:66
    git_branch = process.env.CIRCLE_BRANCH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #750f9c1f254e3576 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:69
  if (process.env.CI_NAME && process.env.CI_NAME === 'codeship') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7eaa7d4848bee064 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:71
    options.service_job_id = process.env.CI_BUILD_NUMBER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2cee01ce18fde33 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:72
    git_commit = process.env.CI_COMMIT_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f30ca55dd4d793c Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:73
    git_branch = process.env.CI_BRANCH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ecb343eed3b6bef Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:74
    git_committer_name = process.env.CI_COMMITTER_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54a7e4bd2e0c36fb Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:75
    git_committer_email = process.env.CI_COMMITTER_EMAIL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5077b2bf89912706 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:76
    git_message = process.env.CI_COMMIT_MESSAGE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5451d3ed43a5370f Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:79
  if (process.env.WERCKER) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7335d382a37f8058 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:81
    options.service_job_id = process.env.WERCKER_BUILD_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da3202f58fbe2062 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:82
    git_commit = process.env.WERCKER_GIT_COMMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #06801b08d0931e75 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:83
    git_branch = process.env.WERCKER_GIT_BRANCH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #717e51735e8d2250 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:86
  if (process.env.GITLAB_CI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7602250188a7ac0 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:88
    options.service_job_number = process.env.CI_BUILD_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4999ecb6c5694ca3 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:89
    options.service_job_id = process.env.CI_BUILD_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3a6b34c9503dbdf Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:90
    options.service_pull_request = process.env.CI_MERGE_REQUEST_IID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6caf2fcf5a121369 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:91
    git_commit = process.env.CI_BUILD_REF;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6693dd473d11bc70 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:92
    git_branch = process.env.CI_BUILD_REF_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #350d12eeaf6a90f5 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:95
  if (process.env.APPVEYOR) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c96483cddaf31b83 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:97
    options.service_job_number = process.env.APPVEYOR_BUILD_NUMBER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f3ad49cf404ed8a Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:98
    options.service_job_id = process.env.APPVEYOR_BUILD_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9cbbb63060bbb841 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:99
    git_commit = process.env.APPVEYOR_REPO_COMMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d792e702cbdf0ab Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:100
    git_branch = process.env.APPVEYOR_REPO_BRANCH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e03d393fc98c6547 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:103
  if (process.env.SURF_SHA1) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d1b03165396aa55 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:105
    git_commit = process.env.SURF_SHA1;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1be5af6c658ed7f7 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:106
    git_branch = process.env.SURF_REF;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #afe3ee50d6a360cc Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:109
  if (process.env.BUILDKITE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d7393351f880445 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:111
    options.service_job_number = process.env.BUILDKITE_BUILD_NUMBER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4756a2c2ff01feef Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:112
    options.service_job_id = process.env.BUILDKITE_BUILD_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1c265dd791ae958 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:113
    options.service_pull_request = process.env.BUILDKITE_PULL_REQUEST;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7ff1204fd655404 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:114
    git_commit = process.env.BUILDKITE_COMMIT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e91885f68eea9f2e Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:115
    git_branch = process.env.BUILDKITE_BRANCH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1aed896e04f0a1b1 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:116
    git_committer_name = process.env.BUILDKITE_BUILD_CREATOR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #893a2afc9032d8ef Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:117
    git_committer_email = process.env.BUILDKITE_BUILD_CREATOR_EMAIL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ff206f5026596d1 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:118
    git_message = process.env.BUILDKITE_MESSAGE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #487591144296ff80 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:121
  if (process.env.SEMAPHORE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae1ba1e64ce68752 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:123
    options.service_job_id = process.env.SEMAPHORE_BUILD_NUMBER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #076cfce77e060e62 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:124
    git_commit = process.env.REVISION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #958c4cbd02ada5cb Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:125
    git_branch = process.env.BRANCH_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be5d0b1bcb7957ea Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:128
  if (process.env.TF_BUILD) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d1ec01f5ee45232 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:130
    options.service_job_id = process.env.BUILD_BUILDID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #99548ccd5d8b0ed6 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:131
    options.service_pull_request = process.env.SYSTEM_PULLREQUEST_PULLREQUESTNUMBER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d9b1890e3eb1148e Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:132
    git_commit = process.env.BUILD_SOURCEVERSION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1b5e80ebb6c1925 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:133
    git_branch = process.env.BUILD_SOURCEBRANCHNAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4297f93256ad0795 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:136
  if (process.env.CF_BRANCH) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a922c8035bf651e Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:138
    options.service_job_id = process.env.CF_BUILD_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4029d3af35350bc Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:139
    options.service_pull_request = process.env.CF_PULL_REQUEST_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc01e079e63218f6 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:140
    git_commit = process.env.CF_REVISION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55fc442456d1d21d Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:141
    git_branch = process.env.CF_BRANCH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0de2cf4206c953a8 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:142
    git_committer_name = process.env.CF_COMMIT_AUTHOR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a28cda12a9391bdd Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:143
    git_message = process.env.CF_COMMIT_MESSAGE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3cf5f3d338336478 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:146
  options.run_at = process.env.COVERALLS_RUN_AT || JSON.stringify(new Date()).slice(1, -1);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09c08c0351508553 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:148
  if (process.env.COVERALLS_SERVICE_NUMBER) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #285446fd349ea2ed Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:149
    options.service_number = process.env.COVERALLS_SERVICE_NUMBER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4eb4ed200893d5e6 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:152
  if (process.env.COVERALLS_SERVICE_JOB_NUMBER) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c60c78fe4ca6257 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:153
    options.service_job_number = process.env.COVERALLS_SERVICE_JOB_NUMBER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f4c6b40eb791765b Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:156
  if (process.env.COVERALLS_SERVICE_JOB_ID) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #feab3a014821927d Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:157
    options.service_job_id = process.env.COVERALLS_SERVICE_JOB_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9dfe2ac81cb240b Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:168
  if (process.env.COVERALLS_PARALLEL) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8117c163285dba4 Filesystem access.
pkgs/npm/[email protected]/lib/getOptions.js:177
        return yaml.safeLoad(fs.readFileSync(yml, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #95738ab209e03183 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:196
  if (process.env.COVERALLS_REPO_TOKEN) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9628f34c65261e9 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:197
    options.repo_token = process.env.COVERALLS_REPO_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2df2dabbc103be80 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:206
  if (process.env.COVERALLS_SERVICE_NAME) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d6fda0174e86c75 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:207
    options.service_name = process.env.COVERALLS_SERVICE_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3dadb5caab94b009 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:210
  if (process.env.COVERALLS_FLAG_NAME) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc32383b4f29fa90 Environment-variable access.
pkgs/npm/[email protected]/lib/getOptions.js:211
    options.flag_name = process.env.COVERALLS_FLAG_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d653eb23454f210 Environment-variable access.
pkgs/npm/[email protected]/lib/logger.js:9
  if (index.options.verbose || process.env.NODE_COVERALLS_DEBUG === 1 || process.env.NODE_COVERALLS_DEBUG === '1') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78b680640aafbc2a Environment-variable access.
pkgs/npm/[email protected]/lib/sendToCoveralls.js:8
  if (process.env.COVERALLS_ENDPOINT) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42764c4af0f84642 Environment-variable access.
pkgs/npm/[email protected]/lib/sendToCoveralls.js:9
    urlBase = process.env.COVERALLS_ENDPOINT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

