Close Open Privacy Scan

link https://github.com/vitejs/vite

bolt Snapshot: commit e347fef

science engine v1

schedule 2026-06-25T18:12:39.212478+00:00

Incomplete scan — only 0/200 dependencies were analyzed. Treat the score as provisional.

App Privacy Score

47 /100

High privacy risk — possible application leak

High risk · 801 finding(s)

Dependency score: 100 (Low risk)

bar_chart Score Breakdown

pii_flow −45

egress −5

env_fs −3

list Scan Summary

0 high 3 medium 798 low

First-party packages: 41

Dependency packages: 0

Ecosystem: npm

swap_horiz Potential data exfiltration in application code

External domains: sponsors.vite.dev

medium first-party (npm) PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.

repo/playground/lib/src/main.js:8 → repo/playground/lib/src/main.js:8

medium first-party (npm): playground PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.

repo/playground/lib/src/main.js:8 → repo/playground/lib/src/main.js:8

medium first-party (npm): playground/lib PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.

repo/playground/lib/src/main.js:8 → repo/playground/lib/src/main.js:8

</> First-Party Code

first-party (npm)

npm first-party

medium pii_flow production #cbda9488e4cfee1d — PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.

repo/playground/lib/src/main.js:8 · flow /tmp/closeopen-v_52xqqa/repo/playground/lib/src/main.js:8 → /tmp/closeopen-v_52xqqa/repo/playground/lib/src/main.js:8

  console.log(process.env.NODE_ENV)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 330 low-confidence finding(s)

low env_fs production #4c2bc3bab7af9ac3 — Filesystem access.

repo/docs/.vitepress/buildEnd.config.ts:49

  writeFileSync(path.join(config.outDir, 'blog.rss'), feed.rss2())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bc55b85deb55b3c3 — Environment-variable access.

repo/docs/.vitepress/config.ts:26

const deployURL = process.env.DEPLOY_PRIME_URL || ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f7ffeb5698701afa — Environment-variable access.

repo/docs/.vitepress/config.ts:27

const commitRef = process.env.COMMIT_REF?.slice(0, 8) || 'dev'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #40fab02ff93f2af8 — Hardcoded external endpoint. Review what data is sent to this destination.

repo/docs/.vitepress/theme/composables/sponsor.ts:18

    const result = await fetch('https://sponsors.vite.dev/sponsors.json')

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #af060c61a5cba1f1 — Filesystem access.

repo/docs/_data/acknowledgements.data.ts:114

  const content = fs.readFileSync(licensePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #444aa4d00fe3214f — Filesystem access.

repo/docs/_data/acknowledgements.data.ts:202

    const content = fs.readFileSync(packagePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a4147b2d8fa39ebb — Environment-variable access.

repo/eslint.config.js:13

const shouldTypeCheck = typeof process.env.VSCODE_PID === 'string'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #600eaa68ad4a4707 — Filesystem access.

repo/packages/create-vite/__tests__/cli.spec.ts:32

  fs.writeFileSync(pkgJson, '{ "foo": "bar" }')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c772d3afea480dd0 — Filesystem access.

repo/packages/create-vite/__tests__/cli.spec.ts:179

  const configFile = fs.readFileSync(
    path.join(genPath, 'vite.config.ts'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4044a55d60f0736a — Filesystem access.

repo/packages/create-vite/__tests__/cli.spec.ts:183

  const packageJsonFile = fs.readFileSync(
    path.join(genPath, 'package.json'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #78846c09f273a7e0 — Filesystem access.

repo/packages/create-vite/__tests__/cli.spec.ts:187

  const readmeFile = fs.readFileSync(path.join(genPath, 'README.md'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f405d40f191b654b — Filesystem access.

repo/packages/create-vite/__tests__/cli.spec.ts:205

  const pkg = fs.readFileSync(path.join(genPath, 'package.json'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3f01b55b76a4babb — Filesystem access.

repo/packages/create-vite/__tests__/cli.spec.ts:210

  const readme = fs.readFileSync(path.join(genPath, 'README.md'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #075e344a8463bba7 — Filesystem access.

repo/packages/create-vite/__tests__/cli.spec.ts:224

  const pkg = fs.readFileSync(path.join(genPath, 'package.json'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8c0defef863b9248 — Filesystem access.

repo/packages/create-vite/__tests__/cli.spec.ts:288

  const indexHtmlContent = fs.readFileSync(indexHtmlPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3bac056a88661ba2 — Environment-variable access.

repo/packages/create-vite/src/index.ts:415

  if (process.env._VITE_TEST_CLI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f88064af75bb030e — Environment-variable access.

repo/packages/create-vite/src/index.ts:429

  if (process.env._VITE_TEST_CLI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #070699aef77a8bb2 — Environment-variable access.

repo/packages/create-vite/src/index.ts:466

  const pkgInfo = pkgFromUserAgent(process.env.npm_config_user_agent)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #039352996256cb8b — Filesystem access.

repo/packages/create-vite/src/index.ts:676

      fs.writeFileSync(targetPath, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cc09e5069314d39b — Filesystem access.

repo/packages/create-vite/src/index.ts:679

      const templateContent = fs.readFileSync(templatePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b64150a364e5ee60 — Filesystem access.

repo/packages/create-vite/src/index.ts:684

      fs.writeFileSync(targetPath, updatedContent)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a586b6219da98a30 — Filesystem access.

repo/packages/create-vite/src/index.ts:696

    fs.readFileSync(path.join(templateDir, `package.json`), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #82b6b020753bd5cd — Filesystem access.

repo/packages/create-vite/src/index.ts:914

  fs.writeFileSync(path.resolve(root, 'eslint.config.js'), eslintConfig)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dbdf08fa361b5cd3 — Filesystem access.

repo/packages/create-vite/src/index.ts:1043

  const content = fs.readFileSync(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7b6e3bf613b691bb — Filesystem access.

repo/packages/create-vite/src/index.ts:1044

  fs.writeFileSync(file, callback(content), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #13a87ebbd26b62c5 — Filesystem access.

repo/packages/plugin-legacy/src/__tests__/readme.spec.ts:7

  const readme = fs.readFileSync(
    path.resolve(import.meta.dirname, '../../README.md'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dee55c62f9849e7b — Environment-variable access.

repo/packages/plugin-legacy/src/index.ts:163

  const debugFlags = (process.env.DEBUG || '').split(',')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0df1ee307460c207 — Environment-variable access.

repo/packages/vite/bin/vite.js:6

  if (!process.env.DEBUG_DISABLE_SOURCE_MAP) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8a05e71e3c43aa22 — Environment-variable access.

repo/packages/vite/bin/vite.js:36

  process.env.DEBUG = `${

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #39a7fc8e64accba2 — Environment-variable access.

repo/packages/vite/bin/vite.js:37

    process.env.DEBUG ? process.env.DEBUG + ',' : ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #39a7fc8e64accba2 — Environment-variable access.

repo/packages/vite/bin/vite.js:37

    process.env.DEBUG ? process.env.DEBUG + ',' : ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6da0c20028dde9bb — Environment-variable access.

repo/packages/vite/bin/vite.js:43

      process.env.VITE_DEBUG_FILTER = filter

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #61449dae61cee257 — Filesystem access.

repo/packages/vite/rolldown.config.ts:12

  readFileSync(new URL('./package.json', import.meta.url)).toString(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8e68b4a55c67031c — Environment-variable access.

repo/packages/vite/rolldown.config.ts:14

const disableSourceMap = !!process.env.DEBUG_DISABLE_SOURCE_MAP

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b221d3224da3e09a — Filesystem access.

repo/packages/vite/rolldown.config.ts:186

        writeFileSync(
          'dist/node/index.d.ts',
          "export * from '../../src/node/index.ts'",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a0aea6d64f78809 — Filesystem access.

repo/packages/vite/rolldown.config.ts:190

        writeFileSync(
          'dist/node/module-runner.d.ts',
          "export * from '../../src/module-runner/index.ts'",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #28e78b2dbe0aad6c — Filesystem access.

repo/packages/vite/rolldown.dts.config.ts:23

  readFileSync(new URL('./package.json', import.meta.url)).toString(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4a31e6282a4f7cf9 — Filesystem access.

repo/packages/vite/rollupLicensePlugin.ts:17

      const coreLicense = fs.readFileSync(
        new URL('../../LICENSE', import.meta.url),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #564f54169d7058a4 — Filesystem access.

