Close Open Privacy Scan

bolt Snapshot: commit a1d73a3
science engine v2
schedule 2026-07-04T17:15:31.216652+00:00

verified_user No application data leak found

No high-confidence exfiltration was found in application code.

Incomplete scan — only 0/200 dependencies were analyzed. Treat the score as provisional.

App Privacy Score

92 /100
Low privacy risk

Low risk · 798 finding(s)

Dependency score: 100 (Low risk)

bar_chart Score Breakdown

egress −5
env_fs −3

list Scan Summary

0 high 0 medium 798 low
First-party packages: 43
Dependency packages: 0
Ecosystem: npm

swap_horiz External domains

sponsors.vite.dev

</> First-Party Code

first-party (npm)

npm first-party
expand_more 329 low-confidence finding(s)
low env_fs production #538c86bf1f744936 Filesystem access.
repo/docs/.vitepress/buildEnd.config.ts:49
  writeFileSync(path.join(config.outDir, 'blog.rss'), feed.rss2())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a985964c4abb378d Environment-variable access.
repo/docs/.vitepress/config.ts:26
const deployURL = process.env.DEPLOY_PRIME_URL || ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b882c0cc62875ed1 Environment-variable access.
repo/docs/.vitepress/config.ts:27
const commitRef = process.env.COMMIT_REF?.slice(0, 8) || 'dev'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #b1974bf9365b8709 Hardcoded external endpoint. Review what data is sent to this destination.
repo/docs/.vitepress/theme/composables/sponsor.ts:18
    const result = await fetch('https://sponsors.vite.dev/sponsors.json')

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #b24442c51df1decb Filesystem access.
repo/docs/_data/acknowledgements.data.ts:114
  const content = fs.readFileSync(licensePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0db27fa48d3bbd65 Filesystem access.
repo/docs/_data/acknowledgements.data.ts:202
    const content = fs.readFileSync(packagePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dcd0ec327644badd Environment-variable access.
repo/eslint.config.js:13
const shouldTypeCheck = typeof process.env.VSCODE_PID === 'string'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9d29bda0ab4569e1 Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:32
  fs.writeFileSync(pkgJson, '{ "foo": "bar" }')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f2d6ba768167686c Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:179
  const configFile = fs.readFileSync(
    path.join(genPath, 'vite.config.ts'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c4d7e929fa219524 Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:183
  const packageJsonFile = fs.readFileSync(
    path.join(genPath, 'package.json'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e2afc25d4460b4c6 Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:187
  const readmeFile = fs.readFileSync(path.join(genPath, 'README.md'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a5317d35b357a24e Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:205
  const pkg = fs.readFileSync(path.join(genPath, 'package.json'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b71930bfc463453f Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:210
  const readme = fs.readFileSync(path.join(genPath, 'README.md'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f6068ea50589bb40 Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:224
  const pkg = fs.readFileSync(path.join(genPath, 'package.json'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #afcdcb7c77f2a332 Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:288
  const indexHtmlContent = fs.readFileSync(indexHtmlPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e9a9922509f4b292 Environment-variable access.
repo/packages/create-vite/src/index.ts:415
  if (process.env._VITE_TEST_CLI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1192f8d2b1faad2f Environment-variable access.
repo/packages/create-vite/src/index.ts:429
  if (process.env._VITE_TEST_CLI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cef97f9d03d22bb8 Environment-variable access.
repo/packages/create-vite/src/index.ts:466
  const pkgInfo = pkgFromUserAgent(process.env.npm_config_user_agent)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cb3b260d6624fdba Filesystem access.
repo/packages/create-vite/src/index.ts:676
      fs.writeFileSync(targetPath, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ea9d96ce8b5a69fe Filesystem access.
repo/packages/create-vite/src/index.ts:679
      const templateContent = fs.readFileSync(templatePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #91590bb30d933d24 Filesystem access.
repo/packages/create-vite/src/index.ts:684
      fs.writeFileSync(targetPath, updatedContent)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #17b2bfc7877f6234 Filesystem access.
repo/packages/create-vite/src/index.ts:696
    fs.readFileSync(path.join(templateDir, `package.json`), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aa2b8d66cc3edd8b Filesystem access.
repo/packages/create-vite/src/index.ts:914
  fs.writeFileSync(path.resolve(root, 'eslint.config.js'), eslintConfig)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a25d5c294e9cf4cc Filesystem access.
repo/packages/create-vite/src/index.ts:1043
  const content = fs.readFileSync(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a7412cbc8ce74cb0 Filesystem access.
repo/packages/create-vite/src/index.ts:1044
  fs.writeFileSync(file, callback(content), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #251471e0ede64fc2 Filesystem access.
repo/packages/plugin-legacy/src/__tests__/readme.spec.ts:7
  const readme = fs.readFileSync(
    path.resolve(import.meta.dirname, '../../README.md'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6206ebb11567c312 Environment-variable access.
repo/packages/plugin-legacy/src/index.ts:163
  const debugFlags = (process.env.DEBUG || '').split(',')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a771715d00d9e084 Environment-variable access.
repo/packages/vite/bin/vite.js:6
  if (!process.env.DEBUG_DISABLE_SOURCE_MAP) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #27b9263147eba50d Environment-variable access.
repo/packages/vite/bin/vite.js:36
  process.env.DEBUG = `${

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b35b0af3cf28af25 Environment-variable access.
repo/packages/vite/bin/vite.js:37
    process.env.DEBUG ? process.env.DEBUG + ',' : ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4137d566cd072048 Environment-variable access.
repo/packages/vite/bin/vite.js:43
      process.env.VITE_DEBUG_FILTER = filter

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f3bf07c4808d38eb Filesystem access.
repo/packages/vite/rolldown.config.ts:12
  readFileSync(new URL('./package.json', import.meta.url)).toString(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3dd1b2220a351927 Environment-variable access.
repo/packages/vite/rolldown.config.ts:14
const disableSourceMap = !!process.env.DEBUG_DISABLE_SOURCE_MAP

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #106f4b821f6178aa Filesystem access.
repo/packages/vite/rolldown.config.ts:186
        writeFileSync(
          'dist/node/index.d.ts',
          "export * from '../../src/node/index.ts'",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e9412140cfff3aed Filesystem access.
repo/packages/vite/rolldown.config.ts:190
        writeFileSync(
          'dist/node/module-runner.d.ts',
          "export * from '../../src/module-runner/index.ts'",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4045582b87dd6de1 Filesystem access.
repo/packages/vite/rolldown.dts.config.ts:23
  readFileSync(new URL('./package.json', import.meta.url)).toString(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd3ccdcfd86196e1 Filesystem access.
repo/packages/vite/rollupLicensePlugin.ts:17
      const coreLicense = fs.readFileSync(
        new URL('../../LICENSE', import.meta.url),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #37227c76aef33beb Filesystem access.
repo/packages/vite/rollupLicensePlugin.ts:108
      const existingLicenseText = fs.readFileSync(licenseFilePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #340d9155523b1bc4 Filesystem access.
repo/packages/vite/rollupLicensePlugin.ts:110
        fs.writeFileSync(licenseFilePath, licenseText)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e0413ba0fc031129 Filesystem access.
repo/packages/vite/src/node/__tests__/build.spec.ts:1152
  const content = await fsp.readFile(entry, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #54452081d3ed32b7 Filesystem access.
repo/packages/vite/src/node/__tests__/build.spec.ts:1153
  await fsp.writeFile(
    entry,
    content.replace(`import('./dep.js')`, `'dep.js removed'`),
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #19577d30f30ecd42 Filesystem access.
repo/packages/vite/src/node/__tests__/build.spec.ts:1158
    await fsp.writeFile(entry, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e1e4089231a2a71d Filesystem access.
repo/packages/vite/src/node/__tests__/build.spec.ts:1188
    fsp.readFile(resolve(root, 'dist/favicon.svg'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #df22b817c6b175e4 Filesystem access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1386
      fs.writeFileSync(path.resolve(root, fileName), content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #344bbfae2b1d2a7a Filesystem access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1390
      fs.writeFileSync(
        path.resolve(root, 'package.json'),
        JSON.stringify({
          name: '@vitejs/test-load-config-from-file',
          type: typeField,
        }),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a38b803a5cfa7a8c Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1599
    delete process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c372827cc5b1cdee Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1603
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'example.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e3d42e2ab745100a Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1613
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c4ef1b0fdef6367c Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1628
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #baa54941e734c434 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1643
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #55380403e5c02dfe Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1654
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'new.com,another.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c824b9128ac68cc2 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1668
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'example.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #576c933f30ce4974 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1680
      process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = env

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #36f44d0c333f8d4f Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:54
    expect(process.env.VITE_USER_NODE_ENV).toEqual(undefined)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #686294eaef899b3f Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:58
    const _nodeEnv = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #28f673a336a0f13f Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:59
    process.env.NODE_ENV = 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d94b03c8944000f3 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:61
    expect(process.env.VITE_USER_NODE_ENV).toEqual('development')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3435dbe6a4e4da78 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:62
    process.env.NODE_ENV = _nodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7231ce632f590b02 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:66
    process.env.VITE_USER_NODE_ENV = 'test'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0d98514854a51b2c Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:68
    expect(process.env.VITE_USER_NODE_ENV).toEqual('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #50c740b540d9c2ff Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:72
    process.env.VITE_ENV_TEST_ENV = 'EXIST'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a298c1c8dcb41b88 Filesystem access.
repo/packages/vite/src/node/__tests__/plugins/cssPreprocessorTeardown.spec.ts:25
    fs.writeFileSync(scssPath, '$c: red;\nbody { color: $c; }\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d5aa93e08c4caa7b Filesystem access.
repo/packages/vite/src/node/__tests__/plugins/cssPreprocessorTeardown.spec.ts:37
        fs.readFileSync(scssPath, 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #57448aa8fbb4d88c Filesystem access.
repo/packages/vite/src/node/__tests__/plugins/importGlob/fixture.spec.ts:14
      await transformWithEsbuild(await fs.readFile(id, 'utf-8'), id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ab54f000b3dc22fc Filesystem access.
repo/packages/vite/src/node/__tests__/plugins/importGlob/fixture.spec.ts:85
      await transformWithEsbuild(await fs.readFile(id, 'utf-8'), id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #21e27f0b97ff88ed Environment-variable access.
repo/packages/vite/src/node/build.ts:1091
  const tty = process.stdout.isTTY && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d1406cae7dfbd190 Filesystem access.
repo/packages/vite/src/node/cli.ts:79
        fs.writeFileSync(outPath, JSON.stringify(profile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #71367adc180cb2f5 Environment-variable access.
repo/packages/vite/src/node/config.ts:1422
  if (process.env.NODE_ENV === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #968e42f07549a7b2 Environment-variable access.
repo/packages/vite/src/node/config.ts:1425
      process.env.NODE_ENV = nodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e0af3b59f774c128 Environment-variable access.
repo/packages/vite/src/node/config.ts:1428
  const isNodeEnvSet = !!process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d0285d98e056d37e Environment-variable access.
repo/packages/vite/src/node/config.ts:1434
    process.env.NODE_ENV = defaultNodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #59bcf3c60c2122c1 Environment-variable access.
repo/packages/vite/src/node/config.ts:1730
  const userNodeEnv = process.env.VITE_USER_NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fea26307f4a1a9be Environment-variable access.
repo/packages/vite/src/node/config.ts:1733
      process.env.NODE_ENV = 'development'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c487b8ac73af7bf7 Environment-variable access.
repo/packages/vite/src/node/config.ts:1744
  const isProduction = process.env.NODE_ENV === 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2bc61dc3c35b7c67 Filesystem access.
repo/packages/vite/src/node/config.ts:2658
    await fsp.writeFile(tempFileName, bundledCode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ae0cdfdde962630c Filesystem access.
repo/packages/vite/src/node/constants.ts:7
  readFileSync(new URL('../../package.json', import.meta.url)).toString(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e00e51f2ced9823e Filesystem access.
repo/packages/vite/src/node/env.ts:59
      const parsedEnv = parseEnv(fs.readFileSync(filePath, 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7ba5199b15c5bd6c Environment-variable access.
repo/packages/vite/src/node/env.ts:67
  if (parsed.NODE_ENV && process.env.VITE_USER_NODE_ENV === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3a7924b686f67aa4 Environment-variable access.
repo/packages/vite/src/node/env.ts:68
    process.env.VITE_USER_NODE_ENV = parsed.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d931473765ed6152 Environment-variable access.
repo/packages/vite/src/node/env.ts:71
  if (parsed.BROWSER && process.env.BROWSER === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bec8d52ca9d836de Environment-variable access.
repo/packages/vite/src/node/env.ts:72
    process.env.BROWSER = parsed.BROWSER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #70ea2300e7f30397 Environment-variable access.
repo/packages/vite/src/node/env.ts:74
  if (parsed.BROWSER_ARGS && process.env.BROWSER_ARGS === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #50406be9fc17fe04 Environment-variable access.
repo/packages/vite/src/node/env.ts:75
    process.env.BROWSER_ARGS = parsed.BROWSER_ARGS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4ab489e5dabba545 Environment-variable access.
repo/packages/vite/src/node/env.ts:100
      env[key] = process.env[key]!