dojo

npm dependency
high pii_flow dependency Excluded from app score #827721e19b172994 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]/request/node.js:57 · flow /tmp/closeopen-sjvvhxem/pkgs/npm/[email protected]/request/node.js:55 → /tmp/closeopen-sjvvhxem/pkgs/npm/[email protected]/request/node.js:57
		var req = response.clientRequest = (url.protocol === 'https:' ? https : http).request(reqOptions);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #7c22e5b7d412f3e6 Filesystem access.
pkgs/npm/[email protected]/_base/configNode.js:36
	var fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54e53e5764c1d730 Filesystem access.
pkgs/npm/[email protected]/_base/configNode.js:91
					vm.runInThisContext(fs.readFileSync(url, "utf8"), url);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0181a698e027c6e1 Filesystem access.
pkgs/npm/[email protected]/_base/configNode.js:101
				onLoad(fs.readFileSync(url, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

curl-amd

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #2b8b44b8e7a6ae6b Filesystem access.
pkgs/npm/[email protected]/src/curl/shim/_fetchText.js:26
		fs.readFile(uri, function (ex, contents) {
			if (ex) {
				errback(ex);
			}
			else {
				callback(contents.toString());
			}
		});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

docdown

npm dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #6366d77efef6ddef Filesystem access.
pkgs/npm/[email protected]/index.js:8
var _ = require('lodash'),
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be8a81e9a4264aa5 Filesystem access.
pkgs/npm/[email protected]/index.js:9
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da6dafa4577ada0a Filesystem access.
pkgs/npm/[email protected]/index.js:38
  return generator(fs.readFileSync(options.path, 'utf8'), options);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

ecstatic

npm dependency
expand_more 8 low-confidence finding(s)
low env_fs dependency Excluded from app score #4144ec455d0fbd9f Environment-variable access.
pkgs/npm/[email protected]/lib/bin.js:19
const envPORT = parseInt(process.env.PORT, 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f558e62775a0ecc Environment-variable access.
pkgs/npm/[email protected]/lib/bin.js:21
const host = process.env.HOST || opts.host || '0.0.0.0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86d2296b3dbe7c90 Filesystem access.
pkgs/npm/[email protected]/lib/ecstatic.js:6
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #172587b32416176a Filesystem access.
pkgs/npm/[email protected]/lib/ecstatic/show-dir/index.js:7
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f91f5ea9db7f444 Filesystem access.
pkgs/npm/[email protected]/lib/ecstatic/show-dir/sort-files.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #1880d17fded16be7 Filesystem access.
pkgs/npm/[email protected]/scripts/build-icons.js:1
var fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #0f9606382e4a8919 Filesystem access.
pkgs/npm/[email protected]/scripts/build-icons.js:12
  icons[tuple[0]] = fs.readFileSync(path.resolve(iconDir, filename), 'base64');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #35934deab3f785da Filesystem access.
pkgs/npm/[email protected]/scripts/build-icons.js:15
fs.writeFileSync(path.resolve(__dirname, '../lib/ecstatic/show-dir/icons.json'), JSON.stringify(icons, null, 2), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

fs-extra

npm dependency
expand_more 5 low-confidence finding(s)
low env_fs dependency Excluded from app score #49f6eb551ce12ee6 Filesystem access.
pkgs/npm/[email protected]/lib/ensure/file.js:24
      await fs.writeFile(file, '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c84d4cf0580cf61 Filesystem access.
pkgs/npm/[email protected]/lib/ensure/file.js:32
    await fs.writeFile(file, '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #99e09163e5cfa423 Filesystem access.
pkgs/npm/[email protected]/lib/ensure/file.js:60
  fs.writeFileSync(file, '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aac06ea6b0c72d35 Filesystem access.
pkgs/npm/[email protected]/lib/output-file/index.js:16
  return fs.writeFile(file, data, encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67a08c8802871b67 Filesystem access.
pkgs/npm/[email protected]/lib/output-file/index.js:25
  fs.writeFileSync(file, ...args)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