repo/packages/vite/rollupLicensePlugin.ts:108

      const existingLicenseText = fs.readFileSync(licenseFilePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ea011ba125d1ef3b — Filesystem access.

repo/packages/vite/rollupLicensePlugin.ts:110

        fs.writeFileSync(licenseFilePath, licenseText)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #76372056fed0a84c — Filesystem access.

repo/packages/vite/src/node/__tests__/build.spec.ts:1173

  const content = await fsp.readFile(entry, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f3d42f3b30fb24f0 — Filesystem access.

repo/packages/vite/src/node/__tests__/build.spec.ts:1174

  await fsp.writeFile(
    entry,
    content.replace(`import('./dep.js')`, `'dep.js removed'`),
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1e9ad349a5f3b880 — Filesystem access.

repo/packages/vite/src/node/__tests__/build.spec.ts:1179

    await fsp.writeFile(entry, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9dd7604a00df2172 — Filesystem access.

repo/packages/vite/src/node/__tests__/build.spec.ts:1209

    fsp.readFile(resolve(root, 'dist/favicon.svg'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4fb17e6310e0c27f — Filesystem access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1386

      fs.writeFileSync(path.resolve(root, fileName), content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2f7eac18b0e9d0d3 — Filesystem access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1390

      fs.writeFileSync(
        path.resolve(root, 'package.json'),
        JSON.stringify({
          name: '@vitejs/test-load-config-from-file',
          type: typeField,
        }),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #369cb3e3bf16f194 — Environment-variable access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1599

    delete process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e0bcd3d32d2c4171 — Environment-variable access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1603

    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'example.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6608dea580a501e2 — Environment-variable access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1613

    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c8635a0c3459a9a8 — Environment-variable access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1628

    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ce39024dfea5040d — Environment-variable access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1643

    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fe5253fc0e675425 — Environment-variable access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1654

    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'new.com,another.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b07877801e33f3fc — Environment-variable access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1668

    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'example.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9b20c3238e8c8184 — Environment-variable access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1680

      process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = env

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #97c1f1996aced9f9 — Environment-variable access.

repo/packages/vite/src/node/__tests__/env.spec.ts:54

    expect(process.env.VITE_USER_NODE_ENV).toEqual(undefined)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #617f27a339d9036c — Environment-variable access.

repo/packages/vite/src/node/__tests__/env.spec.ts:58

    const _nodeEnv = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #963e9aa8d549e860 — Environment-variable access.

repo/packages/vite/src/node/__tests__/env.spec.ts:59

    process.env.NODE_ENV = 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9ea81947507d529c — Environment-variable access.

repo/packages/vite/src/node/__tests__/env.spec.ts:61

    expect(process.env.VITE_USER_NODE_ENV).toEqual('development')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #59151badb64c945b — Environment-variable access.

repo/packages/vite/src/node/__tests__/env.spec.ts:62

    process.env.NODE_ENV = _nodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5df29282e9f688e6 — Environment-variable access.

repo/packages/vite/src/node/__tests__/env.spec.ts:66

    process.env.VITE_USER_NODE_ENV = 'test'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0eac53c1be6fa30e — Environment-variable access.

repo/packages/vite/src/node/__tests__/env.spec.ts:68

    expect(process.env.VITE_USER_NODE_ENV).toEqual('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #91ee90697630cb58 — Environment-variable access.

repo/packages/vite/src/node/__tests__/env.spec.ts:72

    process.env.VITE_ENV_TEST_ENV = 'EXIST'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f08cd09ef8b1f9af — Filesystem access.

repo/packages/vite/src/node/__tests__/plugins/cssPreprocessorTeardown.spec.ts:25

    fs.writeFileSync(scssPath, '$c: red;\nbody { color: $c; }\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #aaf02d214f20dbcc — Filesystem access.

repo/packages/vite/src/node/__tests__/plugins/cssPreprocessorTeardown.spec.ts:37

        fs.readFileSync(scssPath, 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1d9ce6858b1c2285 — Filesystem access.

repo/packages/vite/src/node/__tests__/plugins/importGlob/fixture.spec.ts:14

      await transformWithEsbuild(await fs.readFile(id, 'utf-8'), id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #92db18fa5c81ee5d — Filesystem access.

repo/packages/vite/src/node/__tests__/plugins/importGlob/fixture.spec.ts:85

      await transformWithEsbuild(await fs.readFile(id, 'utf-8'), id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b0b7059d045b8f1e — Environment-variable access.

repo/packages/vite/src/node/build.ts:1091

  const tty = process.stdout.isTTY && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c9f1d8f6c49801cf — Filesystem access.

repo/packages/vite/src/node/cli.ts:79

        fs.writeFileSync(outPath, JSON.stringify(profile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fff549a90a23fc35 — Environment-variable access.

repo/packages/vite/src/node/config.ts:1422

  if (process.env.NODE_ENV === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f93ca6479fd5cb51 — Environment-variable access.

repo/packages/vite/src/node/config.ts:1425

      process.env.NODE_ENV = nodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74d5ff3ae3689363 — Environment-variable access.

repo/packages/vite/src/node/config.ts:1428

  const isNodeEnvSet = !!process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b8cea636c7d438cf — Environment-variable access.

repo/packages/vite/src/node/config.ts:1434

    process.env.NODE_ENV = defaultNodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2aa18aa84788faa3 — Environment-variable access.

repo/packages/vite/src/node/config.ts:1730

  const userNodeEnv = process.env.VITE_USER_NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9395b7c0e85aee00 — Environment-variable access.

repo/packages/vite/src/node/config.ts:1733

      process.env.NODE_ENV = 'development'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6e5783411123a3aa — Environment-variable access.

repo/packages/vite/src/node/config.ts:1744

  const isProduction = process.env.NODE_ENV === 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #326c64e43c2462f1 — Filesystem access.

repo/packages/vite/src/node/config.ts:2656

    await fsp.writeFile(tempFileName, bundledCode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0adf59be4b75bbea — Filesystem access.

repo/packages/vite/src/node/constants.ts:7

  readFileSync(new URL('../../package.json', import.meta.url)).toString(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c7ffc0dfb3be5ba3 — Filesystem access.

repo/packages/vite/src/node/env.ts:59

      const parsedEnv = parseEnv(fs.readFileSync(filePath, 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9e85b35b1472b9cb — Environment-variable access.

repo/packages/vite/src/node/env.ts:67

  if (parsed.NODE_ENV && process.env.VITE_USER_NODE_ENV === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #558037d8e6a71395 — Environment-variable access.

repo/packages/vite/src/node/env.ts:68

    process.env.VITE_USER_NODE_ENV = parsed.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #41533b467e6688c4 — Environment-variable access.

repo/packages/vite/src/node/env.ts:71

  if (parsed.BROWSER && process.env.BROWSER === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #90c5dfcd7c83e00a — Environment-variable access.

repo/packages/vite/src/node/env.ts:72

    process.env.BROWSER = parsed.BROWSER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #429b579545238e0b — Environment-variable access.

repo/packages/vite/src/node/env.ts:74

  if (parsed.BROWSER_ARGS && process.env.BROWSER_ARGS === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #72e887b70373d8ea — Environment-variable access.

repo/packages/vite/src/node/env.ts:75

    process.env.BROWSER_ARGS = parsed.BROWSER_ARGS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #35971cd36cd72cdf — Environment-variable access.

repo/packages/vite/src/node/env.ts:100

      env[key] = process.env[key]!