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d9c5c83c43f60fc5 Filesystem access.
repo/packages/vite/src/node/http.ts:162
    return fsp.readFile(path.resolve(value)).catch(() => value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #99dff22d3eb424e9 Environment-variable access.
repo/packages/vite/src/node/logger.ts:84
    allowClearScreen && process.stdout.isTTY && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cc25cce9486665e6 Filesystem access.
repo/packages/vite/src/node/optimizer/index.ts:414
        await fsp.readFile(cachedMetadataPath, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4d67ef61a5c60a8b Filesystem access.
repo/packages/vite/src/node/optimizer/index.ts:540
  fs.writeFileSync(
    path.resolve(processingCacheDir, 'package.json'),
    `{\n  "type": "module"\n}\n`,
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d7e19e263a6b628c Filesystem access.
repo/packages/vite/src/node/optimizer/index.ts:595
      fs.writeFileSync(
        dataPath,
        stringifyDepsOptimizerMetadata(metadata, depsCacheDir),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #18750a1261d31638 Environment-variable access.
repo/packages/vite/src/node/optimizer/index.ts:817
      : JSON.stringify(process.env.NODE_ENV || environment.config.mode),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3221ecc3f4db8a79 Filesystem access.
repo/packages/vite/src/node/optimizer/index.ts:1161
  const entryContent = fs.readFileSync(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0c1f2bad13ff3d1e Environment-variable access.
repo/packages/vite/src/node/optimizer/index.ts:1280
  return process.env.npm_config_user_agent?.startsWith(manager) ? 1 : -1

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #63a58888379bf430 Environment-variable access.
repo/packages/vite/src/node/optimizer/index.ts:1292
        ? process.env.NODE_ENV || config.mode

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #30a660894262b5ae Filesystem access.
repo/packages/vite/src/node/optimizer/index.ts:1331
  let content = lockfilePath ? fs.readFileSync(lockfilePath, 'utf-8') : ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a8c9a45a61c08d0d Filesystem access.
repo/packages/vite/src/node/optimizer/scan.ts:454
    let raw = await fsp.readFile(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bbaf767e0baae806 Filesystem access.
repo/packages/vite/src/node/packages.ts:179
  const data = JSON.parse(stripBomTag(fs.readFileSync(pkgPath, 'utf-8')))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #310073b9c1a9214b Filesystem access.
repo/packages/vite/src/node/plugins/asset.ts:210
              await fsp.readFile(file, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #10398c7aa35a3c1b Filesystem access.
repo/packages/vite/src/node/plugins/asset.ts:344
    const content = await fsp.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b17f220c12406838 Filesystem access.
repo/packages/vite/src/node/plugins/asset.ts:353
    const content = await fsp.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d94017a2707bad42 Filesystem access.
repo/packages/vite/src/node/plugins/asset.ts:452
  const content = await fsp.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3f54cff85019fc71 Environment-variable access.
repo/packages/vite/src/node/plugins/clientInjections.ts:55
          JSON.stringify(process.env.NODE_ENV || config.mode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c3e42f7afaa21a26 Filesystem access.
repo/packages/vite/src/node/plugins/clientInjections.ts:147
  const content = fs.readFileSync(normalizedClientEntry, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d32842289a1c07d5 Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:1605
          const code = await fs.promises.readFile(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8a36a2432b2ec612 Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:2600
            result.contents ?? (await fsp.readFile(result.file, 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #63e89724411d4f6f Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:2747
  const content = await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #14c1e67084a827f2 Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:2880
                  (await fsp.readFile(result.resolved, 'utf-8')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #12dec3eab5ecef13 Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:3265
              const code = fs.readFileSync(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1261fb03780a9b88 Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:3356
        const code = fs.readFileSync(e.fileName, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #72d2962252f0058b Environment-variable access.
repo/packages/vite/src/node/plugins/define.ts:19
    const nodeEnv = process.env.NODE_ENV || config.mode

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #37354994bc6b5ea6 Filesystem access.
repo/packages/vite/src/node/plugins/forwardConsole.ts:138
      const code = fs.readFileSync(stack.file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b50d850e9bfd381a Filesystem access.
repo/packages/vite/src/node/plugins/license.ts:83
            entry.text = fs.readFileSync(licenseFile, 'utf-8').trim()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1e5e3c7bbf3ab659 Filesystem access.
repo/packages/vite/src/node/plugins/optimizedDeps.ts:89
            fsp.readFile(file, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #69a906138aa186de Filesystem access.
repo/packages/vite/src/node/plugins/optimizedDeps.ts:90
            fsp
              .readFile(`${file}.map`, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cd15c9fc62a14878 Environment-variable access.
repo/packages/vite/src/node/plugins/reporter.ts:9
    const tty = process.stdout.isTTY && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #66a08beaf5bd433c Filesystem access.
repo/packages/vite/src/node/plugins/wasm.ts:192
    const wasmBinary = await fsp.readFile(wasmFilePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #73f4422a8630dc9b Filesystem access.
repo/packages/vite/src/node/server/hmr.ts:1137
  const content = await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ed9316cdb4289624 Filesystem access.
repo/packages/vite/src/node/server/hmr.ts:1149
    return await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #239d54e6bd6a83cb Environment-variable access.
repo/packages/vite/src/node/server/index.ts:934
  if (process.env.DEBUG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eb4be061d070a5cc Filesystem access.
repo/packages/vite/src/node/server/index.ts:1275
    const content = fs.readFileSync(pnpmModulesYaml, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #72e31c2053392689 Environment-variable access.
repo/packages/vite/src/node/server/index.ts:1316
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #15c4f13ce51dbcd4 Environment-variable access.
repo/packages/vite/src/node/server/index.ts:1320
      process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b8661af769fb7688 Filesystem access.
repo/packages/vite/src/node/server/middlewares/__tests__/indexHtml.spec.ts:9
const HTML_CONTENT = fs.readFileSync(HTML_PATH, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #57de22b97ad47958 Filesystem access.
repo/packages/vite/src/node/server/middlewares/__tests__/indexHtml.spec.ts:68
    const htmlContent = fs.readFileSync(htmlPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d59e65087429938b Filesystem access.
repo/packages/vite/src/node/server/middlewares/indexHtml.ts:540
          let html = await fsp.readFile(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b0db687ddeb5e14f Filesystem access.
repo/packages/vite/src/node/server/middlewares/transform.ts:170
              await fsp.readFile(sourcemapPath, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1dd3e07d9872adcc Environment-variable access.
repo/packages/vite/src/node/server/openBrowser.ts:31
  const browser = typeof opt === 'string' ? opt : process.env.BROWSER || ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3154d0f34d094d9d Environment-variable access.
repo/packages/vite/src/node/server/openBrowser.ts:35
    const browserArgs = process.env.BROWSER_ARGS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ea9a1a61009f0b21 Environment-variable access.
repo/packages/vite/src/node/server/openBrowser.ts:36
      ? process.env.BROWSER_ARGS.split(' ')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d20d7a7a19280bcc Environment-variable access.
repo/packages/vite/src/node/server/pluginContainer.ts:111
  process.env.DEBUG_VITE_SOURCEMAP_COMBINE_FILTER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1a5cc0697b773d1a Filesystem access.
repo/packages/vite/src/node/server/pluginContainer.ts:961
              code = fs.readFileSync(err.loc.file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #855d8b79cf5df464 Filesystem access.
repo/packages/vite/src/node/server/pluginContainer.ts:1000
              code = fs.readFileSync(err.loc.file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3b7aa8419fd08c4a Filesystem access.
repo/packages/vite/src/node/server/searchRoot.ts:31
    const content = JSON.parse(fs.readFileSync(path, 'utf-8')) || {}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0ca0cd695bdf3290 Filesystem access.
repo/packages/vite/src/node/server/searchRoot.ts:46
      const content = JSON.parse(fs.readFileSync(path, 'utf-8')) || {}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d944d2d15bdc2359 Filesystem access.
repo/packages/vite/src/node/server/sourcemap.ts:112
          sourcesContent[index] = await fsp
            .readFile(resolvedSourcePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8182261af8cbbaa1 Filesystem access.
repo/packages/vite/src/node/server/sourcemap.ts:241
    return fs.readFileSync(resolvedPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3de0460bec33ea83 Filesystem access.
repo/packages/vite/src/node/server/transformRequest.ts:284
        code = await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2b9b6a1436e440ab Filesystem access.
repo/packages/vite/src/node/server/warmup.ts:34
        const html = await fs.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f418bb538d371dd4 Environment-variable access.
repo/packages/vite/src/node/shortcuts.ts:36
  enabled: boolean = process.stdin.isTTY && !process.env.CI,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6556d5a18a54c482 Filesystem access.
repo/packages/vite/src/node/ssr/__tests__/ssrLoadModule.spec.ts:233
  const source = fs.readFileSync(
    path.join(root, 'fixtures/json/test.json'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5d5c2d6f623aeea5 Filesystem access.
repo/packages/vite/src/node/ssr/__tests__/ssrTransform.spec.ts:644
    return readFileSync(fileURLToPath(url), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #103b2e9c3c452ff4 Filesystem access.
repo/packages/vite/src/node/ssr/__tests__/ssrTransform.spec.ts:669
    return readFileSync(fileURLToPath(url), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #46477577e47f2cc4 Filesystem access.
repo/packages/vite/src/node/ssr/runtime/__tests__/fixtures/native.js:3
export { readdirSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a1523ddc7450d88a Environment-variable access.
repo/packages/vite/src/node/ssr/runtime/__tests__/server-hmr.spec.ts:137
  process.env.CI ? 50_00 : 5_000,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4d7204363a425370 Filesystem access.
repo/packages/vite/src/node/ssr/runtime/__tests__/utils.ts:114
      fs.writeFileSync(file, content, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ce3cdce2087aae7b Filesystem access.
repo/packages/vite/src/node/ssr/runtime/__tests__/utils.ts:121
      const content = fs.readFileSync(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a401a89e7904a92b Filesystem access.
repo/packages/vite/src/node/ssr/runtime/__tests__/utils.ts:123
      fs.writeFileSync(file, callback(content), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c3d71f500a30e2ae Filesystem access.
repo/packages/vite/src/node/ssr/runtime/serverModuleRunner.ts:66
      return readFileSync(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bd855c6223648d50 Environment-variable access.
repo/packages/vite/src/node/utils.ts:176
const filter = process.env.VITE_DEBUG_FILTER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c2016bc5e836ae8b Environment-variable access.
repo/packages/vite/src/node/utils.ts:178
const DEBUG = process.env.DEBUG