istanbul

npm dependency
expand_more 64 low-confidence finding(s)
low env_fs dependency Excluded from app score #91cd94ee3d966b90 Filesystem access.
pkgs/npm/[email protected]/lib/command/check-coverage.js:6
var nopt = require('nopt'),
    path = require('path'),
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0899ae715dfa80c9 Filesystem access.
pkgs/npm/[email protected]/lib/command/check-coverage.js:8
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91d44e7285e3b61b Filesystem access.
pkgs/npm/[email protected]/lib/command/check-coverage.js:124
                var coverageObject = JSON.parse(fs.readFileSync(file, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #681af155e0e6be7c Filesystem access.
pkgs/npm/[email protected]/lib/command/common/run-with-cover.js:5
var Module = require('module'),
    path = require('path'),
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4a0228fbe5d91e5 Filesystem access.
pkgs/npm/[email protected]/lib/command/common/run-with-cover.js:7
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc15dd8b3895e99e Environment-variable access.
pkgs/npm/[email protected]/lib/command/common/run-with-cover.js:121
        process.env.running_under_istanbul=1;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a93966bf6c1721d7 Filesystem access.
pkgs/npm/[email protected]/lib/command/common/run-with-cover.js:224
                                transformer(fs.readFileSync(file, 'utf-8'), file);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1fab8f89653e980b Filesystem access.
pkgs/npm/[email protected]/lib/command/common/run-with-cover.js:242
                    fs.writeFileSync(file, JSON.stringify(cov), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #082a3da2b7e5e417 Filesystem access.
pkgs/npm/[email protected]/lib/command/instrument.js:6
var path = require('path'),
    mkdirp = require('mkdirp'),
    once = require('once'),
    async = require('async'),
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7157dfb2836b79f3 Filesystem access.
pkgs/npm/[email protected]/lib/command/instrument.js:10
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f8b34af4ca39e37 Filesystem access.
pkgs/npm/[email protected]/lib/command/instrument.js:72
                fs.readFile(inputFile, 'utf8', function (err, data) {
                    if (err) { return callback(err, name); }
                    instrumenter.instrument(data, inputFile, function (iErr, instrumented) {
                        if (iErr) { return callback(iErr, name); }
                        fs.writeFile(outputFile, instrumented, 'utf8', function (err) {
                            return callback(err, name);
                        });
                    });
                });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a396786c1f9e72a Filesystem access.
pkgs/npm/[email protected]/lib/command/instrument.js:76
                        fs.writeFile(outputFile, instrumented, 'utf8', function (err) {
                            return callback(err, name);
                        });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6968ef61035aa213 Filesystem access.
pkgs/npm/[email protected]/lib/command/instrument.js:107
            fs.writeFileSync(outputFile, fs.readFileSync(inputFile));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d1215bdb3146a84 Filesystem access.
pkgs/npm/[email protected]/lib/command/instrument.js:231
                fs.writeFileSync(baselineFile, JSON.stringify(instrumenter.getCoverage()), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e35fa713e7a30c1 Filesystem access.
pkgs/npm/[email protected]/lib/command/instrument.js:256
            stream.write(instrumenter.instrumentSync(fs.readFileSync(file, 'utf8'), file));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1dab6b19c8e202f7 Filesystem access.
pkgs/npm/[email protected]/lib/command/report.js:6
var nopt = require('nopt'),
    Report = require('../report'),
    Reporter = require('../reporter'),
    path = require('path'),
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ffb385572a0815e Filesystem access.
pkgs/npm/[email protected]/lib/command/report.js:10
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7bc93f6fc2e0da1c Filesystem access.
pkgs/npm/[email protected]/lib/command/report.js:110
                var coverageObject =  JSON.parse(fs.readFileSync(file, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d6520f1c0095aef Environment-variable access.
pkgs/npm/[email protected]/lib/command/test.js:27
        runWithCover.run(args, this.type(), !!process.env.npm_config_coverage, callback);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9c046c52de8e5cc Filesystem access.
pkgs/npm/[email protected]/lib/config.js:5
var path = require('path'),
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2220b73809c15783 Filesystem access.
pkgs/npm/[email protected]/lib/config.js:6
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb6af80814922875 Filesystem access.
pkgs/npm/[email protected]/lib/config.js:435
            yaml.safeLoad(fs.readFileSync(file, 'utf8'), { filename: file }) :

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16f27b11dafed234 Filesystem access.
pkgs/npm/[email protected]/lib/hook.js:34
var path = require('path'),
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8d474e9e12b1888 Filesystem access.
pkgs/npm/[email protected]/lib/hook.js:35
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ca13daa402b3b75 Filesystem access.
pkgs/npm/[email protected]/lib/hook.js:105
            var ret = fn(fs.readFileSync(filename, 'utf8'), filename);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17d9b3eea9da38e8 Filesystem access.
pkgs/npm/[email protected]/lib/report/clover.js:220
        writer.writeFile(outputFile, function (contentWriter) {
            walk(root, collector, contentWriter, 0, projectRoot);
            writer.done();
        });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8778cfec36e54eb Filesystem access.
pkgs/npm/[email protected]/lib/report/cobertura.js:214
        writer.writeFile(outputFile, function (contentWriter) {
            walk(root, collector, contentWriter, 0, projectRoot);
            writer.done();
        });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58a87d63245b648c Filesystem access.
pkgs/npm/[email protected]/lib/report/html.js:7
var handlebars = require('handlebars').create(),
    defaults = require('./common/defaults'),
    path = require('path'),
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16ffd16200817c36 Filesystem access.
pkgs/npm/[email protected]/lib/report/html.js:10
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6c667c21f3fda51 Filesystem access.
pkgs/npm/[email protected]/lib/report/html.js:18
    templateFor = function (name) { return handlebars.compile(fs.readFileSync(path.resolve(__dirname, 'templates', name + '.txt'), 'utf8')); },

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4998ef43900a27fb Filesystem access.
pkgs/npm/[email protected]/lib/report/html.js:479
        writer.writeFile(indexFile, function (contentWriter) {
            that.writeIndexPage(contentWriter, node);
        });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #326eff3bc5cc0ae9 Filesystem access.
pkgs/npm/[email protected]/lib/report/html.js:488
                writer.writeFile(childFile, function (contentWriter) {
                    that.writeDetailPage(contentWriter, child, collector.fileCoverageFor(child.fullPath()));
                });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #648bcd3dbaf19bd1 Filesystem access.
pkgs/npm/[email protected]/lib/report/json-summary.js:58
        writer.writeFile(outputFile, function (contentWriter) {
            contentWriter.println("{");
            contentWriter.write('"total":');
            contentWriter.write(JSON.stringify(finalSummary));