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #13dc6e6e0b1fbed4 — Filesystem access.

repo/packages/vite/src/node/http.ts:162

    return fsp.readFile(path.resolve(value)).catch(() => value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9ec3bac1dbf361c9 — Environment-variable access.

repo/packages/vite/src/node/logger.ts:84

    allowClearScreen && process.stdout.isTTY && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee040977eaf089ca — Filesystem access.

repo/packages/vite/src/node/optimizer/index.ts:414

        await fsp.readFile(cachedMetadataPath, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #51984cf99cb665ab — Filesystem access.

repo/packages/vite/src/node/optimizer/index.ts:540

  fs.writeFileSync(
    path.resolve(processingCacheDir, 'package.json'),
    `{\n  "type": "module"\n}\n`,
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74711de21b510782 — Filesystem access.

repo/packages/vite/src/node/optimizer/index.ts:595

      fs.writeFileSync(
        dataPath,
        stringifyDepsOptimizerMetadata(metadata, depsCacheDir),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #692b3330416c2432 — Environment-variable access.

repo/packages/vite/src/node/optimizer/index.ts:817

      : JSON.stringify(process.env.NODE_ENV || environment.config.mode),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ef3d06db4784d35e — Filesystem access.

repo/packages/vite/src/node/optimizer/index.ts:1161

  const entryContent = fs.readFileSync(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ef527fdd427eae39 — Environment-variable access.

repo/packages/vite/src/node/optimizer/index.ts:1280

  return process.env.npm_config_user_agent?.startsWith(manager) ? 1 : -1

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5e0eecac3ed78e9e — Environment-variable access.

repo/packages/vite/src/node/optimizer/index.ts:1292

        ? process.env.NODE_ENV || config.mode

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9c0e4e650ff34519 — Filesystem access.

repo/packages/vite/src/node/optimizer/index.ts:1331

  let content = lockfilePath ? fs.readFileSync(lockfilePath, 'utf-8') : ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c66fd459d1e8500e — Filesystem access.

repo/packages/vite/src/node/optimizer/scan.ts:443

    let raw = await fsp.readFile(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #389e38bf3a7177ef — Filesystem access.

repo/packages/vite/src/node/packages.ts:179

  const data = JSON.parse(stripBomTag(fs.readFileSync(pkgPath, 'utf-8')))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b197120c4812ac44 — Filesystem access.

repo/packages/vite/src/node/plugins/asset.ts:210

              await fsp.readFile(file, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #422158b320355872 — Filesystem access.

repo/packages/vite/src/node/plugins/asset.ts:344

    const content = await fsp.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5619e358cb7c09d3 — Filesystem access.

repo/packages/vite/src/node/plugins/asset.ts:353

    const content = await fsp.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a2047d3f1cb7a506 — Filesystem access.

repo/packages/vite/src/node/plugins/asset.ts:452

  const content = await fsp.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #faa01adf12b7d6ad — Environment-variable access.

repo/packages/vite/src/node/plugins/clientInjections.ts:55

          JSON.stringify(process.env.NODE_ENV || config.mode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #307d3da7fe18f43d — Filesystem access.

repo/packages/vite/src/node/plugins/clientInjections.ts:147

  const content = fs.readFileSync(normalizedClientEntry, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fcd41b0799826f31 — Filesystem access.

repo/packages/vite/src/node/plugins/css.ts:1583

          const code = await fs.promises.readFile(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #86c748ac1bb00cbf — Filesystem access.

repo/packages/vite/src/node/plugins/css.ts:2578

            result.contents ?? (await fsp.readFile(result.file, 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #528e80de964c4b7e — Filesystem access.

repo/packages/vite/src/node/plugins/css.ts:2725

  const content = await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a2c8addc98cfcf3c — Filesystem access.

repo/packages/vite/src/node/plugins/css.ts:2855

                  (await fsp.readFile(result.resolved, 'utf-8')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #53246d4ea6c164fe — Filesystem access.

repo/packages/vite/src/node/plugins/css.ts:3242

              const code = fs.readFileSync(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #702428fb424a70a7 — Filesystem access.

repo/packages/vite/src/node/plugins/css.ts:3333

        const code = fs.readFileSync(e.fileName, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #29d8e42f01e7415f — Environment-variable access.

repo/packages/vite/src/node/plugins/define.ts:19

    const nodeEnv = process.env.NODE_ENV || config.mode

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #645db1fcaa68b0c9 — Filesystem access.

repo/packages/vite/src/node/plugins/forwardConsole.ts:138

      const code = fs.readFileSync(stack.file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #48aae8a446840230 — Filesystem access.

repo/packages/vite/src/node/plugins/license.ts:83

            entry.text = fs.readFileSync(licenseFile, 'utf-8').trim()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a6cc17659ac5c93d — Filesystem access.

repo/packages/vite/src/node/plugins/optimizedDeps.ts:89

            fsp.readFile(file, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #92a671fd60293823 — Filesystem access.

repo/packages/vite/src/node/plugins/optimizedDeps.ts:90

            fsp
              .readFile(`${file}.map`, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #57335d752f12b34b — Environment-variable access.

repo/packages/vite/src/node/plugins/reporter.ts:9

    const tty = process.stdout.isTTY && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #13bfe3802ceec1c7 — Filesystem access.

repo/packages/vite/src/node/plugins/wasm.ts:192

    const wasmBinary = await fsp.readFile(wasmFilePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c800beb45f85dfc3 — Filesystem access.

repo/packages/vite/src/node/server/hmr.ts:1137

  const content = await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #35c25e0ad15bb77a — Filesystem access.

repo/packages/vite/src/node/server/hmr.ts:1149

    return await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ab0db2fa5b129ec0 — Environment-variable access.

repo/packages/vite/src/node/server/index.ts:934

  if (process.env.DEBUG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3bbd0c42686e8400 — Filesystem access.

repo/packages/vite/src/node/server/index.ts:1275

    const content = fs.readFileSync(pnpmModulesYaml, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f9724e2871f2f999 — Environment-variable access.

repo/packages/vite/src/node/server/index.ts:1316

    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fefede80ac3a0fae — Environment-variable access.

repo/packages/vite/src/node/server/index.ts:1320

      process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #99816eb23ebdf89a — Filesystem access.

repo/packages/vite/src/node/server/middlewares/__tests__/indexHtml.spec.ts:9

const HTML_CONTENT = fs.readFileSync(HTML_PATH, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #17b43f93c9990277 — Filesystem access.

repo/packages/vite/src/node/server/middlewares/__tests__/indexHtml.spec.ts:68

    const htmlContent = fs.readFileSync(htmlPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #171fb60c8bea20e4 — Filesystem access.

repo/packages/vite/src/node/server/middlewares/indexHtml.ts:534

          let html = await fsp.readFile(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #911c69065571b8a4 — Filesystem access.

repo/packages/vite/src/node/server/middlewares/transform.ts:170

              await fsp.readFile(sourcemapPath, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4b8caf191900b811 — Environment-variable access.

repo/packages/vite/src/node/server/openBrowser.ts:31

  const browser = typeof opt === 'string' ? opt : process.env.BROWSER || ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f0d2df92d2cf7e45 — Environment-variable access.

repo/packages/vite/src/node/server/openBrowser.ts:35

    const browserArgs = process.env.BROWSER_ARGS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b9aaeeda11b34eac — Environment-variable access.

repo/packages/vite/src/node/server/openBrowser.ts:36

      ? process.env.BROWSER_ARGS.split(' ')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #24216cd5d93a9ebc — Environment-variable access.

repo/packages/vite/src/node/server/pluginContainer.ts:111

  process.env.DEBUG_VITE_SOURCEMAP_COMBINE_FILTER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dff814ec46156255 — Filesystem access.

repo/packages/vite/src/node/server/pluginContainer.ts:961

              code = fs.readFileSync(err.loc.file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6cfff0db69d099ba — Filesystem access.

repo/packages/vite/src/node/server/pluginContainer.ts:1000

              code = fs.readFileSync(err.loc.file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7732318eccda5134 — Filesystem access.

repo/packages/vite/src/node/server/searchRoot.ts:31

    const content = JSON.parse(fs.readFileSync(path, 'utf-8')) || {}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d44e4d7b2fed4274 — Filesystem access.

repo/packages/vite/src/node/server/searchRoot.ts:46

      const content = JSON.parse(fs.readFileSync(path, 'utf-8')) || {}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a642a4bbd15971aa — Filesystem access.

repo/packages/vite/src/node/server/sourcemap.ts:112

          sourcesContent[index] = await fsp
            .readFile(resolvedSourcePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ef459bfb058265f5 — Filesystem access.

repo/packages/vite/src/node/server/sourcemap.ts:241

    return fs.readFileSync(resolvedPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fb00f4d337e06a6b — Filesystem access.

repo/packages/vite/src/node/server/transformRequest.ts:284

        code = await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d847917e7d60f869 — Filesystem access.

repo/packages/vite/src/node/server/warmup.ts:34

        const html = await fs.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #16c3f635dfde24eb — Environment-variable access.

repo/packages/vite/src/node/shortcuts.ts:36

  enabled: boolean = process.stdin.isTTY && !process.env.CI,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #60c93f4308dece87 — Filesystem access.

repo/packages/vite/src/node/ssr/__tests__/ssrLoadModule.spec.ts:233

  const source = fs.readFileSync(
    path.join(root, 'fixtures/json/test.json'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8375df6bfb78d4dd — Filesystem access.