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5c858f19b910d635 Environment-variable access.
repo/packages/vite/src/node/utils.ts:1246
    const method = process.env.VITE_DEPRECATION_TRACE ? 'trace' : 'warn'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #205a75db38b1f22c Environment-variable access.
repo/packages/vite/src/node/utils.ts:1351
    const method = process.env.VITE_DEPRECATION_TRACE ? 'trace' : 'warn'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a25e731c11f72bb9 Environment-variable access.
repo/packages/vite/src/node/utils.ts:1708
    process.env.npm_config_user_agent?.split(' ')[0].split('/')[0] || 'npm'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1f837c421a2390ba Environment-variable access.
repo/packages/vite/src/node/utils.ts:1833
    if (process.env.CI !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52a1c3d71bcf5eca Environment-variable access.
repo/packages/vite/src/node/utils.ts:1846
    if (process.env.CI !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0a9b4e4722df07dd Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:536
  const src = readFile('foo.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0c0fa8525c0ff42d Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:555
    const src = readFile('テスト-測試-white space.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4d52a7eace53e0cd Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:579
    const newContent = readFile('import-meta-url/img-update.png', null)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #731c044bf25a8edf Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:787
  const indexHtml = readFile('./dist/foo/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4f153c834c9fcdb0 Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:794
  const indexHtml = readFile('./dist/foo/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7e318e6b6ab9e5d3 Filesystem access.
repo/playground/csp/vite.config.js:28
  const content = await fs.readFile(
    path.join(import.meta.dirname, file),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2a5604e906cfb478 Environment-variable access.
repo/playground/css-lightningcss-proxy/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b51b48726e7e2cc2 Filesystem access.
repo/playground/css-lightningcss-proxy/server.js:59
      let template = fs.readFileSync(htmlLoc, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #39b42bfb251ac75d Filesystem access.
repo/playground/css/__tests__/tests.ts:412
    readFileSync(require.resolve('../raw-imported.css'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dcbeb4da356ee8bc Filesystem access.
repo/playground/css/postcss.config.js:23
        const text = files.map((f) => fs.readFileSync(f, 'utf-8')).join('\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1785e27cdd95e448 Environment-variable access.
repo/playground/env/__tests__/env.spec.ts:52
  expect(await page.textContent('.node-env')).toBe(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #55aa6beeff99fb64 Environment-variable access.
repo/playground/env/__tests__/env.spec.ts:53
  expect(await page.textContent('.global-node-env')).toBe(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f291408500e9c818 Environment-variable access.
repo/playground/env/__tests__/env.spec.ts:55
    process.env.NODE_ENV,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1813cd8722c2bb23 Environment-variable access.
repo/playground/env/vite.config.js:3
process.env.EXPAND = 'expand'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0740521359e4b9a0 Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:49
      fs.readFileSync(file, 'utf-8').includes('process.env.NODE_ENV'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #08ed43df52e6ebbc Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:67
      const originalContent = readFile(filePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cc20d918fdefa044 Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:68
      fs.writeFileSync(
        filePath,
        `import 'react-fake-${env}'\n${originalContent}`,
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #675215f3f7911529 Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:74
        fs.writeFileSync(filePath, originalContent, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6cae20ff62a47855 Filesystem access.
repo/playground/external/vite.config.js:13
      const code = await fs.readFile(
        new URL(`./node_modules/${file}`, import.meta.url),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #10ff00e3ab2018e5 Filesystem access.
repo/playground/fs-serve/__tests__/commonTests.ts:26
const safeJsonContent = fs.readFileSync(
  path.resolve(import.meta.dirname, '../safe.json'),
  'utf-8',
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7c649ecc2e06a48b Filesystem access.
repo/playground/hmr-full-bundle-mode/__tests__/hmr-full-bundle-mode.spec.ts:144
    const original = readFile('hmr-asset.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c5759b6e924eb2c8 Filesystem access.
repo/playground/hmr-full-bundle-mode/__tests__/hmr-full-bundle-mode.spec.ts:228
    const original = readFile('invalidation-child.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b8e2819d533a1183 Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:299
      const originalUnresolvedFile = readFile('unresolved.ts')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #33ceb63679714f11 Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:302
        fs.writeFileSync(filepath, originalUnresolvedFile, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #88c8505ea77d8c2b Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:785
  const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #48396823aa5c9107 Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:855
  const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e45687df00bad7c9 Filesystem access.
repo/playground/hmr/__tests__/hmr.spec.ts:924
    const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4df3e614ec68fa78 Filesystem access.
repo/playground/hmr/__tests__/hmr.spec.ts:1001
    const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #13072ed57c1b9799 Filesystem access.
repo/playground/hmr/vite.config.ts:114
        const dep = await fs.readFile(depPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bc1400d110b10b83 Filesystem access.
repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:308
      const mapContent = readFile(`dist/assets/${mapAsset}`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1358ca8a047c598a Filesystem access.
repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:384
      const jsContent = readFile(jsAsset)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8734dc4efaf13e80 Filesystem access.
repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:395
      const mapContent = readFile(mapFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dc134e01b47de494 Filesystem access.
repo/playground/json/__tests__/csr/json-csr.spec.ts:48
    readFileSync(require.resolve('../../test.json'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #50d25d1669b0355f Filesystem access.
repo/playground/legacy/__tests__/legacy.spec.ts:171
          readFile(`dist/assets/${filename}`).includes('Unable to preload'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9c832c903b169ada Filesystem access.
repo/playground/legacy/vite.config-chunk-importmap.js:21
    let index = fs.readFileSync(indexPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bf235212c883c6f7 Filesystem access.
repo/playground/legacy/vite.config-chunk-importmap.js:25
    fs.writeFileSync(indexPath, index)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eff3b5cd514811c6 Filesystem access.
repo/playground/legacy/vite.config.js:45
    let index = fs.readFileSync(indexPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d4418d74113f5f5b Filesystem access.
repo/playground/legacy/vite.config.js:49
    fs.writeFileSync(indexPath, index)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7ebc49ecedffa102 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:11
    const code = readFile('dist/my-lib-custom-filename.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a2bb28bda07dda63 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:12
    const noMinifyCode = readFile(
      'dist/nominify/my-lib-custom-filename.umd.cjs',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b66e2980ba46c6c0 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:15
    const namedCode = readFile('dist/named/my-lib-named.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b45613a0aa90359a Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:26
    const code = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f2684c5cbca6f369 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:27
    const noMinifyCode = readFile(
      'dist/nominify/my-lib-custom-filename.iife.js',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e359d447a044ae14 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:30
    const namedCode = readFile('dist/named/my-lib-named.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #293bb64282409bfa Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:40
    const code = readFile(
      'dist/helpers-injection/my-lib-custom-filename.iife.js',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6a6343f60080c77f Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:52
    const code = readFile('dist/lib/dynamic-import-message.es.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5859e05a198ce863 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:60
    const code = readFile('dist/lib/dynamic-import-message.es.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a47604c46db5500a Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:70
    const es = readFile('dist/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5627bf50ae394380 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:75
    const es = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f96890a7ca10ddab Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:87
    const es = readFile('dist/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b109a9f4c9cb14b3 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:88
    const iife = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8fd8ef0907b4e55d Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:89
    const umd = readFile('dist/my-lib-custom-filename.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #893ac70048d2160f Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:96
    const terserEs = readFile('dist/terser/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #07026adf1ee320ed Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:101
    const terserEs = readFile('dist/terser/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5ffe305fd576aaaf Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:106
    const terserIife = readFile('dist/terser/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3225af6f27880692 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:111
    const css = readFile('dist/css-single-entry/test-my-lib.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #eb95248dcbf5044d Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:112
    const js = readFile('dist/css-single-entry/test-my-lib.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #212e78e6b3576328 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:113
    const umd = readFile('dist/css-single-entry/test-my-lib.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5a9a11bc2fe6f9bb Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:120
    const css = readFile('dist/css-multi-entry/test-my-lib.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2265f5b844cbd2e6 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:121
    const js1 = readFile('dist/css-multi-entry/css-entry-1.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5363150c97aaf9d5 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:122
    const js2 = readFile('dist/css-multi-entry/css-entry-2.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8bb02c8cb60e8fa6 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:123
    const cjs1 = readFile('dist/css-multi-entry/css-entry-1.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4d98461aee63ff2d Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:124
    const cjs2 = readFile('dist/css-multi-entry/css-entry-2.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #749c4ec6787bd43d Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:134
    const css1 = readFile('dist/css-code-split/css-entry-1.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c86f3a06bd3efab4 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:135
    const css2 = readFile('dist/css-code-split/css-entry-2.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cf74863aeeac2c3a Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:136
    const js1 = readFile('dist/css-code-split/css-entry-1.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3569c97378fbf2c6 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:137
    const js2 = readFile('dist/css-code-split/css-entry-2.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #53abca5e14e1ebe2 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:138
    const cjs1 = readFile('dist/css-code-split/css-entry-1.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #024d9ef00186b748 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:139
    const cjs2 = readFile('dist/css-code-split/css-entry-2.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #24b375222bf60161 Environment-variable access.
repo/playground/lib/__tests__/serve.ts:26
    process.env.VITE_INLINE = 'inline-serve'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b557e95dc5b9424b Environment-variable access.
repo/playground/lib/src/main.js:8
  console.log(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #824c4f671be6a644 Filesystem access.
repo/playground/lib/vite.config.js:38
          source: fs.readFileSync(
            path.resolve(import.meta.dirname, 'index.dist.html'),
            'utf-8',
          ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f1dc71ae372cf535 Environment-variable access.
repo/playground/lib/vite.multiple-output.config.js:4
const root = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cabc862f41895769 Filesystem access.
repo/playground/minify/__tests__/minify.spec.ts:11
  const jsContent = readFile(path.resolve(assetsDir, jsFile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #da938e2b09109df7 Filesystem access.
repo/playground/minify/__tests__/minify.spec.ts:14
  const cssContent = readFile(path.resolve(assetsDir, cssFile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #96da869665707d1d Environment-variable access.
repo/playground/optimize-deps-no-discovery/vite.config.js:4
process.env.NODE_ENV = ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5607ef361cf6bd60 Environment-variable access.
repo/playground/optimize-deps/dep-cjs-with-external-deps/index.js:5
if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c51096c864b86ed8 Filesystem access.
repo/playground/optimize-deps/dep-linked-include/index.mjs:16
  fs.readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0973492e7353fe3d Environment-variable access.
repo/playground/optimize-deps/dep-node-env/index.js:1
export const env = process.env.NODE_ENV === 'production' ? 'prod' : 'dev'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0034cc49e80e919c Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:3
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a1d48b4a4aa84127 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:20
  return fs.readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ef5c02c85057c7cc Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:3
import { readFileSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a117a80c2d410741 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:9
  readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c566d412175b9d35 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:23
  return readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a931039d1e15cdb6 Filesystem access.
repo/playground/optimize-deps/vite.config.js:116
                    let contents = fs.readFileSync(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #72ba55e51451bba4 Environment-variable access.
repo/playground/optimize-missing-deps/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9b79e9bf972a0a34 Filesystem access.
repo/playground/optimize-missing-deps/server.js:33
      let template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #03ee28e0c550baa2 Environment-variable access.
repo/playground/ssr-alias/src/main.js:8
  builtin: process.env['__TEST_ALIAS__'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #593575c3a57fa0aa Environment-variable access.
repo/playground/ssr-conditions/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #046d26621fb51dfa Environment-variable access.
repo/playground/ssr-conditions/server.js:10
  isProd = process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cab5ec0fef5b3cb9 Filesystem access.
repo/playground/ssr-conditions/server.js:16
    ? fs.readFileSync(resolve('dist/client/index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #65803cd2ac52e631 Filesystem access.
repo/playground/ssr-conditions/server.js:56
        template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #59e2972b06024a79 Environment-variable access.
repo/playground/ssr-deps/__tests__/ssr-deps.spec.ts:103
    `Hello World from ${process.env.NODE_ENV}!`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b2a2c6e21b29aad1 Filesystem access.
repo/playground/ssr-deps/read-file-content/index.js:5
  return await fs.readFile(path.resolve(filePath), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #539ddc74e5e64f8b Environment-variable access.
repo/playground/ssr-deps/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #686537768eea7fdc Filesystem access.
repo/playground/ssr-deps/server.js:100
      template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #19fbbafc47375844 Environment-variable access.
repo/playground/ssr-html/server.js:5
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #97a6c0827a68a006 Filesystem access.
repo/playground/ssr-html/server.js:79
        const template = fs.readFileSync(resolve(`.${url}index.html`), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e39a8b5bbdd181cc Filesystem access.
repo/playground/ssr-html/server.js:94
      let template = fs.readFileSync(htmlLoc, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52d931a1b8488c67 Environment-variable access.
repo/playground/ssr-html/test-stacktrace.js:10
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7d868d2e37ee4363 Environment-variable access.
repo/playground/ssr-noexternal/server.js:5
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0d91d61837712774 Environment-variable access.
repo/playground/ssr-noexternal/server.js:9
  isProd = process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6a55e05982c71b80 Filesystem access.
repo/playground/ssr-noexternal/server.js:15
    ? fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb49143672c820e2 Filesystem access.
repo/playground/ssr-noexternal/server.js:54
        template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0eeb588f8678e1fe Environment-variable access.
repo/playground/ssr-pug/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a38759730e7d507e Filesystem access.
repo/playground/ssr-resolve/__tests__/ssr-resolve.spec.ts:9
  const contents = readFile('dist/main.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #71bb8a8c4619f073 Filesystem access.
repo/playground/ssr-resolve/__tests__/ssr-resolve.spec.ts:38
    const contents = readFile('dist/main.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3a93f3ef7ebefd36 Environment-variable access.
repo/playground/ssr-wasm/server.js:3
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #baee2c65ad5fb1c3 Environment-variable access.
repo/playground/ssr-wasm/server.js:4
const isProduction = process.env.NODE_ENV === 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5533be1b2cff10c4 Environment-variable access.
repo/playground/ssr-webworker/worker.js:4
const isTest = !!process.env.TEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ce54c6646b47f661 Environment-variable access.
repo/playground/ssr/server.js:5
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d039c3c2c3e1793d Filesystem access.
repo/playground/ssr/server.js:47
      template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9049293a04887c68 Filesystem access.
repo/playground/test-utils.ts:164
  return fs.readFileSync(path.resolve(testDir, filename), encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0c2765a3950175f6 Filesystem access.
repo/playground/test-utils.ts:190
  const content: string | Buffer = fs.readFileSync(filename, encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a25dbeb22973e2d3 Filesystem access.
repo/playground/test-utils.ts:204
  fs.writeFileSync(filename, modified)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8206a8da97e903a1 Filesystem access.
repo/playground/test-utils.ts:210
  fs.writeFileSync(resolvedFilename, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9821b08dac7ef8ca Filesystem access.
repo/playground/test-utils.ts:243
            fs.readFileSync(path.resolve(assetsDir, file), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b18e452618fbe2b2 Filesystem access.
repo/playground/test-utils.ts:250
      ? fs.readFileSync(path.resolve(assetsDir, matchedFile), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #213f39f1549a4d97 Filesystem access.
repo/playground/test-utils.ts:257
    fs.readFileSync(
      path.join(testDir, 'dist', base, '.vite/manifest.json'),
      'utf-8',
    ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #af8ed077780c8d60 Filesystem access.
repo/playground/test-utils.ts:269
    fs.readFileSync(
      path.join(testDir, `node_modules/.vite/deps${suffix}/_metadata.json`),
      'utf-8',
    ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #84e552e2570f8ea8 Filesystem access.
repo/playground/tsconfig-json-load-error/__tests__/tsconfig-json-load-error.spec.ts:18
      readFile('dist/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bf4e5adbdec9fbfe Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:37
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4931b14bea649de9 Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:51
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2ceced78230cdf6b Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:66
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fda3d0ff9936c13b Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:81
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dadd327d421e3915 Environment-variable access.
repo/playground/vitestGlobalSetup.ts:13
    headless: !process.env.VITE_DEBUG_SERVE,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #59ebab5f708e9e62 Environment-variable access.
repo/playground/vitestGlobalSetup.ts:14
    args: process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d653e9df9367ccc6 Environment-variable access.
repo/playground/vitestGlobalSetup.ts:68
  if (!process.env.VITE_PRESERVE_BUILD_ARTIFACTS) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3ec7ee72dd9cdcef Environment-variable access.
repo/playground/vitestSetup.ts:66
export const isBuild = !!process.env.VITE_TEST_BUILD

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74183d58a9fe4903 Environment-variable access.
repo/playground/vitestSetup.ts:157
        process.env.VITE_DEBUG_SERVE &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #58c061f6ac450995 Environment-variable access.
repo/playground/vitestSetup.ts:279
    process.env.VITE_INLINE = 'inline-serve'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee0176f71c0022a2 Environment-variable access.
repo/playground/vitestSetup.ts:288
    process.env.VITE_INLINE = 'inline-build'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bc923c2253dca074 Environment-variable access.
repo/playground/vitestSetup.ts:324
    const _nodeEnv = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #01a1b8c0f46427a2 Environment-variable access.
repo/playground/vitestSetup.ts:327
    process.env.NODE_ENV = _nodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #872b246f756624c2 Environment-variable access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:10
    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e802fab430337163 Filesystem access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:103
      const fileContent = fs.readFileSync(
        path.resolve(assetsDir, file),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #99093e1f09ac071d Filesystem access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:111
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #79fe186370aabb7d Filesystem access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:113
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d75eb3ed7a118c4c Environment-variable access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:19
    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #41ffa597369d8cb1 Filesystem access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:90
      const fileContent = fs.readFileSync(
        path.resolve(assetsDir, file),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fa86ec945acf3d3a Filesystem access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:98
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #64cb5982ed279c74 Filesystem access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:100
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #eb7842e4850d293d Environment-variable access.
repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:10
    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ef68b0944bc4df72 Filesystem access.
repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:66
    const content = fs.readFileSync(path.resolve(chunksDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3e6e4f988a8f22fb Filesystem access.
repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:73
    const workerContent = fs.readFileSync(
      path.resolve(workerEntriesDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ffae1115f7e61408 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:20
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5475b64fe72ad39f Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:23
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #77c809435dda9226 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:31
    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b9a236028cb6b9d4 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:39
    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f17c8c5aa2bff47a Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:49
    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #63fd635e8c76dfb3 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:57
    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e8162504c736013c Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:14
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ada22f10fa7abc21 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:17
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #558faab564451943 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:25
    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ae35c23f727b1772 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:33
    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #326202c2935d1d45 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:43
    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c8e81b7bd7e15456 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:51
    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #56f1e6c75edee3d9 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:20
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cc916e994426b006 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:23
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f95e4899442c2f4e Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:31
    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dc6554e30a5fbe36 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:39
    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b0cc0c79d5b31744 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:49
    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #81399ba38392c53b Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:57
    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #78b6c0cc46857221 Environment-variable access.
repo/playground/worker/modules/workerImport.ts:2
export const mode = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #63312661b6821473 Environment-variable access.
repo/playground/worker/worker-sourcemap-config.js:7
    /** @type {'inline' | 'hidden' | 'sourcemap'} */ (
      process.env.WORKER_MODE
    ) || sourcemap

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ed901a4ce7ca157a Filesystem access.
repo/scripts/mergeChangelog.ts:188
const content = await readFile(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7613e061a9db1327 Filesystem access.
repo/scripts/mergeChangelog.ts:212
await writeFile(filePath, result, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f75145528d56aa26 Filesystem access.
repo/scripts/releaseUtils.ts:19
    await fs.readFile(`packages/${pkgName}/package.json`, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7d60958b9ea1e3eb Filesystem access.
repo/scripts/releaseUtils.ts:55
    await fs.readFile('packages/vite/package.json', 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b0d77038504faea1 Filesystem access.
repo/scripts/releaseUtils.ts:66
    const pkg = JSON.parse(await fs.readFile(pkgPath, 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #923713ee3ff904b8 Filesystem access.
repo/scripts/releaseUtils.ts:68
    await fs.writeFile(pkgPath, JSON.stringify(pkg, null, 2) + '\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #61733d10b0bd8f72 Environment-variable access.
repo/vitest.config.e2e.ts:4
const isBuild = !!process.env.VITE_TEST_BUILD

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8d56ad069b2a1eb4 Environment-variable access.
repo/vitest.config.e2e.ts:6
const timeout = process.env.PWDEBUG ? Infinity : process.env.CI ? 50000 : 30000