            collector.files().forEach(function (key) {
                contentWriter.println(",");
                contentWriter.write(JSON.stringify(key));
                contentWriter.write(":");
                contentWriter.write(JSON.stringify(objectUtils.summarizeFileCoverage(collector.fileCoverageFor(key))));
            });
            contentWriter.println("}");
        });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47edb0312c8f3689 Filesystem access.
pkgs/npm/[email protected]/lib/report/json.js:50
        writer.writeFile(outputFile, function (contentWriter) {
            var first = true;
            contentWriter.println("{");
            collector.files().forEach(function (key) {
                if (first) {
                    first = false;
                } else {
                    contentWriter.println(",");
                }
                contentWriter.write(JSON.stringify(key));
                contentWriter.write(":");
                contentWriter.write(JSON.stringify(collector.fileCoverageFor(key)));
            });
            contentWriter.println("}");
        });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9adebef63c9986c1 Filesystem access.
pkgs/npm/[email protected]/lib/report/lcovonly.js:94
        writer.writeFile(outputFile, function (contentWriter) {
            collector.files().forEach(function (key) {
                that.writeFileCoverage(contentWriter, collector.fileCoverageFor(key));
            });
        });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3e4ab12d81a6ebe Filesystem access.
pkgs/npm/[email protected]/lib/report/teamcity.js:6
var path = require('path'),
    util = require('util'),
    mkdirp = require('mkdirp'),
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b131834e480c9b2b Filesystem access.
pkgs/npm/[email protected]/lib/report/teamcity.js:9
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b115ec10f212dd4a Filesystem access.
pkgs/npm/[email protected]/lib/report/teamcity.js:84
            fs.writeFileSync(path.join(this.dir, this.file), text, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #143a973201a5bd06 Filesystem access.
pkgs/npm/[email protected]/lib/report/text-summary.js:6
var path = require('path'),
    util = require('util'),
    mkdirp = require('mkdirp'),
    defaults = require('./common/defaults'),
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24b25832438d62ea Filesystem access.
pkgs/npm/[email protected]/lib/report/text-summary.js:10
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cffdf3fc6b0b0280 Filesystem access.
pkgs/npm/[email protected]/lib/report/text-summary.js:85
            fs.writeFileSync(path.join(this.dir, this.file), text, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ea668de2f7808a8 Filesystem access.
pkgs/npm/[email protected]/lib/report/text.js:6
var path = require('path'),
    mkdirp = require('mkdirp'),
    util = require('util'),
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #abb488257acfe0eb Filesystem access.
pkgs/npm/[email protected]/lib/report/text.js:9
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a83287d72f0258de Filesystem access.
pkgs/npm/[email protected]/lib/report/text.js:226
            fs.writeFileSync(path.join(this.dir, this.file), text, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1728aa9843b061a4 Filesystem access.
pkgs/npm/[email protected]/lib/store/fslookup.js:6
var util = require('util'),
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0dfe1626c179c619 Filesystem access.
pkgs/npm/[email protected]/lib/store/fslookup.js:7
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c69de1313a4a224 Filesystem access.
pkgs/npm/[email protected]/lib/store/fslookup.js:40
        return fs.readFileSync(key, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57d72da5d7b25a49 Filesystem access.
pkgs/npm/[email protected]/lib/store/tmp.js:6
var util = require('util'),
    path = require('path'),
    os = require('os'),
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ee728c4247f3206 Filesystem access.
pkgs/npm/[email protected]/lib/store/tmp.js:9
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e69b38494401b269 Environment-variable access.
pkgs/npm/[email protected]/lib/store/tmp.js:14
    var dir = path.join(os.tmpdir ? os.tmpdir() : /* istanbul ignore next */ (process.env.TMPDIR || '/tmp'), 'ts' + new Date().getTime());

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f077222a1730aea Filesystem access.
pkgs/npm/[email protected]/lib/store/tmp.js:54
        fs.writeFileSync(tmpFile, contents, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37b569bee4767e59 Filesystem access.
pkgs/npm/[email protected]/lib/store/tmp.js:61
        return fs.readFileSync(tmpFile, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #788874f3d22152c1 Filesystem access.
pkgs/npm/[email protected]/lib/util/factory.js:6
var util = require('util'),
    path = require('path'),
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05bb63b214210ec1 Filesystem access.
pkgs/npm/[email protected]/lib/util/factory.js:8
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b0e57a56328f55c Filesystem access.
pkgs/npm/[email protected]/lib/util/file-matcher.js:6
var async = require('async'),
    glob = require('glob'),
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3aafcb816d4ce7ac Filesystem access.
pkgs/npm/[email protected]/lib/util/file-matcher.js:8
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb04462eaae1a400 Filesystem access.
pkgs/npm/[email protected]/lib/util/file-writer.js:6
var path = require('path'),
    util = require('util'),
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7abf12abbdb4dc63 Filesystem access.
pkgs/npm/[email protected]/lib/util/file-writer.js:8
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76aeadee2991fb4a Filesystem access.
pkgs/npm/[email protected]/lib/util/file-writer.js:58
        fs.writeFileSync(file, cw.getContent(), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1974d46848270ed2 Filesystem access.
pkgs/npm/[email protected]/lib/util/file-writer.js:144
        fs.writeFileSync(dest, fs.readFileSync(source));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2bc7db07e0988621 Filesystem access.
pkgs/npm/[email protected]/lib/util/file-writer.js:147
        this.delegate.writeFile(file, callback);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a581eb2239fdb8d1 Filesystem access.
pkgs/npm/[email protected]/lib/util/meta.js:5
var path = require('path'),
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d913f894290e0cb Filesystem access.
pkgs/npm/[email protected]/lib/util/meta.js:6
    fs = require('fs'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e1ef8cb353f08b1 Filesystem access.
pkgs/npm/[email protected]/lib/util/meta.js:7
    pkg = JSON.parse(fs.readFileSync(path.resolve(__dirname, '..', '..', 'package.json'), 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

jscs

npm dependency
expand_more 7 low-confidence finding(s)
low env_fs dependency Excluded from app score #3f57154ec02851ba Filesystem access.
pkgs/npm/[email protected]/lib/cli-config.js:5
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b250f65c3334d604 Filesystem access.
pkgs/npm/[email protected]/lib/cli-config.js:78
            data = stripBOM(fs.readFileSync(configPath, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97731b1b8dc79916 Environment-variable access.
pkgs/npm/[email protected]/lib/cli-config.js:154
    var directoryArr = [process.env.USERPROFILE, process.env.HOMEPATH, process.env.HOME];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af7287e5aa37caa7 Filesystem access.
pkgs/npm/[email protected]/lib/config/configuration.js:3
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0bb247ef10bc49dd Filesystem access.
pkgs/npm/[email protected]/lib/config/generator.js:1
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bef593b884b8e655 Filesystem access.
pkgs/npm/[email protected]/lib/config/generator.js:93
        fs.writeFileSync(process.cwd() + '/.jscsrc', JSON.stringify(this._config, null, '\t'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f352d7cb1c23212f Filesystem access.
pkgs/npm/[email protected]/lib/config/node-configuration.js:3
var fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