repo/packages/vite/src/node/ssr/__tests__/ssrTransform.spec.ts:644

    return readFileSync(fileURLToPath(url), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #01fe9ec381fa9471 — Filesystem access.

repo/packages/vite/src/node/ssr/__tests__/ssrTransform.spec.ts:669

    return readFileSync(fileURLToPath(url), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b133b991a0946eb2 — Filesystem access.

repo/packages/vite/src/node/ssr/runtime/__tests__/fixtures/native.js:3

export { readdirSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c3d346c78707630c — Environment-variable access.

repo/packages/vite/src/node/ssr/runtime/__tests__/server-hmr.spec.ts:137

  process.env.CI ? 50_00 : 5_000,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3f65352b1b10367e — Filesystem access.

repo/packages/vite/src/node/ssr/runtime/__tests__/utils.ts:114

      fs.writeFileSync(file, content, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8fed54d5c6b4c95d — Filesystem access.

repo/packages/vite/src/node/ssr/runtime/__tests__/utils.ts:121

      const content = fs.readFileSync(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b7b3c029ffbdc78b — Filesystem access.

repo/packages/vite/src/node/ssr/runtime/__tests__/utils.ts:123

      fs.writeFileSync(file, callback(content), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1dd692c8bb2bc2f4 — Filesystem access.

repo/packages/vite/src/node/ssr/runtime/serverModuleRunner.ts:66

      return readFileSync(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #91d7be42516ddf90 — Environment-variable access.

repo/packages/vite/src/node/utils.ts:176

const filter = process.env.VITE_DEBUG_FILTER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3347ded7a56a48a2 — Environment-variable access.

repo/packages/vite/src/node/utils.ts:178

const DEBUG = process.env.DEBUG

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d6169ce3fe4d4dcd — Environment-variable access.

repo/packages/vite/src/node/utils.ts:1246

    const method = process.env.VITE_DEPRECATION_TRACE ? 'trace' : 'warn'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3099d6ff13078108 — Environment-variable access.

repo/packages/vite/src/node/utils.ts:1351

    const method = process.env.VITE_DEPRECATION_TRACE ? 'trace' : 'warn'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #49bb2d7abcb78670 — Environment-variable access.

repo/packages/vite/src/node/utils.ts:1708

    process.env.npm_config_user_agent?.split(' ')[0].split('/')[0] || 'npm'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a1cc336e3c6703f0 — Environment-variable access.

repo/packages/vite/src/node/utils.ts:1833

    if (process.env.CI !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #84c78625150e3653 — Environment-variable access.

repo/packages/vite/src/node/utils.ts:1846

    if (process.env.CI !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f9c24756a4e13ba5 — Filesystem access.

repo/playground/assets/__tests__/assets.spec.ts:536

  const src = readFile('foo.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #51aa46c266eab2cb — Filesystem access.

repo/playground/assets/__tests__/assets.spec.ts:555

    const src = readFile('テスト-測試-white space.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #03a3325401470bbb — Filesystem access.

repo/playground/assets/__tests__/assets.spec.ts:579

    const newContent = readFile('import-meta-url/img-update.png', null)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3801a49d482ada8e — Filesystem access.

repo/playground/assets/__tests__/assets.spec.ts:787

  const indexHtml = readFile('./dist/foo/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e6dd5586c105b7fd — Filesystem access.

repo/playground/assets/__tests__/assets.spec.ts:794

  const indexHtml = readFile('./dist/foo/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8503f82d8aa42ece — Filesystem access.

repo/playground/csp/vite.config.js:28

  const content = await fs.readFile(
    path.join(import.meta.dirname, file),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #979159ec3fbc54e2 — Environment-variable access.

repo/playground/css-lightningcss-proxy/server.js:6

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #58bc3bec1a2c6d7e — Filesystem access.

repo/playground/css-lightningcss-proxy/server.js:59

      let template = fs.readFileSync(htmlLoc, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #936a46ea43381fc6 — Filesystem access.

repo/playground/css/__tests__/tests.ts:411

    readFileSync(require.resolve('../raw-imported.css'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b6ec49800ef9538c — Filesystem access.

repo/playground/css/postcss.config.js:23

        const text = files.map((f) => fs.readFileSync(f, 'utf-8')).join('\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6121044fe1d6d6fb — Environment-variable access.

repo/playground/env/__tests__/env.spec.ts:52

  expect(await page.textContent('.node-env')).toBe(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4b93b644dcded747 — Environment-variable access.

repo/playground/env/__tests__/env.spec.ts:53

  expect(await page.textContent('.global-node-env')).toBe(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #63093ce522bcd5cf — Environment-variable access.

repo/playground/env/__tests__/env.spec.ts:55

    process.env.NODE_ENV,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #75169bd071479bbc — Environment-variable access.

repo/playground/env/vite.config.js:3

process.env.EXPAND = 'expand'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4cef1b082fff7d1e — Filesystem access.

repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:49

      fs.readFileSync(file, 'utf-8').includes('process.env.NODE_ENV'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9e07e7c98c9bbf97 — Filesystem access.

repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:67

      const originalContent = readFile(filePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fc8b65a9b3e23846 — Filesystem access.

repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:68

      fs.writeFileSync(
        filePath,
        `import 'react-fake-${env}'\n${originalContent}`,
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2df5a9dac9fad331 — Filesystem access.

repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:74

        fs.writeFileSync(filePath, originalContent, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #27492fe0766eceba — Filesystem access.

repo/playground/external/vite.config.js:13

      const code = await fs.readFile(
        new URL(`./node_modules/${file}`, import.meta.url),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9eda4b6c9a3028c1 — Filesystem access.

repo/playground/fs-serve/__tests__/commonTests.ts:26

const safeJsonContent = fs.readFileSync(
  path.resolve(import.meta.dirname, '../safe.json'),
  'utf-8',
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b596a8751cff90aa — Filesystem access.

repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:300

      const originalUnresolvedFile = readFile('unresolved.ts')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5a0badc03d3dbf4c — Filesystem access.

repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:303

        fs.writeFileSync(filepath, originalUnresolvedFile, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #06c89afe3b940cea — Filesystem access.

repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:772

  const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3159a3e5adfafe19 — Filesystem access.

repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:842

  const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #95099173a59b02e0 — Filesystem access.

repo/playground/hmr/__tests__/hmr.spec.ts:907

    const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5300344abe177cf1 — Filesystem access.

repo/playground/hmr/__tests__/hmr.spec.ts:984

    const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f470524396825316 — Filesystem access.

repo/playground/hmr/vite.config.ts:114

        const dep = await fs.readFile(depPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d2589799f304daef — Filesystem access.

repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:308

      const mapContent = readFile(`dist/assets/${mapAsset}`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b6da588d068bfb1b — Filesystem access.

repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:384

      const jsContent = readFile(jsAsset)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #01620fa08f418935 — Filesystem access.

repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:395

      const mapContent = readFile(mapFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d4471828003d09cd — Filesystem access.

repo/playground/json/__tests__/csr/json-csr.spec.ts:48

    readFileSync(require.resolve('../../test.json'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #569e92752fe44f27 — Filesystem access.

repo/playground/legacy/__tests__/legacy.spec.ts:171

          readFile(`dist/assets/${filename}`).includes('Unable to preload'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a2b311df79c6a367 — Filesystem access.

repo/playground/legacy/vite.config-chunk-importmap.js:21

    let index = fs.readFileSync(indexPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dcac165f41ec4f2e — Filesystem access.

repo/playground/legacy/vite.config-chunk-importmap.js:25

    fs.writeFileSync(indexPath, index)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #428d7c75499a15af — Filesystem access.

repo/playground/legacy/vite.config.js:45

    let index = fs.readFileSync(indexPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #35e6fee02b85254b — Filesystem access.