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c2a5520b5f0e8d3d Environment-variable access.
repo/vitest.config.e2e.ts:36
        timeout: 50 * (process.env.CI ? 200 : 50),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6640c05109b3d265 Environment-variable access.
repo/vitest.config.e2e.ts:40
      NODE_ENV: process.env.VITE_TEST_BUILD ? 'production' : 'development',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/create-vite

npm first-party
expand_more 18 low-confidence finding(s)
low env_fs test-only #9d29bda0ab4569e1 Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:32
  fs.writeFileSync(pkgJson, '{ "foo": "bar" }')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f2d6ba768167686c Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:179
  const configFile = fs.readFileSync(
    path.join(genPath, 'vite.config.ts'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c4d7e929fa219524 Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:183
  const packageJsonFile = fs.readFileSync(
    path.join(genPath, 'package.json'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e2afc25d4460b4c6 Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:187
  const readmeFile = fs.readFileSync(path.join(genPath, 'README.md'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a5317d35b357a24e Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:205
  const pkg = fs.readFileSync(path.join(genPath, 'package.json'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b71930bfc463453f Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:210
  const readme = fs.readFileSync(path.join(genPath, 'README.md'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f6068ea50589bb40 Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:224
  const pkg = fs.readFileSync(path.join(genPath, 'package.json'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #afcdcb7c77f2a332 Filesystem access.
repo/packages/create-vite/__tests__/cli.spec.ts:288
  const indexHtmlContent = fs.readFileSync(indexHtmlPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e9a9922509f4b292 Environment-variable access.
repo/packages/create-vite/src/index.ts:415
  if (process.env._VITE_TEST_CLI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1192f8d2b1faad2f Environment-variable access.
repo/packages/create-vite/src/index.ts:429
  if (process.env._VITE_TEST_CLI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cef97f9d03d22bb8 Environment-variable access.
repo/packages/create-vite/src/index.ts:466
  const pkgInfo = pkgFromUserAgent(process.env.npm_config_user_agent)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cb3b260d6624fdba Filesystem access.
repo/packages/create-vite/src/index.ts:676
      fs.writeFileSync(targetPath, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ea9d96ce8b5a69fe Filesystem access.
repo/packages/create-vite/src/index.ts:679
      const templateContent = fs.readFileSync(templatePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #91590bb30d933d24 Filesystem access.
repo/packages/create-vite/src/index.ts:684
      fs.writeFileSync(targetPath, updatedContent)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #17b2bfc7877f6234 Filesystem access.
repo/packages/create-vite/src/index.ts:696
    fs.readFileSync(path.join(templateDir, `package.json`), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aa2b8d66cc3edd8b Filesystem access.
repo/packages/create-vite/src/index.ts:914
  fs.writeFileSync(path.resolve(root, 'eslint.config.js'), eslintConfig)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a25d5c294e9cf4cc Filesystem access.
repo/packages/create-vite/src/index.ts:1043
  const content = fs.readFileSync(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a7412cbc8ce74cb0 Filesystem access.
repo/packages/create-vite/src/index.ts:1044
  fs.writeFileSync(file, callback(content), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/plugin-legacy

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs test-only #251471e0ede64fc2 Filesystem access.
repo/packages/plugin-legacy/src/__tests__/readme.spec.ts:7
  const readme = fs.readFileSync(
    path.resolve(import.meta.dirname, '../../README.md'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6206ebb11567c312 Environment-variable access.
repo/packages/plugin-legacy/src/index.ts:163
  const debugFlags = (process.env.DEBUG || '').split(',')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/vite

npm first-party
expand_more 127 low-confidence finding(s)
low env_fs production #a771715d00d9e084 Environment-variable access.
repo/packages/vite/bin/vite.js:6
  if (!process.env.DEBUG_DISABLE_SOURCE_MAP) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #27b9263147eba50d Environment-variable access.
repo/packages/vite/bin/vite.js:36
  process.env.DEBUG = `${

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b35b0af3cf28af25 Environment-variable access.
repo/packages/vite/bin/vite.js:37
    process.env.DEBUG ? process.env.DEBUG + ',' : ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4137d566cd072048 Environment-variable access.
repo/packages/vite/bin/vite.js:43
      process.env.VITE_DEBUG_FILTER = filter

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f3bf07c4808d38eb Filesystem access.
repo/packages/vite/rolldown.config.ts:12
  readFileSync(new URL('./package.json', import.meta.url)).toString(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3dd1b2220a351927 Environment-variable access.
repo/packages/vite/rolldown.config.ts:14
const disableSourceMap = !!process.env.DEBUG_DISABLE_SOURCE_MAP

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #106f4b821f6178aa Filesystem access.
repo/packages/vite/rolldown.config.ts:186
        writeFileSync(
          'dist/node/index.d.ts',
          "export * from '../../src/node/index.ts'",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e9412140cfff3aed Filesystem access.
repo/packages/vite/rolldown.config.ts:190
        writeFileSync(
          'dist/node/module-runner.d.ts',
          "export * from '../../src/module-runner/index.ts'",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4045582b87dd6de1 Filesystem access.
repo/packages/vite/rolldown.dts.config.ts:23
  readFileSync(new URL('./package.json', import.meta.url)).toString(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd3ccdcfd86196e1 Filesystem access.
repo/packages/vite/rollupLicensePlugin.ts:17
      const coreLicense = fs.readFileSync(
        new URL('../../LICENSE', import.meta.url),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #37227c76aef33beb Filesystem access.
repo/packages/vite/rollupLicensePlugin.ts:108
      const existingLicenseText = fs.readFileSync(licenseFilePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #340d9155523b1bc4 Filesystem access.
repo/packages/vite/rollupLicensePlugin.ts:110
        fs.writeFileSync(licenseFilePath, licenseText)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e0413ba0fc031129 Filesystem access.
repo/packages/vite/src/node/__tests__/build.spec.ts:1152
  const content = await fsp.readFile(entry, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #54452081d3ed32b7 Filesystem access.
repo/packages/vite/src/node/__tests__/build.spec.ts:1153
  await fsp.writeFile(
    entry,
    content.replace(`import('./dep.js')`, `'dep.js removed'`),
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #19577d30f30ecd42 Filesystem access.
repo/packages/vite/src/node/__tests__/build.spec.ts:1158
    await fsp.writeFile(entry, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e1e4089231a2a71d Filesystem access.
repo/packages/vite/src/node/__tests__/build.spec.ts:1188
    fsp.readFile(resolve(root, 'dist/favicon.svg'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #df22b817c6b175e4 Filesystem access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1386
      fs.writeFileSync(path.resolve(root, fileName), content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #344bbfae2b1d2a7a Filesystem access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1390
      fs.writeFileSync(
        path.resolve(root, 'package.json'),
        JSON.stringify({
          name: '@vitejs/test-load-config-from-file',
          type: typeField,
        }),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a38b803a5cfa7a8c Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1599
    delete process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c372827cc5b1cdee Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1603
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'example.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e3d42e2ab745100a Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1613
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c4ef1b0fdef6367c Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1628
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #baa54941e734c434 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1643
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #55380403e5c02dfe Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1654
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'new.com,another.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c824b9128ac68cc2 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1668
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'example.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #576c933f30ce4974 Environment-variable access.
repo/packages/vite/src/node/__tests__/config.spec.ts:1680
      process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = env

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #36f44d0c333f8d4f Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:54
    expect(process.env.VITE_USER_NODE_ENV).toEqual(undefined)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #686294eaef899b3f Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:58
    const _nodeEnv = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #28f673a336a0f13f Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:59
    process.env.NODE_ENV = 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d94b03c8944000f3 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:61
    expect(process.env.VITE_USER_NODE_ENV).toEqual('development')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3435dbe6a4e4da78 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:62
    process.env.NODE_ENV = _nodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7231ce632f590b02 Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:66
    process.env.VITE_USER_NODE_ENV = 'test'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0d98514854a51b2c Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:68
    expect(process.env.VITE_USER_NODE_ENV).toEqual('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #50c740b540d9c2ff Environment-variable access.
repo/packages/vite/src/node/__tests__/env.spec.ts:72
    process.env.VITE_ENV_TEST_ENV = 'EXIST'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a298c1c8dcb41b88 Filesystem access.
repo/packages/vite/src/node/__tests__/plugins/cssPreprocessorTeardown.spec.ts:25
    fs.writeFileSync(scssPath, '$c: red;\nbody { color: $c; }\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d5aa93e08c4caa7b Filesystem access.
repo/packages/vite/src/node/__tests__/plugins/cssPreprocessorTeardown.spec.ts:37
        fs.readFileSync(scssPath, 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #57448aa8fbb4d88c Filesystem access.
repo/packages/vite/src/node/__tests__/plugins/importGlob/fixture.spec.ts:14
      await transformWithEsbuild(await fs.readFile(id, 'utf-8'), id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ab54f000b3dc22fc Filesystem access.
repo/packages/vite/src/node/__tests__/plugins/importGlob/fixture.spec.ts:85
      await transformWithEsbuild(await fs.readFile(id, 'utf-8'), id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #21e27f0b97ff88ed Environment-variable access.
repo/packages/vite/src/node/build.ts:1091
  const tty = process.stdout.isTTY && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d1406cae7dfbd190 Filesystem access.
repo/packages/vite/src/node/cli.ts:79
        fs.writeFileSync(outPath, JSON.stringify(profile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #71367adc180cb2f5 Environment-variable access.
repo/packages/vite/src/node/config.ts:1422
  if (process.env.NODE_ENV === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #968e42f07549a7b2 Environment-variable access.
repo/packages/vite/src/node/config.ts:1425
      process.env.NODE_ENV = nodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e0af3b59f774c128 Environment-variable access.
repo/packages/vite/src/node/config.ts:1428
  const isNodeEnvSet = !!process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d0285d98e056d37e Environment-variable access.
repo/packages/vite/src/node/config.ts:1434
    process.env.NODE_ENV = defaultNodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #59bcf3c60c2122c1 Environment-variable access.
repo/packages/vite/src/node/config.ts:1730
  const userNodeEnv = process.env.VITE_USER_NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fea26307f4a1a9be Environment-variable access.
repo/packages/vite/src/node/config.ts:1733
      process.env.NODE_ENV = 'development'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c487b8ac73af7bf7 Environment-variable access.
repo/packages/vite/src/node/config.ts:1744
  const isProduction = process.env.NODE_ENV === 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2bc61dc3c35b7c67 Filesystem access.
repo/packages/vite/src/node/config.ts:2658
    await fsp.writeFile(tempFileName, bundledCode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ae0cdfdde962630c Filesystem access.
repo/packages/vite/src/node/constants.ts:7
  readFileSync(new URL('../../package.json', import.meta.url)).toString(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e00e51f2ced9823e Filesystem access.
repo/packages/vite/src/node/env.ts:59
      const parsedEnv = parseEnv(fs.readFileSync(filePath, 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7ba5199b15c5bd6c Environment-variable access.
repo/packages/vite/src/node/env.ts:67
  if (parsed.NODE_ENV && process.env.VITE_USER_NODE_ENV === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3a7924b686f67aa4 Environment-variable access.
repo/packages/vite/src/node/env.ts:68
    process.env.VITE_USER_NODE_ENV = parsed.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d931473765ed6152 Environment-variable access.
repo/packages/vite/src/node/env.ts:71
  if (parsed.BROWSER && process.env.BROWSER === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bec8d52ca9d836de Environment-variable access.
repo/packages/vite/src/node/env.ts:72
    process.env.BROWSER = parsed.BROWSER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #70ea2300e7f30397 Environment-variable access.
repo/packages/vite/src/node/env.ts:74
  if (parsed.BROWSER_ARGS && process.env.BROWSER_ARGS === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #50406be9fc17fe04 Environment-variable access.
repo/packages/vite/src/node/env.ts:75
    process.env.BROWSER_ARGS = parsed.BROWSER_ARGS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4ab489e5dabba545 Environment-variable access.
repo/packages/vite/src/node/env.ts:100
      env[key] = process.env[key]!

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d9c5c83c43f60fc5 Filesystem access.
repo/packages/vite/src/node/http.ts:162
    return fsp.readFile(path.resolve(value)).catch(() => value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #99dff22d3eb424e9 Environment-variable access.
repo/packages/vite/src/node/logger.ts:84
    allowClearScreen && process.stdout.isTTY && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cc25cce9486665e6 Filesystem access.
repo/packages/vite/src/node/optimizer/index.ts:414
        await fsp.readFile(cachedMetadataPath, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4d67ef61a5c60a8b Filesystem access.
repo/packages/vite/src/node/optimizer/index.ts:540
  fs.writeFileSync(
    path.resolve(processingCacheDir, 'package.json'),
    `{\n  "type": "module"\n}\n`,
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d7e19e263a6b628c Filesystem access.
repo/packages/vite/src/node/optimizer/index.ts:595
      fs.writeFileSync(
        dataPath,
        stringifyDepsOptimizerMetadata(metadata, depsCacheDir),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #18750a1261d31638 Environment-variable access.
repo/packages/vite/src/node/optimizer/index.ts:817
      : JSON.stringify(process.env.NODE_ENV || environment.config.mode),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3221ecc3f4db8a79 Filesystem access.
repo/packages/vite/src/node/optimizer/index.ts:1161
  const entryContent = fs.readFileSync(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0c1f2bad13ff3d1e Environment-variable access.
repo/packages/vite/src/node/optimizer/index.ts:1280
  return process.env.npm_config_user_agent?.startsWith(manager) ? 1 : -1

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #63a58888379bf430 Environment-variable access.
repo/packages/vite/src/node/optimizer/index.ts:1292
        ? process.env.NODE_ENV || config.mode

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #30a660894262b5ae Filesystem access.
repo/packages/vite/src/node/optimizer/index.ts:1331
  let content = lockfilePath ? fs.readFileSync(lockfilePath, 'utf-8') : ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a8c9a45a61c08d0d Filesystem access.
repo/packages/vite/src/node/optimizer/scan.ts:454
    let raw = await fsp.readFile(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bbaf767e0baae806 Filesystem access.
repo/packages/vite/src/node/packages.ts:179
  const data = JSON.parse(stripBomTag(fs.readFileSync(pkgPath, 'utf-8')))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #310073b9c1a9214b Filesystem access.
repo/packages/vite/src/node/plugins/asset.ts:210
              await fsp.readFile(file, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #10398c7aa35a3c1b Filesystem access.
repo/packages/vite/src/node/plugins/asset.ts:344
    const content = await fsp.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b17f220c12406838 Filesystem access.
repo/packages/vite/src/node/plugins/asset.ts:353
    const content = await fsp.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d94017a2707bad42 Filesystem access.
repo/packages/vite/src/node/plugins/asset.ts:452
  const content = await fsp.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3f54cff85019fc71 Environment-variable access.
repo/packages/vite/src/node/plugins/clientInjections.ts:55
          JSON.stringify(process.env.NODE_ENV || config.mode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c3e42f7afaa21a26 Filesystem access.
repo/packages/vite/src/node/plugins/clientInjections.ts:147
  const content = fs.readFileSync(normalizedClientEntry, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d32842289a1c07d5 Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:1605
          const code = await fs.promises.readFile(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8a36a2432b2ec612 Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:2600
            result.contents ?? (await fsp.readFile(result.file, 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #63e89724411d4f6f Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:2747
  const content = await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #14c1e67084a827f2 Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:2880
                  (await fsp.readFile(result.resolved, 'utf-8')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #12dec3eab5ecef13 Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:3265
              const code = fs.readFileSync(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1261fb03780a9b88 Filesystem access.
repo/packages/vite/src/node/plugins/css.ts:3356
        const code = fs.readFileSync(e.fileName, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #72d2962252f0058b Environment-variable access.
repo/packages/vite/src/node/plugins/define.ts:19
    const nodeEnv = process.env.NODE_ENV || config.mode