markdown-doctest

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #d884c535c68fda8e Filesystem access.
pkgs/npm/[email protected]/bin/cmd.js:9
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

optional-dev-dependency

npm dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #217f4d05e52b01f5 Filesystem access.
pkgs/npm/[email protected]/dependency.js:5
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac0143220a1c03d0 Filesystem access.
pkgs/npm/[email protected]/index.js:5
var fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #36105c3b34aa0825 Filesystem access.
pkgs/npm/[email protected]/index.js:70
  fs.readFile(filename, (er, buf) => {
    if (er) { return cb(er) }
    try {
      const js = JSON.parse(buf) || {}
      cb(null, js)
    } catch (er) {
      cb(er)
    }
  })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d9aad3baeebdd9f4 Filesystem access.
pkgs/npm/[email protected]/index.js:108
      fs.writeFile(Dependency.findNodeModules('package.json'), JSON.stringify(pkg, null, 2), cb)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

qunit-extras

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #cad4cbc4bc6a863a Environment-variable access.
pkgs/npm/[email protected]/qunit-extras.js:107
      return process.env[name];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

request

npm dependency
expand_more 9 low-confidence finding(s)
low env_fs dependency Excluded from app score #8f3090f26efb4de7 Environment-variable access.
pkgs/npm/[email protected]/lib/getProxyFromURI.js:45
  var noProxy = process.env.NO_PROXY || process.env.no_proxy || ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13ca4f6c0766270c Environment-variable access.
pkgs/npm/[email protected]/lib/getProxyFromURI.js:62
    return process.env.HTTP_PROXY ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32064caf2a19f70c Environment-variable access.
pkgs/npm/[email protected]/lib/getProxyFromURI.js:63
      process.env.http_proxy || null

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a3a500921d873c3 Environment-variable access.
pkgs/npm/[email protected]/lib/getProxyFromURI.js:67
    return process.env.HTTPS_PROXY ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ecfb4f54213e2c1 Environment-variable access.
pkgs/npm/[email protected]/lib/getProxyFromURI.js:68
      process.env.https_proxy ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #614c11cee2662b86 Environment-variable access.
pkgs/npm/[email protected]/lib/getProxyFromURI.js:69
      process.env.HTTP_PROXY ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #556b832a717b291d Environment-variable access.
pkgs/npm/[email protected]/lib/getProxyFromURI.js:70
      process.env.http_proxy || null

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc5751dbe42f03ba Filesystem access.
pkgs/npm/[email protected]/lib/har.js:3
var fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe309c4a4538b3f5 Environment-variable access.
pkgs/npm/[email protected]/request.js:133
Request.debug = process.env.NODE_DEBUG && /\brequest\b/.test(process.env.NODE_DEBUG)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

uglify-js

npm dependency
expand_more 12 low-confidence finding(s)
low env_fs dependency Excluded from app score #41a110e1423ea52b Filesystem access.
pkgs/npm/[email protected]/bin/extract-props.js:6
var fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5337cc309ee0137d Filesystem access.
pkgs/npm/[email protected]/bin/extract-props.js:18
    output = JSON.parse(fs.readFileSync(ARGS.o, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b915378fc5db0569 Filesystem access.
pkgs/npm/[email protected]/bin/extract-props.js:24
    fs.writeFileSync(ARGS.o, JSON.stringify(output, null, 2), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c0b0a0eb872ffb5c Filesystem access.
pkgs/npm/[email protected]/bin/extract-props.js:30
    var code = fs.readFileSync(filename, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #b6b4b004dea69c24 Filesystem access.
pkgs/npm/[email protected]/tools/node.js:8
var fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #26a585127bdc2062 Filesystem access.
pkgs/npm/[email protected]/tools/node.js:29
    return fs.readFileSync(file, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #748eff6f142f68ec Filesystem access.
pkgs/npm/[email protected]/tools/node.js:70
                : fs.readFileSync(file, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #3dccf37722333b0d Filesystem access.
pkgs/npm/[email protected]/tools/node.js:120
        inMap = JSON.parse(fs.readFileSync(options.inSourceMap, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #ad212f1327f1004f Filesystem access.
pkgs/npm/[email protected]/tools/node.js:216
    var data = fs.readFileSync(filename, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #1be84da07838fe67 Filesystem access.
pkgs/npm/[email protected]/tools/node.js:241
            var cache = fs.readFileSync(filename, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #1d6cd4314302261e Filesystem access.
pkgs/npm/[email protected]/tools/node.js:259
            data = fs.readFileSync(filename, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #17470aac9d943220 Filesystem access.
pkgs/npm/[email protected]/tools/node.js:268
        fs.writeFileSync(filename, JSON.stringify(data, null, 2), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

webpack

npm dependency
expand_more 29 low-confidence finding(s)
low env_fs dependency Excluded from app score #030bd95c473b1bc0 Filesystem access.
pkgs/npm/[email protected]/lib/Compiler.js:901
							(this.outputFileSystem).writeFile(targetPath, content, (err) => {
								if (err) return callback(err);

								// information marker that the asset has been emitted
								compilation.emittedAssets.add(file);