repo/playground/legacy/vite.config.js:49

    fs.writeFileSync(indexPath, index)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d5b4ea3441aa0f9e — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:11

    const code = readFile('dist/my-lib-custom-filename.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4336e1c3042a83af — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:12

    const noMinifyCode = readFile(
      'dist/nominify/my-lib-custom-filename.umd.cjs',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a6f97bdbdd96cf46 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:15

    const namedCode = readFile('dist/named/my-lib-named.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c61bc08c493a17a0 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:26

    const code = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cd130b2637a44265 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:27

    const noMinifyCode = readFile(
      'dist/nominify/my-lib-custom-filename.iife.js',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #40151bbff23e62bd — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:30

    const namedCode = readFile('dist/named/my-lib-named.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #00d00201a72d09de — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:40

    const code = readFile(
      'dist/helpers-injection/my-lib-custom-filename.iife.js',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #47dd66c2c4b102d5 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:52

    const code = readFile('dist/lib/dynamic-import-message.es.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3b6c93a7d8d573b5 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:60

    const code = readFile('dist/lib/dynamic-import-message.es.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #db4068bbb35811c3 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:70

    const es = readFile('dist/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #015be5eea6bbff6d — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:75

    const es = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b773e3a677e75fb5 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:87

    const es = readFile('dist/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b28124f9ce18f820 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:88

    const iife = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fcfe6bdf9aaa61b3 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:89

    const umd = readFile('dist/my-lib-custom-filename.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1ab00dfc9acb1c93 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:96

    const terserEs = readFile('dist/terser/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #300eacbc68f825f7 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:101

    const terserEs = readFile('dist/terser/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #94e44c78794a0ae9 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:106

    const terserIife = readFile('dist/terser/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bbf28b37ef42c627 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:111

    const css = readFile('dist/css-single-entry/test-my-lib.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9a0ff9aa58204ad6 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:112

    const js = readFile('dist/css-single-entry/test-my-lib.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3f49badef5b6402c — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:113

    const umd = readFile('dist/css-single-entry/test-my-lib.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3f18e17ba1a774ed — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:120

    const css = readFile('dist/css-multi-entry/test-my-lib.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a230a33770a60b21 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:121

    const js1 = readFile('dist/css-multi-entry/css-entry-1.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7cd364e4707b78d8 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:122

    const js2 = readFile('dist/css-multi-entry/css-entry-2.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1edc0c965a897785 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:123

    const cjs1 = readFile('dist/css-multi-entry/css-entry-1.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d9e80c25b4e201a7 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:124

    const cjs2 = readFile('dist/css-multi-entry/css-entry-2.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #32903a7cfc216735 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:134

    const css1 = readFile('dist/css-code-split/css-entry-1.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e3e6fbf8669600e4 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:135

    const css2 = readFile('dist/css-code-split/css-entry-2.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1b3f6870e90a6eef — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:136

    const js1 = readFile('dist/css-code-split/css-entry-1.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1461d6b6bfe91ea0 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:137

    const js2 = readFile('dist/css-code-split/css-entry-2.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c14722534fbdca02 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:138

    const cjs1 = readFile('dist/css-code-split/css-entry-1.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f6d711df3890efa2 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:139

    const cjs2 = readFile('dist/css-code-split/css-entry-2.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #eb7550ec889e0270 — Environment-variable access.

repo/playground/lib/__tests__/serve.ts:26

    process.env.VITE_INLINE = 'inline-serve'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4c92cd4f2307df1c — Environment-variable access.

repo/playground/lib/src/main.js:8

  console.log(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8ef547f47b967465 — Filesystem access.

repo/playground/lib/vite.config.js:38

          source: fs.readFileSync(
            path.resolve(import.meta.dirname, 'index.dist.html'),
            'utf-8',
          ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #145db0de3b2d4339 — Environment-variable access.

repo/playground/lib/vite.multiple-output.config.js:4

const root = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7bdb0d3109dd3c0c — Filesystem access.

repo/playground/minify/__tests__/minify.spec.ts:11

  const jsContent = readFile(path.resolve(assetsDir, jsFile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #da6f09ffb58445db — Filesystem access.

repo/playground/minify/__tests__/minify.spec.ts:14

  const cssContent = readFile(path.resolve(assetsDir, cssFile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e2dccebcec364139 — Environment-variable access.

repo/playground/optimize-deps-no-discovery/vite.config.js:4

process.env.NODE_ENV = ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aa57805f0673f6d9 — Environment-variable access.

repo/playground/optimize-deps/dep-cjs-with-external-deps/index.js:5

if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a09ad325a460da64 — Filesystem access.

repo/playground/optimize-deps/dep-linked-include/index.mjs:16

  fs.readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #44498659e30e75c2 — Environment-variable access.

repo/playground/optimize-deps/dep-node-env/index.js:1

export const env = process.env.NODE_ENV === 'production' ? 'prod' : 'dev'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e3363f2da8a9f9de — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:3

const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e3363f2da8a9f9de — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:3

const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5998b82bd86275d9 — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:20

  return fs.readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1f229111ba6ff7da — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:3

import { readFileSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #76ac3f482e4684af — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:9

  readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #694f91eed712680a — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:23

  return readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6638cc39e0742d1a — Filesystem access.

repo/playground/optimize-deps/vite.config.js:116

                    let contents = fs.readFileSync(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a441cde5b2d29628 — Environment-variable access.

repo/playground/optimize-missing-deps/server.js:6

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1cd25ec7394ac507 — Filesystem access.

repo/playground/optimize-missing-deps/server.js:33

      let template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c5a10221af1313bd — Environment-variable access.

repo/playground/ssr-alias/src/main.js:8

  builtin: process.env['__TEST_ALIAS__'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3d9387e6196380a5 — Environment-variable access.

repo/playground/ssr-conditions/server.js:6

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #255a3f598b33e63c — Environment-variable access.

repo/playground/ssr-conditions/server.js:10

  isProd = process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #24bb43b31d99386f — Filesystem access.

repo/playground/ssr-conditions/server.js:16

    ? fs.readFileSync(resolve('dist/client/index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6d547fcaec0b8754 — Filesystem access.

repo/playground/ssr-conditions/server.js:56

        template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #71ed73377c7181a3 — Environment-variable access.

repo/playground/ssr-deps/__tests__/ssr-deps.spec.ts:103

    `Hello World from ${process.env.NODE_ENV}!`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dba11ad7c2afa387 — Filesystem access.

repo/playground/ssr-deps/read-file-content/index.js:5

  return await fs.readFile(path.resolve(filePath), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4923ee53da80c62a — Environment-variable access.

repo/playground/ssr-deps/server.js:6

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ab6198d0de36a9f1 — Filesystem access.

repo/playground/ssr-deps/server.js:100

      template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #25453593c7bc085c — Environment-variable access.

repo/playground/ssr-html/server.js:5

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #38d2896b46140b26 — Filesystem access.

repo/playground/ssr-html/server.js:79

        const template = fs.readFileSync(resolve(`.${url}index.html`), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1f7a4d92bc293066 — Filesystem access.

repo/playground/ssr-html/server.js:94

      let template = fs.readFileSync(htmlLoc, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3a7525532febbee1 — Environment-variable access.

repo/playground/ssr-html/test-stacktrace.js:10

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #494be6553e5f2dd9 — Environment-variable access.

repo/playground/ssr-noexternal/server.js:5

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cb91a2d010461011 — Environment-variable access.

repo/playground/ssr-noexternal/server.js:9

  isProd = process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #36a16bcea0cd029c — Filesystem access.

repo/playground/ssr-noexternal/server.js:15

    ? fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #296a1bc066ea62e7 — Filesystem access.

repo/playground/ssr-noexternal/server.js:54

        template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52a2eb24c8efdfcd — Environment-variable access.

repo/playground/ssr-pug/server.js:6

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c5b824cacb90873b — Filesystem access.

repo/playground/ssr-resolve/__tests__/ssr-resolve.spec.ts:9

  const contents = readFile('dist/main.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #68c50b2c3fff77b2 — Filesystem access.

repo/playground/ssr-resolve/__tests__/ssr-resolve.spec.ts:38

    const contents = readFile('dist/main.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bfefc36da93844f8 — Environment-variable access.

repo/playground/ssr-wasm/server.js:3

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #379a642e132ba121 — Environment-variable access.

repo/playground/ssr-wasm/server.js:4

const isProduction = process.env.NODE_ENV === 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cc2a47582032ad17 — Environment-variable access.

repo/playground/ssr-webworker/worker.js:4

const isTest = !!process.env.TEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e6f31590968b6e25 — Environment-variable access.

repo/playground/ssr/server.js:5

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #499eb395913f1fd6 — Filesystem access.

repo/playground/ssr/server.js:47

      template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb13d8243b4961f6 — Filesystem access.

repo/playground/test-utils.ts:164

  return fs.readFileSync(path.resolve(testDir, filename), encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a6061bd29c7f4d7e — Filesystem access.

repo/playground/test-utils.ts:190

  const content: string | Buffer = fs.readFileSync(filename, encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b6ea91ca37ff59bb — Filesystem access.

repo/playground/test-utils.ts:194

  fs.writeFileSync(filename, modified)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #36010edd53481174 — Filesystem access.