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #37354994bc6b5ea6 Filesystem access.
repo/packages/vite/src/node/plugins/forwardConsole.ts:138
      const code = fs.readFileSync(stack.file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b50d850e9bfd381a Filesystem access.
repo/packages/vite/src/node/plugins/license.ts:83
            entry.text = fs.readFileSync(licenseFile, 'utf-8').trim()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1e5e3c7bbf3ab659 Filesystem access.
repo/packages/vite/src/node/plugins/optimizedDeps.ts:89
            fsp.readFile(file, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #69a906138aa186de Filesystem access.
repo/packages/vite/src/node/plugins/optimizedDeps.ts:90
            fsp
              .readFile(`${file}.map`, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cd15c9fc62a14878 Environment-variable access.
repo/packages/vite/src/node/plugins/reporter.ts:9
    const tty = process.stdout.isTTY && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #66a08beaf5bd433c Filesystem access.
repo/packages/vite/src/node/plugins/wasm.ts:192
    const wasmBinary = await fsp.readFile(wasmFilePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #73f4422a8630dc9b Filesystem access.
repo/packages/vite/src/node/server/hmr.ts:1137
  const content = await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ed9316cdb4289624 Filesystem access.
repo/packages/vite/src/node/server/hmr.ts:1149
    return await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #239d54e6bd6a83cb Environment-variable access.
repo/packages/vite/src/node/server/index.ts:934
  if (process.env.DEBUG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eb4be061d070a5cc Filesystem access.
repo/packages/vite/src/node/server/index.ts:1275
    const content = fs.readFileSync(pnpmModulesYaml, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #72e31c2053392689 Environment-variable access.
repo/packages/vite/src/node/server/index.ts:1316
    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #15c4f13ce51dbcd4 Environment-variable access.
repo/packages/vite/src/node/server/index.ts:1320
      process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b8661af769fb7688 Filesystem access.
repo/packages/vite/src/node/server/middlewares/__tests__/indexHtml.spec.ts:9
const HTML_CONTENT = fs.readFileSync(HTML_PATH, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #57de22b97ad47958 Filesystem access.
repo/packages/vite/src/node/server/middlewares/__tests__/indexHtml.spec.ts:68
    const htmlContent = fs.readFileSync(htmlPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d59e65087429938b Filesystem access.
repo/packages/vite/src/node/server/middlewares/indexHtml.ts:540
          let html = await fsp.readFile(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b0db687ddeb5e14f Filesystem access.
repo/packages/vite/src/node/server/middlewares/transform.ts:170
              await fsp.readFile(sourcemapPath, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1dd3e07d9872adcc Environment-variable access.
repo/packages/vite/src/node/server/openBrowser.ts:31
  const browser = typeof opt === 'string' ? opt : process.env.BROWSER || ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3154d0f34d094d9d Environment-variable access.
repo/packages/vite/src/node/server/openBrowser.ts:35
    const browserArgs = process.env.BROWSER_ARGS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ea9a1a61009f0b21 Environment-variable access.
repo/packages/vite/src/node/server/openBrowser.ts:36
      ? process.env.BROWSER_ARGS.split(' ')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d20d7a7a19280bcc Environment-variable access.
repo/packages/vite/src/node/server/pluginContainer.ts:111
  process.env.DEBUG_VITE_SOURCEMAP_COMBINE_FILTER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1a5cc0697b773d1a Filesystem access.
repo/packages/vite/src/node/server/pluginContainer.ts:961
              code = fs.readFileSync(err.loc.file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #855d8b79cf5df464 Filesystem access.
repo/packages/vite/src/node/server/pluginContainer.ts:1000
              code = fs.readFileSync(err.loc.file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3b7aa8419fd08c4a Filesystem access.
repo/packages/vite/src/node/server/searchRoot.ts:31
    const content = JSON.parse(fs.readFileSync(path, 'utf-8')) || {}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0ca0cd695bdf3290 Filesystem access.
repo/packages/vite/src/node/server/searchRoot.ts:46
      const content = JSON.parse(fs.readFileSync(path, 'utf-8')) || {}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d944d2d15bdc2359 Filesystem access.
repo/packages/vite/src/node/server/sourcemap.ts:112
          sourcesContent[index] = await fsp
            .readFile(resolvedSourcePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8182261af8cbbaa1 Filesystem access.
repo/packages/vite/src/node/server/sourcemap.ts:241
    return fs.readFileSync(resolvedPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3de0460bec33ea83 Filesystem access.
repo/packages/vite/src/node/server/transformRequest.ts:284
        code = await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2b9b6a1436e440ab Filesystem access.
repo/packages/vite/src/node/server/warmup.ts:34
        const html = await fs.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f418bb538d371dd4 Environment-variable access.
repo/packages/vite/src/node/shortcuts.ts:36
  enabled: boolean = process.stdin.isTTY && !process.env.CI,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6556d5a18a54c482 Filesystem access.
repo/packages/vite/src/node/ssr/__tests__/ssrLoadModule.spec.ts:233
  const source = fs.readFileSync(
    path.join(root, 'fixtures/json/test.json'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5d5c2d6f623aeea5 Filesystem access.
repo/packages/vite/src/node/ssr/__tests__/ssrTransform.spec.ts:644
    return readFileSync(fileURLToPath(url), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #103b2e9c3c452ff4 Filesystem access.
repo/packages/vite/src/node/ssr/__tests__/ssrTransform.spec.ts:669
    return readFileSync(fileURLToPath(url), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #46477577e47f2cc4 Filesystem access.
repo/packages/vite/src/node/ssr/runtime/__tests__/fixtures/native.js:3
export { readdirSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a1523ddc7450d88a Environment-variable access.
repo/packages/vite/src/node/ssr/runtime/__tests__/server-hmr.spec.ts:137
  process.env.CI ? 50_00 : 5_000,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4d7204363a425370 Filesystem access.
repo/packages/vite/src/node/ssr/runtime/__tests__/utils.ts:114
      fs.writeFileSync(file, content, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ce3cdce2087aae7b Filesystem access.
repo/packages/vite/src/node/ssr/runtime/__tests__/utils.ts:121
      const content = fs.readFileSync(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a401a89e7904a92b Filesystem access.
repo/packages/vite/src/node/ssr/runtime/__tests__/utils.ts:123
      fs.writeFileSync(file, callback(content), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c3d71f500a30e2ae Filesystem access.
repo/packages/vite/src/node/ssr/runtime/serverModuleRunner.ts:66
      return readFileSync(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bd855c6223648d50 Environment-variable access.
repo/packages/vite/src/node/utils.ts:176
const filter = process.env.VITE_DEBUG_FILTER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c2016bc5e836ae8b Environment-variable access.
repo/packages/vite/src/node/utils.ts:178
const DEBUG = process.env.DEBUG

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5c858f19b910d635 Environment-variable access.
repo/packages/vite/src/node/utils.ts:1246
    const method = process.env.VITE_DEPRECATION_TRACE ? 'trace' : 'warn'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #205a75db38b1f22c Environment-variable access.
repo/packages/vite/src/node/utils.ts:1351
    const method = process.env.VITE_DEPRECATION_TRACE ? 'trace' : 'warn'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a25e731c11f72bb9 Environment-variable access.
repo/packages/vite/src/node/utils.ts:1708
    process.env.npm_config_user_agent?.split(' ')[0].split('/')[0] || 'npm'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1f837c421a2390ba Environment-variable access.
repo/packages/vite/src/node/utils.ts:1833
    if (process.env.CI !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52a1c3d71bcf5eca Environment-variable access.
repo/packages/vite/src/node/utils.ts:1846
    if (process.env.CI !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground

npm first-party
expand_more 165 low-confidence finding(s)
low env_fs test-only #0a9b4e4722df07dd Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:536
  const src = readFile('foo.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0c0fa8525c0ff42d Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:555
    const src = readFile('テスト-測試-white space.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4d52a7eace53e0cd Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:579
    const newContent = readFile('import-meta-url/img-update.png', null)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #731c044bf25a8edf Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:787
  const indexHtml = readFile('./dist/foo/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4f153c834c9fcdb0 Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:794
  const indexHtml = readFile('./dist/foo/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7e318e6b6ab9e5d3 Filesystem access.
repo/playground/csp/vite.config.js:28
  const content = await fs.readFile(
    path.join(import.meta.dirname, file),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2a5604e906cfb478 Environment-variable access.
repo/playground/css-lightningcss-proxy/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b51b48726e7e2cc2 Filesystem access.
repo/playground/css-lightningcss-proxy/server.js:59
      let template = fs.readFileSync(htmlLoc, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #39b42bfb251ac75d Filesystem access.
repo/playground/css/__tests__/tests.ts:412
    readFileSync(require.resolve('../raw-imported.css'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dcbeb4da356ee8bc Filesystem access.
repo/playground/css/postcss.config.js:23
        const text = files.map((f) => fs.readFileSync(f, 'utf-8')).join('\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1785e27cdd95e448 Environment-variable access.
repo/playground/env/__tests__/env.spec.ts:52
  expect(await page.textContent('.node-env')).toBe(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #55aa6beeff99fb64 Environment-variable access.
repo/playground/env/__tests__/env.spec.ts:53
  expect(await page.textContent('.global-node-env')).toBe(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f291408500e9c818 Environment-variable access.
repo/playground/env/__tests__/env.spec.ts:55
    process.env.NODE_ENV,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1813cd8722c2bb23 Environment-variable access.
repo/playground/env/vite.config.js:3
process.env.EXPAND = 'expand'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0740521359e4b9a0 Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:49
      fs.readFileSync(file, 'utf-8').includes('process.env.NODE_ENV'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #08ed43df52e6ebbc Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:67
      const originalContent = readFile(filePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cc20d918fdefa044 Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:68
      fs.writeFileSync(
        filePath,
        `import 'react-fake-${env}'\n${originalContent}`,
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #675215f3f7911529 Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:74
        fs.writeFileSync(filePath, originalContent, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6cae20ff62a47855 Filesystem access.
repo/playground/external/vite.config.js:13
      const code = await fs.readFile(
        new URL(`./node_modules/${file}`, import.meta.url),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #10ff00e3ab2018e5 Filesystem access.
repo/playground/fs-serve/__tests__/commonTests.ts:26
const safeJsonContent = fs.readFileSync(
  path.resolve(import.meta.dirname, '../safe.json'),
  'utf-8',
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7c649ecc2e06a48b Filesystem access.
repo/playground/hmr-full-bundle-mode/__tests__/hmr-full-bundle-mode.spec.ts:144
    const original = readFile('hmr-asset.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c5759b6e924eb2c8 Filesystem access.
repo/playground/hmr-full-bundle-mode/__tests__/hmr-full-bundle-mode.spec.ts:228
    const original = readFile('invalidation-child.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b8e2819d533a1183 Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:299
      const originalUnresolvedFile = readFile('unresolved.ts')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #33ceb63679714f11 Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:302
        fs.writeFileSync(filepath, originalUnresolvedFile, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #88c8505ea77d8c2b Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:785
  const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #48396823aa5c9107 Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:855
  const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e45687df00bad7c9 Filesystem access.
repo/playground/hmr/__tests__/hmr.spec.ts:924
    const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4df3e614ec68fa78 Filesystem access.
repo/playground/hmr/__tests__/hmr.spec.ts:1001
    const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #13072ed57c1b9799 Filesystem access.
repo/playground/hmr/vite.config.ts:114
        const dep = await fs.readFile(depPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bc1400d110b10b83 Filesystem access.
repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:308
      const mapContent = readFile(`dist/assets/${mapAsset}`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1358ca8a047c598a Filesystem access.
repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:384
      const jsContent = readFile(jsAsset)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8734dc4efaf13e80 Filesystem access.
repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:395
      const mapContent = readFile(mapFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dc134e01b47de494 Filesystem access.
repo/playground/json/__tests__/csr/json-csr.spec.ts:48
    readFileSync(require.resolve('../../test.json'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #50d25d1669b0355f Filesystem access.
repo/playground/legacy/__tests__/legacy.spec.ts:171
          readFile(`dist/assets/${filename}`).includes('Unable to preload'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9c832c903b169ada Filesystem access.
repo/playground/legacy/vite.config-chunk-importmap.js:21
    let index = fs.readFileSync(indexPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bf235212c883c6f7 Filesystem access.
repo/playground/legacy/vite.config-chunk-importmap.js:25
    fs.writeFileSync(indexPath, index)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eff3b5cd514811c6 Filesystem access.
repo/playground/legacy/vite.config.js:45
    let index = fs.readFileSync(indexPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d4418d74113f5f5b Filesystem access.
repo/playground/legacy/vite.config.js:49
    fs.writeFileSync(indexPath, index)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7ebc49ecedffa102 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:11
    const code = readFile('dist/my-lib-custom-filename.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a2bb28bda07dda63 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:12
    const noMinifyCode = readFile(
      'dist/nominify/my-lib-custom-filename.umd.cjs',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b66e2980ba46c6c0 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:15
    const namedCode = readFile('dist/named/my-lib-named.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b45613a0aa90359a Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:26
    const code = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f2684c5cbca6f369 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:27
    const noMinifyCode = readFile(
      'dist/nominify/my-lib-custom-filename.iife.js',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e359d447a044ae14 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:30
    const namedCode = readFile('dist/named/my-lib-named.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #293bb64282409bfa Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:40
    const code = readFile(
      'dist/helpers-injection/my-lib-custom-filename.iife.js',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6a6343f60080c77f Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:52
    const code = readFile('dist/lib/dynamic-import-message.es.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5859e05a198ce863 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:60
    const code = readFile('dist/lib/dynamic-import-message.es.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a47604c46db5500a Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:70
    const es = readFile('dist/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5627bf50ae394380 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:75
    const es = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f96890a7ca10ddab Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:87
    const es = readFile('dist/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b109a9f4c9cb14b3 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:88
    const iife = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8fd8ef0907b4e55d Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:89
    const umd = readFile('dist/my-lib-custom-filename.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #893ac70048d2160f Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:96
    const terserEs = readFile('dist/terser/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #07026adf1ee320ed Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:101
    const terserEs = readFile('dist/terser/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5ffe305fd576aaaf Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:106
    const terserIife = readFile('dist/terser/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3225af6f27880692 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:111
    const css = readFile('dist/css-single-entry/test-my-lib.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #eb95248dcbf5044d Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:112
    const js = readFile('dist/css-single-entry/test-my-lib.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #212e78e6b3576328 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:113
    const umd = readFile('dist/css-single-entry/test-my-lib.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5a9a11bc2fe6f9bb Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:120
    const css = readFile('dist/css-multi-entry/test-my-lib.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2265f5b844cbd2e6 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:121
    const js1 = readFile('dist/css-multi-entry/css-entry-1.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5363150c97aaf9d5 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:122
    const js2 = readFile('dist/css-multi-entry/css-entry-2.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8bb02c8cb60e8fa6 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:123
    const cjs1 = readFile('dist/css-multi-entry/css-entry-1.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4d98461aee63ff2d Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:124
    const cjs2 = readFile('dist/css-multi-entry/css-entry-2.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #749c4ec6787bd43d Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:134
    const css1 = readFile('dist/css-code-split/css-entry-1.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c86f3a06bd3efab4 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:135
    const css2 = readFile('dist/css-code-split/css-entry-2.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cf74863aeeac2c3a Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:136
    const js1 = readFile('dist/css-code-split/css-entry-1.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3569c97378fbf2c6 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:137
    const js2 = readFile('dist/css-code-split/css-entry-2.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #53abca5e14e1ebe2 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:138
    const cjs1 = readFile('dist/css-code-split/css-entry-1.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #024d9ef00186b748 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:139
    const cjs2 = readFile('dist/css-code-split/css-entry-2.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #24b375222bf60161 Environment-variable access.
repo/playground/lib/__tests__/serve.ts:26
    process.env.VITE_INLINE = 'inline-serve'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b557e95dc5b9424b Environment-variable access.
repo/playground/lib/src/main.js:8
  console.log(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #824c4f671be6a644 Filesystem access.
repo/playground/lib/vite.config.js:38
          source: fs.readFileSync(
            path.resolve(import.meta.dirname, 'index.dist.html'),
            'utf-8',
          ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f1dc71ae372cf535 Environment-variable access.
repo/playground/lib/vite.multiple-output.config.js:4
const root = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cabc862f41895769 Filesystem access.
repo/playground/minify/__tests__/minify.spec.ts:11
  const jsContent = readFile(path.resolve(assetsDir, jsFile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #da938e2b09109df7 Filesystem access.
repo/playground/minify/__tests__/minify.spec.ts:14
  const cssContent = readFile(path.resolve(assetsDir, cssFile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #96da869665707d1d Environment-variable access.
repo/playground/optimize-deps-no-discovery/vite.config.js:4
process.env.NODE_ENV = ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5607ef361cf6bd60 Environment-variable access.
repo/playground/optimize-deps/dep-cjs-with-external-deps/index.js:5
if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c51096c864b86ed8 Filesystem access.
repo/playground/optimize-deps/dep-linked-include/index.mjs:16
  fs.readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0973492e7353fe3d Environment-variable access.
repo/playground/optimize-deps/dep-node-env/index.js:1
export const env = process.env.NODE_ENV === 'production' ? 'prod' : 'dev'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0034cc49e80e919c Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:3
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a1d48b4a4aa84127 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:20
  return fs.readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ef5c02c85057c7cc Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:3
import { readFileSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a117a80c2d410741 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:9
  readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c566d412175b9d35 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:23
  return readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a931039d1e15cdb6 Filesystem access.
repo/playground/optimize-deps/vite.config.js:116
                    let contents = fs.readFileSync(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #72ba55e51451bba4 Environment-variable access.
repo/playground/optimize-missing-deps/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9b79e9bf972a0a34 Filesystem access.
repo/playground/optimize-missing-deps/server.js:33
      let template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #03ee28e0c550baa2 Environment-variable access.
repo/playground/ssr-alias/src/main.js:8
  builtin: process.env['__TEST_ALIAS__'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #593575c3a57fa0aa Environment-variable access.
repo/playground/ssr-conditions/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #046d26621fb51dfa Environment-variable access.
repo/playground/ssr-conditions/server.js:10
  isProd = process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cab5ec0fef5b3cb9 Filesystem access.
repo/playground/ssr-conditions/server.js:16
    ? fs.readFileSync(resolve('dist/client/index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #65803cd2ac52e631 Filesystem access.
repo/playground/ssr-conditions/server.js:56
        template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #59e2972b06024a79 Environment-variable access.
repo/playground/ssr-deps/__tests__/ssr-deps.spec.ts:103
    `Hello World from ${process.env.NODE_ENV}!`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b2a2c6e21b29aad1 Filesystem access.
repo/playground/ssr-deps/read-file-content/index.js:5
  return await fs.readFile(path.resolve(filePath), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #539ddc74e5e64f8b Environment-variable access.
repo/playground/ssr-deps/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #686537768eea7fdc Filesystem access.
repo/playground/ssr-deps/server.js:100
      template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #19fbbafc47375844 Environment-variable access.
repo/playground/ssr-html/server.js:5
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #97a6c0827a68a006 Filesystem access.
repo/playground/ssr-html/server.js:79
        const template = fs.readFileSync(resolve(`.${url}index.html`), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e39a8b5bbdd181cc Filesystem access.
repo/playground/ssr-html/server.js:94
      let template = fs.readFileSync(htmlLoc, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52d931a1b8488c67 Environment-variable access.
repo/playground/ssr-html/test-stacktrace.js:10
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7d868d2e37ee4363 Environment-variable access.
repo/playground/ssr-noexternal/server.js:5
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0d91d61837712774 Environment-variable access.
repo/playground/ssr-noexternal/server.js:9
  isProd = process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6a55e05982c71b80 Filesystem access.
repo/playground/ssr-noexternal/server.js:15
    ? fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb49143672c820e2 Filesystem access.
repo/playground/ssr-noexternal/server.js:54
        template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0eeb588f8678e1fe Environment-variable access.
repo/playground/ssr-pug/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a38759730e7d507e Filesystem access.
repo/playground/ssr-resolve/__tests__/ssr-resolve.spec.ts:9
  const contents = readFile('dist/main.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #71bb8a8c4619f073 Filesystem access.
repo/playground/ssr-resolve/__tests__/ssr-resolve.spec.ts:38
    const contents = readFile('dist/main.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3a93f3ef7ebefd36 Environment-variable access.
repo/playground/ssr-wasm/server.js:3
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #baee2c65ad5fb1c3 Environment-variable access.
repo/playground/ssr-wasm/server.js:4
const isProduction = process.env.NODE_ENV === 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5533be1b2cff10c4 Environment-variable access.
repo/playground/ssr-webworker/worker.js:4
const isTest = !!process.env.TEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ce54c6646b47f661 Environment-variable access.
repo/playground/ssr/server.js:5
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d039c3c2c3e1793d Filesystem access.
repo/playground/ssr/server.js:47
      template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9049293a04887c68 Filesystem access.
repo/playground/test-utils.ts:164
  return fs.readFileSync(path.resolve(testDir, filename), encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0c2765a3950175f6 Filesystem access.
repo/playground/test-utils.ts:190
  const content: string | Buffer = fs.readFileSync(filename, encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a25dbeb22973e2d3 Filesystem access.
repo/playground/test-utils.ts:204
  fs.writeFileSync(filename, modified)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8206a8da97e903a1 Filesystem access.
repo/playground/test-utils.ts:210
  fs.writeFileSync(resolvedFilename, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9821b08dac7ef8ca Filesystem access.
repo/playground/test-utils.ts:243
            fs.readFileSync(path.resolve(assetsDir, file), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b18e452618fbe2b2 Filesystem access.
repo/playground/test-utils.ts:250
      ? fs.readFileSync(path.resolve(assetsDir, matchedFile), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #213f39f1549a4d97 Filesystem access.
repo/playground/test-utils.ts:257
    fs.readFileSync(
      path.join(testDir, 'dist', base, '.vite/manifest.json'),
      'utf-8',
    ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #af8ed077780c8d60 Filesystem access.
repo/playground/test-utils.ts:269
    fs.readFileSync(
      path.join(testDir, `node_modules/.vite/deps${suffix}/_metadata.json`),
      'utf-8',
    ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #84e552e2570f8ea8 Filesystem access.
repo/playground/tsconfig-json-load-error/__tests__/tsconfig-json-load-error.spec.ts:18
      readFile('dist/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bf4e5adbdec9fbfe Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:37
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4931b14bea649de9 Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:51
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2ceced78230cdf6b Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:66
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fda3d0ff9936c13b Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:81
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dadd327d421e3915 Environment-variable access.
repo/playground/vitestGlobalSetup.ts:13
    headless: !process.env.VITE_DEBUG_SERVE,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #59ebab5f708e9e62 Environment-variable access.
repo/playground/vitestGlobalSetup.ts:14
    args: process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d653e9df9367ccc6 Environment-variable access.
repo/playground/vitestGlobalSetup.ts:68
  if (!process.env.VITE_PRESERVE_BUILD_ARTIFACTS) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3ec7ee72dd9cdcef Environment-variable access.
repo/playground/vitestSetup.ts:66
export const isBuild = !!process.env.VITE_TEST_BUILD

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74183d58a9fe4903 Environment-variable access.
repo/playground/vitestSetup.ts:157
        process.env.VITE_DEBUG_SERVE &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #58c061f6ac450995 Environment-variable access.
repo/playground/vitestSetup.ts:279
    process.env.VITE_INLINE = 'inline-serve'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee0176f71c0022a2 Environment-variable access.
repo/playground/vitestSetup.ts:288
    process.env.VITE_INLINE = 'inline-build'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bc923c2253dca074 Environment-variable access.
repo/playground/vitestSetup.ts:324
    const _nodeEnv = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #01a1b8c0f46427a2 Environment-variable access.
repo/playground/vitestSetup.ts:327
    process.env.NODE_ENV = _nodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #872b246f756624c2 Environment-variable access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:10
    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e802fab430337163 Filesystem access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:103
      const fileContent = fs.readFileSync(
        path.resolve(assetsDir, file),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #99093e1f09ac071d Filesystem access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:111
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #79fe186370aabb7d Filesystem access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:113
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d75eb3ed7a118c4c Environment-variable access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:19
    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #41ffa597369d8cb1 Filesystem access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:90
      const fileContent = fs.readFileSync(
        path.resolve(assetsDir, file),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fa86ec945acf3d3a Filesystem access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:98
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #64cb5982ed279c74 Filesystem access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:100
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #eb7842e4850d293d Environment-variable access.
repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:10
    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ef68b0944bc4df72 Filesystem access.
repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:66
    const content = fs.readFileSync(path.resolve(chunksDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3e6e4f988a8f22fb Filesystem access.
repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:73
    const workerContent = fs.readFileSync(
      path.resolve(workerEntriesDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ffae1115f7e61408 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:20
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5475b64fe72ad39f Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:23
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #77c809435dda9226 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:31
    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b9a236028cb6b9d4 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:39
    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f17c8c5aa2bff47a Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:49
    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #63fd635e8c76dfb3 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:57
    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e8162504c736013c Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:14
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ada22f10fa7abc21 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:17
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #558faab564451943 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:25
    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ae35c23f727b1772 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:33
    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #326202c2935d1d45 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:43
    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c8e81b7bd7e15456 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:51
    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #56f1e6c75edee3d9 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:20
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cc916e994426b006 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:23
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f95e4899442c2f4e Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:31
    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dc6554e30a5fbe36 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:39
    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b0cc0c79d5b31744 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:49
    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #81399ba38392c53b Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:57
    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #78b6c0cc46857221 Environment-variable access.
repo/playground/worker/modules/workerImport.ts:2
export const mode = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #63312661b6821473 Environment-variable access.
repo/playground/worker/worker-sourcemap-config.js:7
    /** @type {'inline' | 'hidden' | 'sourcemap'} */ (
      process.env.WORKER_MODE
    ) || sourcemap

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/assets

npm first-party
expand_more 5 low-confidence finding(s)
low env_fs test-only #0a9b4e4722df07dd Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:536
  const src = readFile('foo.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0c0fa8525c0ff42d Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:555
    const src = readFile('テスト-測試-white space.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4d52a7eace53e0cd Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:579
    const newContent = readFile('import-meta-url/img-update.png', null)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #731c044bf25a8edf Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:787
  const indexHtml = readFile('./dist/foo/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4f153c834c9fcdb0 Filesystem access.
repo/playground/assets/__tests__/assets.spec.ts:794
  const indexHtml = readFile('./dist/foo/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/csp

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #7e318e6b6ab9e5d3 Filesystem access.
repo/playground/csp/vite.config.js:28
  const content = await fs.readFile(
    path.join(import.meta.dirname, file),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/css

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs test-only #39b42bfb251ac75d Filesystem access.
repo/playground/css/__tests__/tests.ts:412
    readFileSync(require.resolve('../raw-imported.css'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dcbeb4da356ee8bc Filesystem access.
repo/playground/css/postcss.config.js:23
        const text = files.map((f) => fs.readFileSync(f, 'utf-8')).join('\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/css-lightningcss-proxy

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #2a5604e906cfb478 Environment-variable access.
repo/playground/css-lightningcss-proxy/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b51b48726e7e2cc2 Filesystem access.
repo/playground/css-lightningcss-proxy/server.js:59
      let template = fs.readFileSync(htmlLoc, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/env

npm first-party
expand_more 4 low-confidence finding(s)
low env_fs test-only #1785e27cdd95e448 Environment-variable access.
repo/playground/env/__tests__/env.spec.ts:52
  expect(await page.textContent('.node-env')).toBe(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #55aa6beeff99fb64 Environment-variable access.
repo/playground/env/__tests__/env.spec.ts:53
  expect(await page.textContent('.global-node-env')).toBe(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f291408500e9c818 Environment-variable access.
repo/playground/env/__tests__/env.spec.ts:55
    process.env.NODE_ENV,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1813cd8722c2bb23 Environment-variable access.
repo/playground/env/vite.config.js:3
process.env.EXPAND = 'expand'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/environment-react-ssr

npm first-party
expand_more 4 low-confidence finding(s)
low env_fs test-only #0740521359e4b9a0 Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:49
      fs.readFileSync(file, 'utf-8').includes('process.env.NODE_ENV'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #08ed43df52e6ebbc Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:67
      const originalContent = readFile(filePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cc20d918fdefa044 Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:68
      fs.writeFileSync(
        filePath,
        `import 'react-fake-${env}'\n${originalContent}`,
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #675215f3f7911529 Filesystem access.
repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:74
        fs.writeFileSync(filePath, originalContent, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/external

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #6cae20ff62a47855 Filesystem access.
repo/playground/external/vite.config.js:13
      const code = await fs.readFile(
        new URL(`./node_modules/${file}`, import.meta.url),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/fs-serve

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs test-only #10ff00e3ab2018e5 Filesystem access.
repo/playground/fs-serve/__tests__/commonTests.ts:26
const safeJsonContent = fs.readFileSync(
  path.resolve(import.meta.dirname, '../safe.json'),
  'utf-8',
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/hmr

npm first-party
expand_more 3 low-confidence finding(s)
low env_fs test-only #e45687df00bad7c9 Filesystem access.
repo/playground/hmr/__tests__/hmr.spec.ts:924
    const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4df3e614ec68fa78 Filesystem access.
repo/playground/hmr/__tests__/hmr.spec.ts:1001
    const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #13072ed57c1b9799 Filesystem access.
repo/playground/hmr/vite.config.ts:114
        const dep = await fs.readFile(depPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/hmr-full-bundle-mode