								// cache the information that the Source has been written to that location
								const newGeneration =
									targetFileGeneration === undefined
										? 1
										: targetFileGeneration + 1;
								/** @type {CacheEntry} */
								(cacheEntry).writtenTo.set(targetPath, newGeneration);
								this._assetEmittingWrittenFiles.set(targetPath, newGeneration);
								this.hooks.assetEmitted.callAsync(
									file,
									{
										content,
										source,
										outputPath,
										compilation,
										targetPath
									},
									callback
								);
							});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51f8c0d5ea900488 Filesystem access.
pkgs/npm/[email protected]/lib/Compiler.js:996
								return /** @type {OutputFileSystem} */ (
									this.outputFileSystem
								).readFile(targetPath, (err, existingContent) => {
									if (
										err ||
										!content.equals(/** @type {Buffer} */ (existingContent))
									) {
										return doWrite(content);
									}
									return alreadyWritten();
								});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0ce58fea40f0650 Filesystem access.
pkgs/npm/[email protected]/lib/Compiler.js:1141
			(this.outputFileSystem).writeFile(
				/** @type {string} */ (this.recordsOutputPath),
				JSON.stringify(
					this.records,
					(n, value) => {
						if (
							typeof value === "object" &&
							value !== null &&
							!Array.isArray(value)
						) {
							const keys = Object.keys(value);
							if (!isSorted(keys)) {
								return sortObject(value, keys);
							}
						}
						return value;
					},
					2
				),
				callback
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee04d9fdac33a915 Filesystem access.
pkgs/npm/[email protected]/lib/Compiler.js:1227
			(this.inputFileSystem).readFile(
				/** @type {string} */
				(this.recordsInputPath),
				(err, content) => {
					if (err) return callback(err);

					try {
						this.records =
							/** @type {Records} */
							(parseJson(/** @type {Buffer} */ (content).toString("utf8")));
					} catch (parseErr) {
						return callback(
							new Error(
								`Cannot parse records: ${
									/** @type {Error} */ (parseErr).message
								}`
							)
						);
					}

					return callback(null);
				}
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f1d7d0bc76ce33d Environment-variable access.
pkgs/npm/[email protected]/lib/DotenvPlugin.js:447
					process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78a19fc663180ce5 Environment-variable access.
pkgs/npm/[email protected]/lib/DotenvPlugin.js:448
						? process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a146d13bf67ba1bb Filesystem access.
pkgs/npm/[email protected]/lib/DotenvPlugin.js:465
			fs.readFile(file, (err, content) => {
				if (err) reject(err);
				else resolve(/** @type {Buffer} */ (content).toString() || "");
			});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a3b79fe0d629ec5a Environment-variable access.
pkgs/npm/[email protected]/lib/EnvironmentPlugin.js:50
					process.env[key] !== undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #509fb10c75e267d2 Environment-variable access.
pkgs/npm/[email protected]/lib/EnvironmentPlugin.js:51
						? process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5124221f523dd9c8 Filesystem access.
pkgs/npm/[email protected]/lib/FileSystemInfo.js:2209
								this.fs.readFile(path, (err, content) => {
									if (err) return callback(err);
									try {
										const context = dirname(this.fs, path);
										const source = /** @type {Buffer} */ (content).toString();
										const [imports] = lexer.parse(source);
										/** @type {Set<string>} */
										const added = new Set();
										for (const imp of imports) {
											try {
												// import.meta
												if (imp.d === -2) {
													continue;
												}

												/** @type {string | null} */
												const dependency =
													imp.n ||
													parseString(source.slice(imp.s, imp.e).trim());

												if (!dependency) {
													continue;
												}

												// We should not track Node.js build dependencies
												if (dependency.startsWith("node:")) continue;
												if (builtinModules.has(dependency)) continue;
												// Avoid extra jobs for identical imports
												if (added.has(dependency)) continue;

												push({
													type: RBDT_RESOLVE_ESM_FILE,
													context,
													path: dependency,
													expected: imp.d > -1 ? false : undefined,
													issuer: job
												});
												added.add(dependency);
											} catch (err1) {
												logger.warn(
													`Parsing of ${path} for build dependencies failed at 'import(${source.slice(
														imp.s,
														imp.e
													)})'.\n` +
														"Build dependencies behind this expression are ignored and might cause incorrect cache invalidation."
												);
												logger.debug(pathToString(job));
												logger.debug(/** @type {Error} */ (err1).stack);
											}
										}
									} catch (err2) {
										logger.warn(
											`Parsing of ${path} for build dependencies failed and all dependencies of this file are ignored, which might cause incorrect cache invalidation..`
										);
										logger.debug(pathToString(job));
										logger.debug(/** @type {Error} */ (err2).stack);
									}
									process.nextTick(callback);
								});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7e762e7c37dd2d8 Filesystem access.
pkgs/npm/[email protected]/lib/FileSystemInfo.js:2284
						this.fs.readFile(packageJson, (err, content) => {
							if (err) {
								if (err.code === "ENOENT") {
									resolveMissing.add(packageJson);
									const parent = dirname(this.fs, packagePath);
									if (parent !== packagePath) {
										push({
											type: RBDT_DIRECTORY_DEPENDENCIES,
											context: undefined,
											path: parent,
											expected: undefined,
											issuer: job
										});
									}
									callback();
									return;
								}
								return callback(err);
							}
							resolveFiles.add(packageJson);
							/** @type {JsonObject} */
							let packageData;
							try {
								packageData = JSON.parse(
									/** @type {Buffer} */
									(content).toString("utf8")
								);
							} catch (parseErr) {
								return callback(/** @type {Error} */ (parseErr));
							}
							const depsObject = packageData.dependencies;
							const optionalDepsObject = packageData.optionalDependencies;
							/** @type {Set<string>} */
							const allDeps = new Set();
							/** @type {Set<string>} */
							const optionalDeps = new Set();
							if (typeof depsObject === "object" && depsObject) {
								for (const dep of Object.keys(depsObject)) {
									allDeps.add(dep);
								}
							}
							if (
								typeof optionalDepsObject === "object" &&
								optionalDepsObject
							) {
								for (const dep of Object.keys(optionalDepsObject)) {
									allDeps.add(dep);
									optionalDeps.add(dep);
								}
							}
							for (const dep of allDeps) {
								push({
									type: RBDT_RESOLVE_DIRECTORY,
									context: packagePath,
									path: dep,
									expected: !optionalDeps.has(dep),
									issuer: job
								});
							}
							callback();
						});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b892c86e47b6b17e Filesystem access.
pkgs/npm/[email protected]/lib/FileSystemInfo.js:3676
		this.fs.readFile(path, (err, content) => {
			if (err) {
				if (err.code === "EISDIR") {
					this._fileHashes.set(path, "directory");
					return callback(null, "directory");
				}
				if (err.code === "ENOENT") {
					this._fileHashes.set(path, null);
					return callback(null, null);
				}
				if (err.code === "ERR_FS_FILE_TOO_LARGE") {
					/** @type {Logger} */
					(this.logger).warn(`Ignoring ${path} for hashing as it's very large`);
					this._fileHashes.set(path, "too large");
					return callback(null, "too large");
				}
				return callback(/** @type {WebpackError} */ (err));
			}