repo/playground/test-utils.ts:200

  fs.writeFileSync(resolvedFilename, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a6ad60855d8168a7 — Filesystem access.

repo/playground/test-utils.ts:233

            fs.readFileSync(path.resolve(assetsDir, file), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b5f320dbcafc07b7 — Filesystem access.

repo/playground/test-utils.ts:240

      ? fs.readFileSync(path.resolve(assetsDir, matchedFile), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #01b98bce67a3fbe8 — Filesystem access.

repo/playground/test-utils.ts:247

    fs.readFileSync(
      path.join(testDir, 'dist', base, '.vite/manifest.json'),
      'utf-8',
    ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7ad5788c1dc8c91c — Filesystem access.

repo/playground/test-utils.ts:259

    fs.readFileSync(
      path.join(testDir, `node_modules/.vite/deps${suffix}/_metadata.json`),
      'utf-8',
    ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #46d7b29383ec9004 — Filesystem access.

repo/playground/tsconfig-json-load-error/__tests__/tsconfig-json-load-error.spec.ts:18

      readFile('dist/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e18a33db6b5b7e70 — Filesystem access.

repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:37

    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #49c487b33cb89950 — Filesystem access.

repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:51

    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bb4feefd91288205 — Filesystem access.

repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:66

    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1022d696e60e7b83 — Filesystem access.

repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:81

    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b40f8daec03cc340 — Environment-variable access.

repo/playground/vitestGlobalSetup.ts:13

    headless: !process.env.VITE_DEBUG_SERVE,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0b6d150e9d7ea6ba — Environment-variable access.

repo/playground/vitestGlobalSetup.ts:14

    args: process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d9e29dd8c6138c00 — Environment-variable access.

repo/playground/vitestGlobalSetup.ts:68

  if (!process.env.VITE_PRESERVE_BUILD_ARTIFACTS) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5744c01471dd6397 — Environment-variable access.

repo/playground/vitestSetup.ts:66

export const isBuild = !!process.env.VITE_TEST_BUILD

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #29c2520d2eb9647c — Environment-variable access.

repo/playground/vitestSetup.ts:157

        process.env.VITE_DEBUG_SERVE &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #89c2223098e74546 — Environment-variable access.

repo/playground/vitestSetup.ts:279

    process.env.VITE_INLINE = 'inline-serve'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f39d16fec7fa617a — Environment-variable access.

repo/playground/vitestSetup.ts:288

    process.env.VITE_INLINE = 'inline-build'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8aec34b2e2ef2740 — Environment-variable access.

repo/playground/vitestSetup.ts:324

    const _nodeEnv = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #091db7d86629af7c — Environment-variable access.

repo/playground/vitestSetup.ts:327

    process.env.NODE_ENV = _nodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dbd0e55cbaad0b93 — Environment-variable access.

repo/playground/worker/__tests__/es/worker-es.spec.ts:10

    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2af59cd0c602a947 — Filesystem access.

repo/playground/worker/__tests__/es/worker-es.spec.ts:103

      const fileContent = fs.readFileSync(
        path.resolve(assetsDir, file),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bfc919d6d162e053 — Filesystem access.

repo/playground/worker/__tests__/es/worker-es.spec.ts:111

    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2124255d78886ab4 — Filesystem access.

repo/playground/worker/__tests__/es/worker-es.spec.ts:113

    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b0796fe3a6a24751 — Environment-variable access.

repo/playground/worker/__tests__/iife/worker-iife.spec.ts:19

    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e410fcb53d9253ac — Filesystem access.

repo/playground/worker/__tests__/iife/worker-iife.spec.ts:90

      const fileContent = fs.readFileSync(
        path.resolve(assetsDir, file),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #15757642939fd1af — Filesystem access.

repo/playground/worker/__tests__/iife/worker-iife.spec.ts:98

    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9fdee78b1a11fbff — Filesystem access.

repo/playground/worker/__tests__/iife/worker-iife.spec.ts:100

    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8a6a9f791e200f95 — Environment-variable access.

repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:10

    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #df8ff72b9d672471 — Filesystem access.

repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:66

    const content = fs.readFileSync(path.resolve(chunksDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #881aaee4022f958c — Filesystem access.

repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:73

    const workerContent = fs.readFileSync(
      path.resolve(workerEntriesDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f0e83deea5d98675 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:20

    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1199cf6e2582eded — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:23

    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b4d4559d20667c2d — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:31

    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #983029224900b2aa — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:39

    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #28e09d6e388e5690 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:49

    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #13fdd757d2a6d790 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:57

    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #293b45c6cd1a6639 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:14

    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #16c994b5098ad8d9 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:17

    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #877a5de3f7ae6c04 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:25

    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9755ed37b9087217 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:33

    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dcc9714b3d0439b3 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:43

    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d55f7dcdeae678d1 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:51

    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #daaab613a0f0faf4 — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:20

    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bf19cfa242838c4f — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:23

    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #efaf917688153aaf — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:31

    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #32ef6a73822de2b6 — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:39

    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #76e4f8b1d8b8a0ac — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:49

    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #570855eb9f35f4d3 — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:57

    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3db0cc0866e8d6b5 — Environment-variable access.

repo/playground/worker/modules/workerImport.ts:2

export const mode = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #071882cdc13a0f9f — Environment-variable access.

repo/playground/worker/worker-sourcemap-config.js:7

    /** @type {'inline' | 'hidden' | 'sourcemap'} */ (
      process.env.WORKER_MODE
    ) || sourcemap

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #78961efe0733c171 — Filesystem access.

repo/scripts/mergeChangelog.ts:188

const content = await readFile(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #28671e8f660aa462 — Filesystem access.

repo/scripts/mergeChangelog.ts:212

await writeFile(filePath, result, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ce144ab478f97b3c — Filesystem access.

repo/scripts/releaseUtils.ts:19

    await fs.readFile(`packages/${pkgName}/package.json`, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9e2f9e4bc3046494 — Filesystem access.

repo/scripts/releaseUtils.ts:55

    await fs.readFile('packages/vite/package.json', 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #45538602f261561e — Filesystem access.

repo/scripts/releaseUtils.ts:66

    const pkg = JSON.parse(await fs.readFile(pkgPath, 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8d6c554072bbb9ee — Filesystem access.

repo/scripts/releaseUtils.ts:68

    await fs.writeFile(pkgPath, JSON.stringify(pkg, null, 2) + '\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7c903b607c347b28 — Environment-variable access.

repo/vitest.config.e2e.ts:4

const isBuild = !!process.env.VITE_TEST_BUILD

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cf6f5633ea442fbf — Environment-variable access.

repo/vitest.config.e2e.ts:6

const timeout = process.env.PWDEBUG ? Infinity : process.env.CI ? 50000 : 30000

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cf6f5633ea442fbf — Environment-variable access.

repo/vitest.config.e2e.ts:6

const timeout = process.env.PWDEBUG ? Infinity : process.env.CI ? 50000 : 30000

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a7d7c2095c60cf71 — Environment-variable access.

repo/vitest.config.e2e.ts:36

        timeout: 50 * (process.env.CI ? 200 : 50),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #75fe9c388c8fe370 — Environment-variable access.

repo/vitest.config.e2e.ts:40

      NODE_ENV: process.env.VITE_TEST_BUILD ? 'production' : 'development',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground

npm first-party

medium pii_flow production #cbda9488e4cfee1d — PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.

repo/playground/lib/src/main.js:8 · flow /tmp/closeopen-v_52xqqa/repo/playground/lib/src/main.js:8 → /tmp/closeopen-v_52xqqa/repo/playground/lib/src/main.js:8

  console.log(process.env.NODE_ENV)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 164 low-confidence finding(s)

low env_fs test-only #f9c24756a4e13ba5 — Filesystem access.

repo/playground/assets/__tests__/assets.spec.ts:536

  const src = readFile('foo.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #51aa46c266eab2cb — Filesystem access.

repo/playground/assets/__tests__/assets.spec.ts:555

    const src = readFile('テスト-測試-white space.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #03a3325401470bbb — Filesystem access.

repo/playground/assets/__tests__/assets.spec.ts:579

    const newContent = readFile('import-meta-url/img-update.png', null)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3801a49d482ada8e — Filesystem access.

repo/playground/assets/__tests__/assets.spec.ts:787

  const indexHtml = readFile('./dist/foo/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e6dd5586c105b7fd — Filesystem access.