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs test-only #7c649ecc2e06a48b Filesystem access.
repo/playground/hmr-full-bundle-mode/__tests__/hmr-full-bundle-mode.spec.ts:144
    const original = readFile('hmr-asset.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c5759b6e924eb2c8 Filesystem access.
repo/playground/hmr-full-bundle-mode/__tests__/hmr-full-bundle-mode.spec.ts:228
    const original = readFile('invalidation-child.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/hmr-ssr

npm first-party
expand_more 4 low-confidence finding(s)
low env_fs test-only #b8e2819d533a1183 Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:299
      const originalUnresolvedFile = readFile('unresolved.ts')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #33ceb63679714f11 Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:302
        fs.writeFileSync(filepath, originalUnresolvedFile, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #88c8505ea77d8c2b Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:785
  const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #48396823aa5c9107 Filesystem access.
repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:855
  const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/js-sourcemap

npm first-party
expand_more 3 low-confidence finding(s)
low env_fs test-only #bc1400d110b10b83 Filesystem access.
repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:308
      const mapContent = readFile(`dist/assets/${mapAsset}`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1358ca8a047c598a Filesystem access.
repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:384
      const jsContent = readFile(jsAsset)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8734dc4efaf13e80 Filesystem access.
repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:395
      const mapContent = readFile(mapFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/json

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs test-only #dc134e01b47de494 Filesystem access.
repo/playground/json/__tests__/csr/json-csr.spec.ts:48
    readFileSync(require.resolve('../../test.json'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/legacy

npm first-party
expand_more 5 low-confidence finding(s)
low env_fs test-only #50d25d1669b0355f Filesystem access.
repo/playground/legacy/__tests__/legacy.spec.ts:171
          readFile(`dist/assets/${filename}`).includes('Unable to preload'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9c832c903b169ada Filesystem access.
repo/playground/legacy/vite.config-chunk-importmap.js:21
    let index = fs.readFileSync(indexPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bf235212c883c6f7 Filesystem access.
repo/playground/legacy/vite.config-chunk-importmap.js:25
    fs.writeFileSync(indexPath, index)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eff3b5cd514811c6 Filesystem access.
repo/playground/legacy/vite.config.js:45
    let index = fs.readFileSync(indexPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d4418d74113f5f5b Filesystem access.
repo/playground/legacy/vite.config.js:49
    fs.writeFileSync(indexPath, index)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/lib

npm first-party
expand_more 35 low-confidence finding(s)
low env_fs test-only #7ebc49ecedffa102 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:11
    const code = readFile('dist/my-lib-custom-filename.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a2bb28bda07dda63 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:12
    const noMinifyCode = readFile(
      'dist/nominify/my-lib-custom-filename.umd.cjs',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b66e2980ba46c6c0 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:15
    const namedCode = readFile('dist/named/my-lib-named.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b45613a0aa90359a Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:26
    const code = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f2684c5cbca6f369 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:27
    const noMinifyCode = readFile(
      'dist/nominify/my-lib-custom-filename.iife.js',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e359d447a044ae14 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:30
    const namedCode = readFile('dist/named/my-lib-named.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #293bb64282409bfa Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:40
    const code = readFile(
      'dist/helpers-injection/my-lib-custom-filename.iife.js',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6a6343f60080c77f Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:52
    const code = readFile('dist/lib/dynamic-import-message.es.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5859e05a198ce863 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:60
    const code = readFile('dist/lib/dynamic-import-message.es.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a47604c46db5500a Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:70
    const es = readFile('dist/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5627bf50ae394380 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:75
    const es = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f96890a7ca10ddab Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:87
    const es = readFile('dist/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b109a9f4c9cb14b3 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:88
    const iife = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8fd8ef0907b4e55d Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:89
    const umd = readFile('dist/my-lib-custom-filename.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #893ac70048d2160f Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:96
    const terserEs = readFile('dist/terser/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #07026adf1ee320ed Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:101
    const terserEs = readFile('dist/terser/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5ffe305fd576aaaf Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:106
    const terserIife = readFile('dist/terser/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3225af6f27880692 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:111
    const css = readFile('dist/css-single-entry/test-my-lib.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #eb95248dcbf5044d Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:112
    const js = readFile('dist/css-single-entry/test-my-lib.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #212e78e6b3576328 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:113
    const umd = readFile('dist/css-single-entry/test-my-lib.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5a9a11bc2fe6f9bb Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:120
    const css = readFile('dist/css-multi-entry/test-my-lib.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2265f5b844cbd2e6 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:121
    const js1 = readFile('dist/css-multi-entry/css-entry-1.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5363150c97aaf9d5 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:122
    const js2 = readFile('dist/css-multi-entry/css-entry-2.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8bb02c8cb60e8fa6 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:123
    const cjs1 = readFile('dist/css-multi-entry/css-entry-1.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4d98461aee63ff2d Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:124
    const cjs2 = readFile('dist/css-multi-entry/css-entry-2.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #749c4ec6787bd43d Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:134
    const css1 = readFile('dist/css-code-split/css-entry-1.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c86f3a06bd3efab4 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:135
    const css2 = readFile('dist/css-code-split/css-entry-2.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cf74863aeeac2c3a Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:136
    const js1 = readFile('dist/css-code-split/css-entry-1.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3569c97378fbf2c6 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:137
    const js2 = readFile('dist/css-code-split/css-entry-2.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #53abca5e14e1ebe2 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:138
    const cjs1 = readFile('dist/css-code-split/css-entry-1.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #024d9ef00186b748 Filesystem access.
repo/playground/lib/__tests__/lib.spec.ts:139
    const cjs2 = readFile('dist/css-code-split/css-entry-2.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #24b375222bf60161 Environment-variable access.
repo/playground/lib/__tests__/serve.ts:26
    process.env.VITE_INLINE = 'inline-serve'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b557e95dc5b9424b Environment-variable access.
repo/playground/lib/src/main.js:8
  console.log(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #824c4f671be6a644 Filesystem access.
repo/playground/lib/vite.config.js:38
          source: fs.readFileSync(
            path.resolve(import.meta.dirname, 'index.dist.html'),
            'utf-8',
          ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f1dc71ae372cf535 Environment-variable access.
repo/playground/lib/vite.multiple-output.config.js:4
const root = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/minify

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs test-only #cabc862f41895769 Filesystem access.
repo/playground/minify/__tests__/minify.spec.ts:11
  const jsContent = readFile(path.resolve(assetsDir, jsFile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #da938e2b09109df7 Filesystem access.
repo/playground/minify/__tests__/minify.spec.ts:14
  const cssContent = readFile(path.resolve(assetsDir, cssFile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps

npm first-party
expand_more 9 low-confidence finding(s)
low env_fs production #5607ef361cf6bd60 Environment-variable access.
repo/playground/optimize-deps/dep-cjs-with-external-deps/index.js:5
if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c51096c864b86ed8 Filesystem access.
repo/playground/optimize-deps/dep-linked-include/index.mjs:16
  fs.readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0973492e7353fe3d Environment-variable access.
repo/playground/optimize-deps/dep-node-env/index.js:1
export const env = process.env.NODE_ENV === 'production' ? 'prod' : 'dev'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0034cc49e80e919c Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:3
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a1d48b4a4aa84127 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:20
  return fs.readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ef5c02c85057c7cc Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:3
import { readFileSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a117a80c2d410741 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:9
  readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c566d412175b9d35 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:23
  return readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a931039d1e15cdb6 Filesystem access.
repo/playground/optimize-deps/vite.config.js:116
                    let contents = fs.readFileSync(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps-no-discovery

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #96da869665707d1d Environment-variable access.
repo/playground/optimize-deps-no-discovery/vite.config.js:4
process.env.NODE_ENV = ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps/dep-cjs-with-external-deps

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #5607ef361cf6bd60 Environment-variable access.
repo/playground/optimize-deps/dep-cjs-with-external-deps/index.js:5
if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps/dep-linked-include

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #c51096c864b86ed8 Filesystem access.
repo/playground/optimize-deps/dep-linked-include/index.mjs:16
  fs.readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps/dep-node-env

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #0973492e7353fe3d Environment-variable access.
repo/playground/optimize-deps/dep-node-env/index.js:1
export const env = process.env.NODE_ENV === 'production' ? 'prod' : 'dev'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps/dep-with-builtin-module-cjs

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #0034cc49e80e919c Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:3
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a1d48b4a4aa84127 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:20
  return fs.readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps/dep-with-builtin-module-esm

npm first-party
expand_more 3 low-confidence finding(s)
low env_fs production #ef5c02c85057c7cc Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:3
import { readFileSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a117a80c2d410741 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:9
  readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c566d412175b9d35 Filesystem access.
repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:23
  return readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-missing-deps

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #72ba55e51451bba4 Environment-variable access.
repo/playground/optimize-missing-deps/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9b79e9bf972a0a34 Filesystem access.
repo/playground/optimize-missing-deps/server.js:33
      let template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #ce54c6646b47f661 Environment-variable access.
repo/playground/ssr/server.js:5
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d039c3c2c3e1793d Filesystem access.
repo/playground/ssr/server.js:47
      template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-alias

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #03ee28e0c550baa2 Environment-variable access.
repo/playground/ssr-alias/src/main.js:8
  builtin: process.env['__TEST_ALIAS__'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-conditions

npm first-party
expand_more 4 low-confidence finding(s)
low env_fs production #593575c3a57fa0aa Environment-variable access.
repo/playground/ssr-conditions/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #046d26621fb51dfa Environment-variable access.
repo/playground/ssr-conditions/server.js:10
  isProd = process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cab5ec0fef5b3cb9 Filesystem access.
repo/playground/ssr-conditions/server.js:16
    ? fs.readFileSync(resolve('dist/client/index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #65803cd2ac52e631 Filesystem access.
repo/playground/ssr-conditions/server.js:56
        template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-deps

npm first-party
expand_more 4 low-confidence finding(s)
low env_fs test-only #59e2972b06024a79 Environment-variable access.
repo/playground/ssr-deps/__tests__/ssr-deps.spec.ts:103
    `Hello World from ${process.env.NODE_ENV}!`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b2a2c6e21b29aad1 Filesystem access.
repo/playground/ssr-deps/read-file-content/index.js:5
  return await fs.readFile(path.resolve(filePath), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #539ddc74e5e64f8b Environment-variable access.
repo/playground/ssr-deps/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #686537768eea7fdc Filesystem access.
repo/playground/ssr-deps/server.js:100
      template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-deps/read-file-content

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #b2a2c6e21b29aad1 Filesystem access.
repo/playground/ssr-deps/read-file-content/index.js:5
  return await fs.readFile(path.resolve(filePath), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-html

npm first-party
expand_more 4 low-confidence finding(s)
low env_fs production #19fbbafc47375844 Environment-variable access.
repo/playground/ssr-html/server.js:5
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #97a6c0827a68a006 Filesystem access.
repo/playground/ssr-html/server.js:79
        const template = fs.readFileSync(resolve(`.${url}index.html`), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e39a8b5bbdd181cc Filesystem access.
repo/playground/ssr-html/server.js:94
      let template = fs.readFileSync(htmlLoc, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52d931a1b8488c67 Environment-variable access.
repo/playground/ssr-html/test-stacktrace.js:10
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-noexternal

npm first-party
expand_more 4 low-confidence finding(s)
low env_fs production #7d868d2e37ee4363 Environment-variable access.
repo/playground/ssr-noexternal/server.js:5
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0d91d61837712774 Environment-variable access.
repo/playground/ssr-noexternal/server.js:9
  isProd = process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6a55e05982c71b80 Filesystem access.
repo/playground/ssr-noexternal/server.js:15
    ? fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb49143672c820e2 Filesystem access.
repo/playground/ssr-noexternal/server.js:54
        template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-pug

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #0eeb588f8678e1fe Environment-variable access.
repo/playground/ssr-pug/server.js:6
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-resolve

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs test-only #a38759730e7d507e Filesystem access.
repo/playground/ssr-resolve/__tests__/ssr-resolve.spec.ts:9
  const contents = readFile('dist/main.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #71bb8a8c4619f073 Filesystem access.
repo/playground/ssr-resolve/__tests__/ssr-resolve.spec.ts:38
    const contents = readFile('dist/main.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-wasm

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #3a93f3ef7ebefd36 Environment-variable access.
repo/playground/ssr-wasm/server.js:3
const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #baee2c65ad5fb1c3 Environment-variable access.
repo/playground/ssr-wasm/server.js:4
const isProduction = process.env.NODE_ENV === 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-webworker

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #5533be1b2cff10c4 Environment-variable access.
repo/playground/ssr-webworker/worker.js:4
const isTest = !!process.env.TEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/tsconfig-json

npm first-party
expand_more 4 low-confidence finding(s)
low env_fs test-only #bf4e5adbdec9fbfe Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:37
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4931b14bea649de9 Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:51
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2ceced78230cdf6b Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:66
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fda3d0ff9936c13b Filesystem access.
repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:81
    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/tsconfig-json-load-error

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs test-only #84e552e2570f8ea8 Filesystem access.
repo/playground/tsconfig-json-load-error/__tests__/tsconfig-json-load-error.spec.ts:18
      readFile('dist/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/worker

npm first-party
expand_more 31 low-confidence finding(s)
low env_fs test-only #872b246f756624c2 Environment-variable access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:10
    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e802fab430337163 Filesystem access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:103
      const fileContent = fs.readFileSync(
        path.resolve(assetsDir, file),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #99093e1f09ac071d Filesystem access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:111
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #79fe186370aabb7d Filesystem access.
repo/playground/worker/__tests__/es/worker-es.spec.ts:113
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d75eb3ed7a118c4c Environment-variable access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:19
    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #41ffa597369d8cb1 Filesystem access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:90
      const fileContent = fs.readFileSync(
        path.resolve(assetsDir, file),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fa86ec945acf3d3a Filesystem access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:98
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #64cb5982ed279c74 Filesystem access.
repo/playground/worker/__tests__/iife/worker-iife.spec.ts:100
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #eb7842e4850d293d Environment-variable access.
repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:10
    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ef68b0944bc4df72 Filesystem access.
repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:66
    const content = fs.readFileSync(path.resolve(chunksDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3e6e4f988a8f22fb Filesystem access.
repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:73
    const workerContent = fs.readFileSync(
      path.resolve(workerEntriesDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ffae1115f7e61408 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:20
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5475b64fe72ad39f Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:23
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #77c809435dda9226 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:31
    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b9a236028cb6b9d4 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:39
    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f17c8c5aa2bff47a Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:49
    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #63fd635e8c76dfb3 Filesystem access.
repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:57
    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e8162504c736013c Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:14
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ada22f10fa7abc21 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:17
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #558faab564451943 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:25
    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ae35c23f727b1772 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:33
    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #326202c2935d1d45 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:43
    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c8e81b7bd7e15456 Filesystem access.
repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:51
    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #56f1e6c75edee3d9 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:20
    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cc916e994426b006 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:23
    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f95e4899442c2f4e Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:31
    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dc6554e30a5fbe36 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:39
    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b0cc0c79d5b31744 Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:49
    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #81399ba38392c53b Filesystem access.
repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:57
    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #78b6c0cc46857221 Environment-variable access.
repo/playground/worker/modules/workerImport.ts:2
export const mode = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #63312661b6821473 Environment-variable access.
repo/playground/worker/worker-sourcemap-config.js:7
    /** @type {'inline' | 'hidden' | 'sourcemap'} */ (
      process.env.WORKER_MODE
    ) || sourcemap