			const hash = createHash(this._hashFunction);

			hash.update(/** @type {string | Buffer} */ (content));

			const digest = hash.digest("hex");

			this._fileHashes.set(path, digest);

			callback(null, digest);
		});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6526d4f326c45584 Filesystem access.
pkgs/npm/[email protected]/lib/FileSystemInfo.js:4419
			this.fs.readFile(packageJsonPath, (err, content) => {
				if (err) {
					if (err.code === "ENOENT" || err.code === "ENOTDIR") {
						// no package.json or path is not a directory
						this.fs.readdir(path, (err, elements) => {
							if (
								!err &&
								/** @type {string[]} */ (elements).length === 1 &&
								/** @type {string[]} */ (elements)[0] === "node_modules"
							) {
								// This is only a grouping folder e.g. used by yarn
								// we are only interested in existence of this special directory
								this._managedItems.set(path, "*nested");
								return callback(null, "*nested");
							}
							/** @type {Logger} */
							(this.logger).warn(
								`Managed item ${path} isn't a directory or doesn't contain a package.json (see snapshot.managedPaths option)`
							);
							return callback();
						});
						return;
					}
					return callback(/** @type {WebpackError} */ (err));
				}
				/** @type {JsonObject} */
				let data;
				try {
					data = JSON.parse(/** @type {Buffer} */ (content).toString("utf8"));
				} catch (parseErr) {
					return callback(/** @type {WebpackError} */ (parseErr));
				}
				if (!data.name) {
					/** @type {Logger} */
					(this.logger).warn(
						`${packageJsonPath} doesn't contain a "name" property (see snapshot.managedPaths option)`
					);
					return callback();
				}
				const info = `${data.name || ""}@${data.version || ""}`;
				this._managedItems.set(path, info);
				callback(null, info);
			});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ffd409ddc1764586 Filesystem access.
pkgs/npm/[email protected]/lib/config/defaults.js:8
const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc5214160563daeb Filesystem access.
pkgs/npm/[email protected]/lib/config/defaults.js:1477
			const packageInfo = JSON.parse(fs.readFileSync(pkgPath, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7138f4f9fdb31432 Environment-variable access.
pkgs/npm/[email protected]/lib/config/defaults.js:2450
		(infrastructureLogging.stream).isTTY && process.env.TERM !== "dumb";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c86e4656749c11f6 Filesystem access.
pkgs/npm/[email protected]/lib/dll/DllReferencePlugin.js:73
					(compiler.inputFileSystem).readFile(manifest, (err, result) => {
						if (err) return callback(err);
						/** @type {CompilationDataItem} */
						const data = {
							path: manifest,
							data: undefined,
							error: undefined
						};
						// Catch errors parsing the manifest so that blank
						// or malformed manifest files don't kill the process.
						try {
							data.data =
								/** @type {DllReferencePluginOptionsManifest} */
								(
									/** @type {unknown} */
									(parseJson(/** @type {Buffer} */ (result).toString("utf8")))
								);
						} catch (parseErr) {
							// Store the error in the params so that it can
							// be added as a compilation error later on.
							const manifestPath = makePathsRelative(
								compiler.context,
								manifest,
								compiler.root
							);
							data.error = new DllManifestError(
								manifestPath,
								/** @type {Error} */ (parseErr).message
							);
						}
						compilationData.set(params, data);
						return callback();
					});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd1f6d0890e3fc37 Filesystem access.
pkgs/npm/[email protected]/lib/dll/LibManifestPlugin.js:137
								intermediateFileSystem.writeFile(targetPath, buffer, callback);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5641ed9cb14c785 Filesystem access.
pkgs/npm/[email protected]/lib/ids/SyncModuleIdsPlugin.js:63
				fs.readFile(this.options.path, (err, buffer) => {
					if (err) {
						if (err.code !== "ENOENT") {
							return callback(err);
						}
						return callback();
					}
					/** @type {JSONContent} */
					const json = JSON.parse(/** @type {Buffer} */ (buffer).toString());
					/** @type {Map<string, string | number | null>} */
					data = new Map();
					for (const key of Object.keys(json)) {
						data.set(key, json[key]);
					}
					dataChanged = false;
					return callback();
				});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9cab356cfd557de7 Filesystem access.
pkgs/npm/[email protected]/lib/ids/SyncModuleIdsPlugin.js:94
				fs.writeFile(this.options.path, JSON.stringify(json), callback);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f40c899de2083a0 Filesystem access.
pkgs/npm/[email protected]/lib/schemes/FileUriPlugin.js:43
						loaderContext.fs.readFile(resourcePath, (err, result) => {
							if (err) return callback(err);
							loaderContext.addDependency(resourcePath);
							callback(null, result);
						});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8137019e6fd1d087 Environment-variable access.
pkgs/npm/[email protected]/lib/schemes/HttpUriPlugin.js:496
			this.options.proxy || process.env.http_proxy || process.env.HTTP_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d902cc79e8ed8e67 Filesystem access.
pkgs/npm/[email protected]/lib/schemes/HttpUriPlugin.js:589
							intermediateFs.readFile(lockfileLocation, (err, buffer) => {
								if (err && err.code !== "ENOENT") {
									compilation.missingDependencies.add(lockfileLocation);
									return callback(err);
								}
								compilation.fileDependencies.add(lockfileLocation);
								compilation.fileSystemInfo.createSnapshot(
									compiler.fsStartTime,
									buffer ? [lockfileLocation] : [],
									[],
									buffer ? [] : [lockfileLocation],
									{ timestamp: true },
									(err, s) => {
										if (err) return callback(err);
										const lockfile = buffer
											? Lockfile.parse(buffer.toString("utf8"))
											: new Lockfile();
										lockfileCache = {
											lockfile,
											snapshot: /** @type {Snapshot} */ (s)
										};
										callback(null, lockfile);
									}
								);
							});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67e065ad0466bd42 Filesystem access.
pkgs/npm/[email protected]/lib/schemes/HttpUriPlugin.js:693
							intermediateFs.writeFile(filePath, result.content, (err) => {
								if (err) return callback(err);
								callback(null, result);
							});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d7b66cfdd10134c Filesystem access.
pkgs/npm/[email protected]/lib/schemes/HttpUriPlugin.js:1202
									fs.readFile(filePath, (err, result) => {
										if (err) {