repo/playground/assets/__tests__/assets.spec.ts:794

  const indexHtml = readFile('./dist/foo/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8503f82d8aa42ece — Filesystem access.

repo/playground/csp/vite.config.js:28

  const content = await fs.readFile(
    path.join(import.meta.dirname, file),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #979159ec3fbc54e2 — Environment-variable access.

repo/playground/css-lightningcss-proxy/server.js:6

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #58bc3bec1a2c6d7e — Filesystem access.

repo/playground/css-lightningcss-proxy/server.js:59

      let template = fs.readFileSync(htmlLoc, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #936a46ea43381fc6 — Filesystem access.

repo/playground/css/__tests__/tests.ts:411

    readFileSync(require.resolve('../raw-imported.css'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b6ec49800ef9538c — Filesystem access.

repo/playground/css/postcss.config.js:23

        const text = files.map((f) => fs.readFileSync(f, 'utf-8')).join('\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6121044fe1d6d6fb — Environment-variable access.

repo/playground/env/__tests__/env.spec.ts:52

  expect(await page.textContent('.node-env')).toBe(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4b93b644dcded747 — Environment-variable access.

repo/playground/env/__tests__/env.spec.ts:53

  expect(await page.textContent('.global-node-env')).toBe(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #63093ce522bcd5cf — Environment-variable access.

repo/playground/env/__tests__/env.spec.ts:55

    process.env.NODE_ENV,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #75169bd071479bbc — Environment-variable access.

repo/playground/env/vite.config.js:3

process.env.EXPAND = 'expand'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4cef1b082fff7d1e — Filesystem access.

repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:49

      fs.readFileSync(file, 'utf-8').includes('process.env.NODE_ENV'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9e07e7c98c9bbf97 — Filesystem access.

repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:67

      const originalContent = readFile(filePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fc8b65a9b3e23846 — Filesystem access.

repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:68

      fs.writeFileSync(
        filePath,
        `import 'react-fake-${env}'\n${originalContent}`,
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2df5a9dac9fad331 — Filesystem access.

repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:74

        fs.writeFileSync(filePath, originalContent, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #27492fe0766eceba — Filesystem access.

repo/playground/external/vite.config.js:13

      const code = await fs.readFile(
        new URL(`./node_modules/${file}`, import.meta.url),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9eda4b6c9a3028c1 — Filesystem access.

repo/playground/fs-serve/__tests__/commonTests.ts:26

const safeJsonContent = fs.readFileSync(
  path.resolve(import.meta.dirname, '../safe.json'),
  'utf-8',
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b596a8751cff90aa — Filesystem access.

repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:300

      const originalUnresolvedFile = readFile('unresolved.ts')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5a0badc03d3dbf4c — Filesystem access.

repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:303

        fs.writeFileSync(filepath, originalUnresolvedFile, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #06c89afe3b940cea — Filesystem access.

repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:772

  const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3159a3e5adfafe19 — Filesystem access.

repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:842

  const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #95099173a59b02e0 — Filesystem access.

repo/playground/hmr/__tests__/hmr.spec.ts:907

    const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5300344abe177cf1 — Filesystem access.

repo/playground/hmr/__tests__/hmr.spec.ts:984

    const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f470524396825316 — Filesystem access.

repo/playground/hmr/vite.config.ts:114

        const dep = await fs.readFile(depPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d2589799f304daef — Filesystem access.

repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:308

      const mapContent = readFile(`dist/assets/${mapAsset}`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b6da588d068bfb1b — Filesystem access.

repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:384

      const jsContent = readFile(jsAsset)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #01620fa08f418935 — Filesystem access.

repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:395

      const mapContent = readFile(mapFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d4471828003d09cd — Filesystem access.

repo/playground/json/__tests__/csr/json-csr.spec.ts:48

    readFileSync(require.resolve('../../test.json'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #569e92752fe44f27 — Filesystem access.

repo/playground/legacy/__tests__/legacy.spec.ts:171

          readFile(`dist/assets/${filename}`).includes('Unable to preload'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a2b311df79c6a367 — Filesystem access.

repo/playground/legacy/vite.config-chunk-importmap.js:21

    let index = fs.readFileSync(indexPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dcac165f41ec4f2e — Filesystem access.

repo/playground/legacy/vite.config-chunk-importmap.js:25

    fs.writeFileSync(indexPath, index)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #428d7c75499a15af — Filesystem access.

repo/playground/legacy/vite.config.js:45

    let index = fs.readFileSync(indexPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #35e6fee02b85254b — Filesystem access.

repo/playground/legacy/vite.config.js:49

    fs.writeFileSync(indexPath, index)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d5b4ea3441aa0f9e — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:11

    const code = readFile('dist/my-lib-custom-filename.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4336e1c3042a83af — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:12

    const noMinifyCode = readFile(
      'dist/nominify/my-lib-custom-filename.umd.cjs',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a6f97bdbdd96cf46 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:15

    const namedCode = readFile('dist/named/my-lib-named.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c61bc08c493a17a0 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:26

    const code = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cd130b2637a44265 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:27

    const noMinifyCode = readFile(
      'dist/nominify/my-lib-custom-filename.iife.js',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #40151bbff23e62bd — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:30

    const namedCode = readFile('dist/named/my-lib-named.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #00d00201a72d09de — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:40

    const code = readFile(
      'dist/helpers-injection/my-lib-custom-filename.iife.js',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #47dd66c2c4b102d5 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:52

    const code = readFile('dist/lib/dynamic-import-message.es.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3b6c93a7d8d573b5 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:60

    const code = readFile('dist/lib/dynamic-import-message.es.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #db4068bbb35811c3 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:70

    const es = readFile('dist/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #015be5eea6bbff6d — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:75

    const es = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b773e3a677e75fb5 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:87

    const es = readFile('dist/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b28124f9ce18f820 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:88

    const iife = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fcfe6bdf9aaa61b3 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:89

    const umd = readFile('dist/my-lib-custom-filename.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1ab00dfc9acb1c93 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:96

    const terserEs = readFile('dist/terser/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #300eacbc68f825f7 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:101

    const terserEs = readFile('dist/terser/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #94e44c78794a0ae9 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:106

    const terserIife = readFile('dist/terser/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bbf28b37ef42c627 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:111

    const css = readFile('dist/css-single-entry/test-my-lib.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9a0ff9aa58204ad6 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:112

    const js = readFile('dist/css-single-entry/test-my-lib.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3f49badef5b6402c — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:113

    const umd = readFile('dist/css-single-entry/test-my-lib.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3f18e17ba1a774ed — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:120

    const css = readFile('dist/css-multi-entry/test-my-lib.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a230a33770a60b21 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:121

    const js1 = readFile('dist/css-multi-entry/css-entry-1.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7cd364e4707b78d8 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:122

    const js2 = readFile('dist/css-multi-entry/css-entry-2.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1edc0c965a897785 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:123

    const cjs1 = readFile('dist/css-multi-entry/css-entry-1.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d9e80c25b4e201a7 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:124

    const cjs2 = readFile('dist/css-multi-entry/css-entry-2.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #32903a7cfc216735 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:134

    const css1 = readFile('dist/css-code-split/css-entry-1.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e3e6fbf8669600e4 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:135

    const css2 = readFile('dist/css-code-split/css-entry-2.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1b3f6870e90a6eef — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:136

    const js1 = readFile('dist/css-code-split/css-entry-1.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1461d6b6bfe91ea0 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:137

    const js2 = readFile('dist/css-code-split/css-entry-2.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c14722534fbdca02 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:138

    const cjs1 = readFile('dist/css-code-split/css-entry-1.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f6d711df3890efa2 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:139

    const cjs2 = readFile('dist/css-code-split/css-entry-2.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #eb7550ec889e0270 — Environment-variable access.

repo/playground/lib/__tests__/serve.ts:26

    process.env.VITE_INLINE = 'inline-serve'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4c92cd4f2307df1c — Environment-variable access.

repo/playground/lib/src/main.js:8

  console.log(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8ef547f47b967465 — Filesystem access.

repo/playground/lib/vite.config.js:38

          source: fs.readFileSync(
            path.resolve(import.meta.dirname, 'index.dist.html'),
            'utf-8',
          ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #145db0de3b2d4339 — Environment-variable access.

repo/playground/lib/vite.multiple-output.config.js:4

const root = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7bdb0d3109dd3c0c — Filesystem access.