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

Skipped dependencies

Production

  • first-party (npm): playground/ssr-deps/define-properties-exports prod — scan budget exceeded
  • first-party (npm): playground/ssr-deps/nested-external-cjs prod — scan budget exceeded
  • first-party (npm): playground/ssr-deps/css-lib prod — scan budget exceeded
  • first-party (npm): playground/ssr-deps/no-external-cjs prod — scan budget exceeded
  • first-party (npm): playground/ssr-deps/require-absolute prod — scan budget exceeded
  • first-party (npm): playground/ssr-deps/optimized-with-nested-external prod — scan budget exceeded
  • first-party (npm): playground/ssr-deps/linked-no-external prod — scan budget exceeded
  • first-party (npm): playground/ssr-deps/optimized-cjs-with-nested-external prod — scan budget exceeded
  • first-party (npm): playground/ssr-deps/external-entry prod — scan budget exceeded
  • first-party (npm): playground/ssr-deps/nested-exclude prod — scan budget exceeded
  • first-party (npm): playground/ssr-deps/external-using-external-entry prod — scan budget exceeded
  • first-party (npm): playground/ssr-deps/ts-transpiled-exports prod — scan budget exceeded
  • first-party (npm): playground/ssr-deps/only-object-assigned-exports prod — scan budget exceeded
  • first-party (npm): playground/dynamic-import/pkg prod — scan budget exceeded
  • first-party (npm): playground/proxy-hmr/other-app prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__ prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/packages prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/plugins/fixtures/license prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/plugins/fixtures/license/dep-nested-license-isc prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/plugins/fixtures/license/dep-licence-cc0 prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/plugins/fixtures/license/dep-license-mit prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/plugins/fixtures/sass-package-resolution/node_modules/sass-pkg-with-index prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/fixtures/watch-rebuild-manifest prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/fixtures/test-dep-conditions prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/fixtures/cjs-ssr-dep prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/fixtures/scan-subpath-import-glob prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/fixtures/file-url prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/fixtures/config/plugin-module-condition prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/fixtures/config/siblings prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/fixtures/config/native-import prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/fixtures/config/import-meta prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/fixtures/config/entry prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/fixtures/glob-exports/node_modules/my-pkg prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/packages/noname prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/packages/parent prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/packages/child prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/packages/module prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/__tests__/packages/name prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/server/__tests__/fixtures/watcher prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/server/__tests__/fixtures/pnpm prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/server/__tests__/fixtures/yarn prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/server/__tests__/fixtures/lerna/nested prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/server/__tests__/fixtures/deno/nested prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/server/__tests__/fixtures/pnpm/nested prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/server/__tests__/fixtures/yarn/nested prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/server/__tests__/fixtures/none/nested prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/ssr/runtime/__tests__ prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/ssr/runtime/__tests__/fixtures/live-binding prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/ssr/runtime/__tests__/fixtures/cyclic2 prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/ssr/runtime/__tests__/fixtures/cjs-external prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/ssr/runtime/__tests__/fixtures/esm-external prod — scan budget exceeded
  • first-party (npm): packages/vite/src/node/ssr/runtime/__tests__/fixtures/invalid-package/deps/test-dep-invalid-exports prod — scan budget exceeded
  • first-party (npm): docs prod — scan budget exceeded
  • lightningcss prod — scan budget exceeded
  • picomatch prod — scan budget exceeded
  • postcss prod — scan budget exceeded
  • tinyglobby prod — scan budget exceeded
  • @babel/core prod — scan budget exceeded
  • @babel/plugin-transform-dynamic-import prod — scan budget exceeded
  • @babel/plugin-transform-modules-systemjs prod — scan budget exceeded
  • @babel/preset-env prod — scan budget exceeded
  • babel-plugin-polyfill-corejs3 prod — scan budget exceeded
  • babel-plugin-polyfill-regenerator prod — scan budget exceeded
  • browserslist prod — scan budget exceeded
  • browserslist-to-esbuild prod — scan budget exceeded
  • core-js prod — scan budget exceeded
  • regenerator-runtime prod — scan budget exceeded
  • systemjs prod — scan budget exceeded
  • @tailwindcss/vite prod — scan budget exceeded
  • tailwindcss prod — scan budget exceeded
  • @vitejs/test-dep-no-discovery prod — scan budget exceeded
  • vue prod — scan budget exceeded
  • vuex prod — scan budget exceeded
  • clipboard prod — scan budget exceeded
  • @vitejs/test-dep-cjs-browser-field prod — scan budget exceeded
  • @vitejs/longfilename-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa prod — scan budget exceeded
  • @vitejs/test-dep-alias-using-absolute-path prod — scan budget exceeded
  • @vitejs/test-dep-cjs-browser-field-bare prod — scan budget exceeded
  • @vitejs/test-dep-cjs-compiled-from-cjs prod — scan budget exceeded
  • @vitejs/test-dep-cjs-compiled-from-esm prod — scan budget exceeded
  • @vitejs/test-dep-cjs-with-assets prod — scan budget exceeded
  • @vitejs/test-dep-cjs-with-es-module-flag prod — scan budget exceeded
  • @vitejs/test-dep-cjs-with-external-deps prod — scan budget exceeded
  • @vitejs/test-dep-cjs-css-main-field prod — scan budget exceeded
  • @vitejs/test-dep-cjs-require-css-main-field prod — scan budget exceeded
  • @vitejs/test-dep-css-require prod — scan budget exceeded
  • @vitejs/test-dep-esbuild-plugin-transform prod — scan budget exceeded
  • @vitejs/test-dep-incompatible prod — scan budget exceeded
  • @vitejs/test-dep-linked prod — scan budget exceeded
  • @vitejs/test-dep-linked-include prod — scan budget exceeded
  • @vitejs/test-dep-node-env prod — scan budget exceeded
  • @vitejs/test-dep-not-js prod — scan budget exceeded
  • @vitejs/test-dep-optimize-exports-with-glob prod — scan budget exceeded
  • @vitejs/test-dep-optimize-exports-with-root-glob prod — scan budget exceeded
  • @vitejs/test-dep-optimize-with-glob prod — scan budget exceeded
  • @vitejs/test-dep-relative-to-main prod — scan budget exceeded
  • @vitejs/test-dep-source-map-no-sources prod — scan budget exceeded
  • @vitejs/test-dep-with-asset-ext1.pdf prod — scan budget exceeded
  • @vitejs/test-dep-with-asset-ext2.pdf prod — scan budget exceeded
  • @vitejs/test-dep-with-builtin-module-cjs prod — scan budget exceeded
  • @vitejs/test-dep-with-builtin-module-esm prod — scan budget exceeded
  • @vitejs/test-dep-with-dynamic-import prod — scan budget exceeded
  • @vitejs/test-dep-with-optional-peer-dep prod — scan budget exceeded
  • @vitejs/test-dep-with-optional-peer-dep-cjs prod — scan budget exceeded
  • @vitejs/test-dep-with-optional-peer-dep-submodule prod — scan budget exceeded
  • @vitejs/test-dep-with-plus-subpath prod — scan budget exceeded
  • @vitejs/test-dep-non-optimized prod — scan budget exceeded
  • @vitejs/test-added-in-entries prod — scan budget exceeded
  • @vitejs/test-dep-cjs-external-package-omit-js-suffix prod — scan budget exceeded
  • @vitejs/test-dep-with-assets prod — scan budget exceeded
  • @vitejs/test-dep-lodash prod — scan budget exceeded
  • @vitejs/test-dep-lodash.clonedeep prod — scan budget exceeded
  • @vitejs/test-dep-lodash-es prod — scan budget exceeded
  • @vitejs/test-nested-exclude prod — scan budget exceeded
  • phoenix prod — scan budget exceeded
  • react prod — scan budget exceeded
  • react-dom prod — scan budget exceeded
  • @vitejs/test-resolve-linked prod — scan budget exceeded
  • @vitejs/test-alias-original prod — scan budget exceeded
  • aliased-module prod — scan budget exceeded
  • @vue/shared prod — scan budget exceeded
  • @vitejs/test-dep-that-imports prod — scan budget exceeded
  • @vitejs/test-dep-that-requires prod — scan budget exceeded
  • @vitejs/test-commonjs-dep prod — scan budget exceeded
  • @vitejs/test-deep-import prod — scan budget exceeded
  • @vitejs/test-entries prod — scan budget exceeded
  • @vitejs/test-module-sync prod — scan budget exceeded
  • @vitejs/test-resolve-pkg-exports prod — scan budget exceeded
  • @tailwindcss/postcss prod — scan budget exceeded
  • @vitejs/test-external-cjs prod — scan budget exceeded
  • @vitejs/test-require-external-cjs prod — scan budget exceeded
  • @vitejs/test-import-meta-glob-pkg prod — scan budget exceeded
  • @vitejs/test-ssr-conditions-external prod — scan budget exceeded
  • @vitejs/test-ssr-conditions-no-external prod — scan budget exceeded
  • autoprefixer prod — scan budget exceeded
  • @babel/runtime prod — scan budget exceeded
  • normalize.css prod — scan budget exceeded
  • @vitejs/test-resolve-browser-field prod — scan budget exceeded
  • @vitejs/test-resolve-browser-module-field1 prod — scan budget exceeded
  • @vitejs/test-resolve-custom-condition prod — scan budget exceeded

Development

  • @eslint/js dev — scan budget exceeded
  • @type-challenges/utils dev — scan budget exceeded
  • @types/babel__core dev — scan budget exceeded
  • @types/babel__preset-env dev — scan budget exceeded
  • @types/convert-source-map dev — scan budget exceeded
  • @types/cross-spawn dev — scan budget exceeded
  • @types/etag dev — scan budget exceeded
  • @types/less dev — scan budget exceeded
  • @types/node dev — scan budget exceeded
  • @types/picomatch dev — scan budget exceeded
  • @types/stylus dev — scan budget exceeded
  • @types/ws dev — scan budget exceeded
  • @vitejs/release-scripts dev — scan budget exceeded
  • eslint dev — scan budget exceeded
  • eslint-plugin-import-x dev — scan budget exceeded
  • eslint-plugin-n dev — scan budget exceeded
  • eslint-plugin-regexp dev — scan budget exceeded
  • execa dev — scan budget exceeded
  • globals dev — scan budget exceeded
  • lint-staged dev — scan budget exceeded
  • oxfmt dev — scan budget exceeded
  • picocolors dev — scan budget exceeded
  • playwright-chromium dev — scan budget exceeded
  • rolldown dev — scan budget exceeded
  • rollup dev — scan budget exceeded
  • simple-git-hooks dev — scan budget exceeded
  • tsx dev — scan budget exceeded
  • typescript dev — scan budget exceeded
  • typescript-eslint dev — scan budget exceeded
  • vite dev — scan budget exceeded
  • vitest dev — scan budget exceeded
  • @clack/prompts dev — scan budget exceeded
  • @vercel/detect-agent dev — scan budget exceeded
  • cross-spawn dev — scan budget exceeded
  • mri dev — scan budget exceeded
  • tsdown dev — scan budget exceeded
  • unrun dev — scan budget exceeded
  • @babel/parser dev — scan budget exceeded
  • @jridgewell/remapping dev — scan budget exceeded
  • @jridgewell/trace-mapping dev — scan budget exceeded
  • @polka/compression dev — scan budget exceeded
  • @rollup/plugin-alias dev — scan budget exceeded
  • @rollup/plugin-dynamic-import-vars dev — scan budget exceeded
  • @rollup/pluginutils dev — scan budget exceeded
  • @types/escape-html dev — scan budget exceeded
  • @types/pnpapi dev — scan budget exceeded
  • @vitejs/devtools dev — scan budget exceeded
  • @vitest/utils dev — scan budget exceeded
  • @voidzero-dev/vite-task-client dev — scan budget exceeded
  • artichokie dev — scan budget exceeded
  • baseline-browser-mapping dev — scan budget exceeded
  • cac dev — scan budget exceeded
  • chokidar dev — scan budget exceeded
  • connect dev — scan budget exceeded
  • convert-source-map dev — scan budget exceeded
  • cors dev — scan budget exceeded
  • dotenv-expand dev — scan budget exceeded
  • es-module-lexer dev — scan budget exceeded
  • esbuild dev — scan budget exceeded
  • escape-html dev — scan budget exceeded
  • estree-walker dev — scan budget exceeded
  • etag dev — scan budget exceeded
  • fresh-import dev — scan budget exceeded
  • host-validation-middleware dev — scan budget exceeded
  • http-proxy-3 dev — scan budget exceeded
  • launch-editor-middleware dev — scan budget exceeded
  • magic-string dev — scan budget exceeded
  • mlly dev — scan budget exceeded
  • mrmime dev — scan budget exceeded
  • nanoid dev — scan budget exceeded
  • obug dev — scan budget exceeded
  • open dev — scan budget exceeded
  • parse5 dev — scan budget exceeded
  • pathe dev — scan budget exceeded
  • periscopic dev — scan budget exceeded
  • postcss-import dev — scan budget exceeded
  • postcss-load-config dev — scan budget exceeded
  • postcss-modules dev — scan budget exceeded
  • premove dev — scan budget exceeded
  • resolve.exports dev — scan budget exceeded
  • rolldown-plugin-dts dev — scan budget exceeded
  • rollup-plugin-license dev — scan budget exceeded
  • sass dev — scan budget exceeded
  • sass-embedded dev — scan budget exceeded
  • sirv dev — scan budget exceeded
  • strip-literal dev — scan budget exceeded
  • terser dev — scan budget exceeded
  • ufo dev — scan budget exceeded
  • ws dev — scan budget exceeded
  • acorn dev — scan budget exceeded
  • css-color-names dev — scan budget exceeded
  • kill-port dev — scan budget exceeded
  • url dev — scan budget exceeded
  • express dev — scan budget exceeded
  • less dev — scan budget exceeded
  • slash3 dev — scan budget exceeded
  • slash5 dev — scan budget exceeded
  • vue34 dev — scan budget exceeded
  • pug dev — scan budget exceeded
  • @types/react dev — scan budget exceeded
  • @types/react-dom dev — scan budget exceeded
  • react-fake-client dev — scan budget exceeded
  • react-fake-server dev — scan budget exceeded
  • @vitejs/test-css-dep dev — scan budget exceeded
  • @vitejs/test-css-dep-exports dev — scan budget exceeded
  • @vitejs/test-css-js-dep dev — scan budget exceeded
  • @vitejs/test-css-proxy-dep dev — scan budget exceeded
  • @vitejs/test-scss-proxy-dep dev — scan budget exceeded
  • postcss-nested dev — scan budget exceeded
  • stylus dev — scan budget exceeded
  • sugarss dev — scan budget exceeded
  • @vitejs/test-json-require dev — scan budget exceeded
  • @vitejs/test-json-module dev — scan budget exceeded