											if (err.code === "ENOENT") return doFetch();
											return callback(err);
										}
										const content = /** @type {Buffer} */ (result);
										/**
										 * Continue with cached content.
										 * @param {Buffer | undefined} _result result
										 * @returns {void}
										 */
										const continueWithCachedContent = (_result) => {
											if (!upgrade) {
												// When not in upgrade mode, we accept the result from the lockfile cache
												return callback(null, { entry, content });
											}
											return doFetch(content);
										};
										if (!verifyIntegrity(content, entry.integrity)) {
											/** @type {Buffer | undefined} */
											let contentWithChangedEol;
											let isEolChanged = false;
											try {
												contentWithChangedEol = Buffer.from(
													content.toString("utf8").replace(/\r\n/g, "\n")
												);
												isEolChanged = verifyIntegrity(
													contentWithChangedEol,
													entry.integrity
												);
											} catch (_err) {
												// ignore
											}
											if (isEolChanged) {
												if (!warnedAboutEol) {
													const explainer = `Incorrect end of line sequence was detected in the lockfile cache.
The lockfile cache is protected by integrity checks, so any external modification will lead to a corrupted lockfile cache.
When using git make sure to configure .gitattributes correctly for the lockfile cache:
  **/*webpack.lock.data/** -text
This will avoid that the end of line sequence is changed by git on Windows.`;
													if (frozen) {
														logger.error(explainer);
													} else {
														logger.warn(explainer);
														logger.info(
															"Lockfile cache will be automatically fixed now, but when lockfile is frozen this would result in an error."
														);
													}
													warnedAboutEol = true;
												}
												if (!frozen) {
													// "fix" the end of line sequence of the lockfile content
													logger.log(
														`${filePath} fixed end of line sequence (\\r\\n instead of \\n).`
													);
													intermediateFs.writeFile(
														filePath,
														/** @type {Buffer} */
														(contentWithChangedEol),
														(err) => {
															if (err) return callback(err);
															continueWithCachedContent(
																/** @type {Buffer} */
																(contentWithChangedEol)
															);
														}
													);
													return;
												}
											}
											if (frozen) {
												return callback(
													new Error(
														`${
															entry.resolved
														} integrity mismatch, expected content with integrity ${
															entry.integrity
														} but got ${computeIntegrity(content)}.
Lockfile corrupted (${
															isEolChanged
																? "end of line sequence was unexpectedly changed"
																: "incorrectly merged? changed by other tools?"
														}).
Run build with un-frozen lockfile to automatically fix lockfile.`
													)
												);
											}
											// "fix" the lockfile entry to the correct integrity
											// the content has priority over the integrity value
											entry = {
												...entry,
												integrity: computeIntegrity(content)
											};
											storeLockEntry(lockfile, url, entry);
										}
										continueWithCachedContent(result);
									});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d38560e34ab34ee5 Filesystem access.
pkgs/npm/[email protected]/lib/schemes/HttpUriPlugin.js:1257
													intermediateFs.writeFile(
														filePath,
														/** @type {Buffer} */
														(contentWithChangedEol),
														(err) => {
															if (err) return callback(err);
															continueWithCachedContent(
																/** @type {Buffer} */
																(contentWithChangedEol)
															);
														}
													);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b363c78ff42f52db Filesystem access.
pkgs/npm/[email protected]/lib/schemes/HttpUriPlugin.js:1410
							intermediateFs.readFile(lockfileLocation, (err, buffer) => {
								if (err && err.code !== "ENOENT") {
									writeDone();
									return callback(err);
								}
								const lockfile = buffer
									? Lockfile.parse(buffer.toString("utf8"))
									: new Lockfile();
								for (const [key, value] of /** @type {LockfileUpdates} */ (
									lockfileUpdates
								)) {
									lockfile.entries.set(key, value);
								}
								intermediateFs.writeFile(
									tempFile,
									lockfile.toString(),
									(err) => {
										if (err) {
											writeDone();
											return (
												/** @type {NonNullable<IntermediateFileSystem["unlink"]>} */
												(intermediateFs.unlink)(tempFile, () => callback(err))
											);
										}
										intermediateFs.rename(tempFile, lockfileLocation, (err) => {
											if (err) {
												writeDone();
												return (
													/** @type {NonNullable<IntermediateFileSystem["unlink"]>} */
													(intermediateFs.unlink)(tempFile, () => callback(err))
												);
											}
											writeDone();
											callback();
										});
									}
								);
							});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a30ca794bed59c67 Filesystem access.
pkgs/npm/[email protected]/lib/schemes/HttpUriPlugin.js:1423
								intermediateFs.writeFile(
									tempFile,
									lockfile.toString(),
									(err) => {
										if (err) {
											writeDone();
											return (
												/** @type {NonNullable<IntermediateFileSystem["unlink"]>} */
												(intermediateFs.unlink)(tempFile, () => callback(err))
											);
										}
										intermediateFs.rename(tempFile, lockfileLocation, (err) => {
											if (err) {
												writeDone();
												return (
													/** @type {NonNullable<IntermediateFileSystem["unlink"]>} */
													(intermediateFs.unlink)(tempFile, () => callback(err))
												);
											}
											writeDone();
											callback();
										});
									}
								);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6efb56cc9ac0186c Filesystem access.
pkgs/npm/[email protected]/lib/util/fs.js:681
	fs.readFile(p, (err, buf) => {
		if (err) return callback(err);
		/** @type {JsonObject} */
		let data;
		try {
			data = JSON.parse(/** @type {Buffer} */ (buf).toString("utf8"));
		} catch (err1) {
			return callback(/** @type {Error} */ (err1));
		}
		return callback(null, data);
	});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

Skipped dependencies

Development

  • glob dev — dist-only: no readable source