repo/playground/minify/__tests__/minify.spec.ts:11

  const jsContent = readFile(path.resolve(assetsDir, jsFile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #da6f09ffb58445db — Filesystem access.

repo/playground/minify/__tests__/minify.spec.ts:14

  const cssContent = readFile(path.resolve(assetsDir, cssFile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e2dccebcec364139 — Environment-variable access.

repo/playground/optimize-deps-no-discovery/vite.config.js:4

process.env.NODE_ENV = ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aa57805f0673f6d9 — Environment-variable access.

repo/playground/optimize-deps/dep-cjs-with-external-deps/index.js:5

if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a09ad325a460da64 — Filesystem access.

repo/playground/optimize-deps/dep-linked-include/index.mjs:16

  fs.readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #44498659e30e75c2 — Environment-variable access.

repo/playground/optimize-deps/dep-node-env/index.js:1

export const env = process.env.NODE_ENV === 'production' ? 'prod' : 'dev'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e3363f2da8a9f9de — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:3

const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e3363f2da8a9f9de — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:3

const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5998b82bd86275d9 — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:20

  return fs.readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1f229111ba6ff7da — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:3

import { readFileSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #76ac3f482e4684af — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:9

  readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #694f91eed712680a — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:23

  return readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6638cc39e0742d1a — Filesystem access.

repo/playground/optimize-deps/vite.config.js:116

                    let contents = fs.readFileSync(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a441cde5b2d29628 — Environment-variable access.

repo/playground/optimize-missing-deps/server.js:6

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1cd25ec7394ac507 — Filesystem access.

repo/playground/optimize-missing-deps/server.js:33

      let template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c5a10221af1313bd — Environment-variable access.

repo/playground/ssr-alias/src/main.js:8

  builtin: process.env['__TEST_ALIAS__'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3d9387e6196380a5 — Environment-variable access.

repo/playground/ssr-conditions/server.js:6

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #255a3f598b33e63c — Environment-variable access.

repo/playground/ssr-conditions/server.js:10

  isProd = process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #24bb43b31d99386f — Filesystem access.

repo/playground/ssr-conditions/server.js:16

    ? fs.readFileSync(resolve('dist/client/index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6d547fcaec0b8754 — Filesystem access.

repo/playground/ssr-conditions/server.js:56

        template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #71ed73377c7181a3 — Environment-variable access.

repo/playground/ssr-deps/__tests__/ssr-deps.spec.ts:103

    `Hello World from ${process.env.NODE_ENV}!`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dba11ad7c2afa387 — Filesystem access.

repo/playground/ssr-deps/read-file-content/index.js:5

  return await fs.readFile(path.resolve(filePath), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4923ee53da80c62a — Environment-variable access.

repo/playground/ssr-deps/server.js:6

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ab6198d0de36a9f1 — Filesystem access.

repo/playground/ssr-deps/server.js:100

      template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #25453593c7bc085c — Environment-variable access.

repo/playground/ssr-html/server.js:5

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #38d2896b46140b26 — Filesystem access.

repo/playground/ssr-html/server.js:79

        const template = fs.readFileSync(resolve(`.${url}index.html`), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1f7a4d92bc293066 — Filesystem access.

repo/playground/ssr-html/server.js:94

      let template = fs.readFileSync(htmlLoc, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3a7525532febbee1 — Environment-variable access.

repo/playground/ssr-html/test-stacktrace.js:10

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #494be6553e5f2dd9 — Environment-variable access.

repo/playground/ssr-noexternal/server.js:5

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cb91a2d010461011 — Environment-variable access.

repo/playground/ssr-noexternal/server.js:9

  isProd = process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #36a16bcea0cd029c — Filesystem access.

repo/playground/ssr-noexternal/server.js:15

    ? fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #296a1bc066ea62e7 — Filesystem access.

repo/playground/ssr-noexternal/server.js:54

        template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52a2eb24c8efdfcd — Environment-variable access.

repo/playground/ssr-pug/server.js:6

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c5b824cacb90873b — Filesystem access.

repo/playground/ssr-resolve/__tests__/ssr-resolve.spec.ts:9

  const contents = readFile('dist/main.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #68c50b2c3fff77b2 — Filesystem access.

repo/playground/ssr-resolve/__tests__/ssr-resolve.spec.ts:38

    const contents = readFile('dist/main.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bfefc36da93844f8 — Environment-variable access.

repo/playground/ssr-wasm/server.js:3

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #379a642e132ba121 — Environment-variable access.

repo/playground/ssr-wasm/server.js:4

const isProduction = process.env.NODE_ENV === 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cc2a47582032ad17 — Environment-variable access.

repo/playground/ssr-webworker/worker.js:4

const isTest = !!process.env.TEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e6f31590968b6e25 — Environment-variable access.

repo/playground/ssr/server.js:5

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #499eb395913f1fd6 — Filesystem access.

repo/playground/ssr/server.js:47

      template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb13d8243b4961f6 — Filesystem access.

repo/playground/test-utils.ts:164

  return fs.readFileSync(path.resolve(testDir, filename), encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a6061bd29c7f4d7e — Filesystem access.

repo/playground/test-utils.ts:190

  const content: string | Buffer = fs.readFileSync(filename, encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b6ea91ca37ff59bb — Filesystem access.

repo/playground/test-utils.ts:194

  fs.writeFileSync(filename, modified)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #36010edd53481174 — Filesystem access.

repo/playground/test-utils.ts:200

  fs.writeFileSync(resolvedFilename, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a6ad60855d8168a7 — Filesystem access.

repo/playground/test-utils.ts:233

            fs.readFileSync(path.resolve(assetsDir, file), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b5f320dbcafc07b7 — Filesystem access.

repo/playground/test-utils.ts:240

      ? fs.readFileSync(path.resolve(assetsDir, matchedFile), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #01b98bce67a3fbe8 — Filesystem access.

repo/playground/test-utils.ts:247

    fs.readFileSync(
      path.join(testDir, 'dist', base, '.vite/manifest.json'),
      'utf-8',
    ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7ad5788c1dc8c91c — Filesystem access.

repo/playground/test-utils.ts:259

    fs.readFileSync(
      path.join(testDir, `node_modules/.vite/deps${suffix}/_metadata.json`),
      'utf-8',
    ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #46d7b29383ec9004 — Filesystem access.

repo/playground/tsconfig-json-load-error/__tests__/tsconfig-json-load-error.spec.ts:18

      readFile('dist/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e18a33db6b5b7e70 — Filesystem access.

repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:37

    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #49c487b33cb89950 — Filesystem access.

repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:51

    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bb4feefd91288205 — Filesystem access.

repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:66

    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1022d696e60e7b83 — Filesystem access.

repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:81

    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b40f8daec03cc340 — Environment-variable access.

repo/playground/vitestGlobalSetup.ts:13

    headless: !process.env.VITE_DEBUG_SERVE,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0b6d150e9d7ea6ba — Environment-variable access.

repo/playground/vitestGlobalSetup.ts:14

    args: process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d9e29dd8c6138c00 — Environment-variable access.

repo/playground/vitestGlobalSetup.ts:68

  if (!process.env.VITE_PRESERVE_BUILD_ARTIFACTS) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5744c01471dd6397 — Environment-variable access.

repo/playground/vitestSetup.ts:66

export const isBuild = !!process.env.VITE_TEST_BUILD

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #29c2520d2eb9647c — Environment-variable access.

repo/playground/vitestSetup.ts:157

        process.env.VITE_DEBUG_SERVE &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #89c2223098e74546 — Environment-variable access.

repo/playground/vitestSetup.ts:279

    process.env.VITE_INLINE = 'inline-serve'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f39d16fec7fa617a — Environment-variable access.

repo/playground/vitestSetup.ts:288

    process.env.VITE_INLINE = 'inline-build'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8aec34b2e2ef2740 — Environment-variable access.

repo/playground/vitestSetup.ts:324

    const _nodeEnv = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #091db7d86629af7c — Environment-variable access.

repo/playground/vitestSetup.ts:327

    process.env.NODE_ENV = _nodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dbd0e55cbaad0b93 — Environment-variable access.

repo/playground/worker/__tests__/es/worker-es.spec.ts:10

    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2af59cd0c602a947 — Filesystem access.

repo/playground/worker/__tests__/es/worker-es.spec.ts:103

      const fileContent = fs.readFileSync(
        path.resolve(assetsDir, file),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bfc919d6d162e053 — Filesystem access.

repo/playground/worker/__tests__/es/worker-es.spec.ts:111

    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2124255d78886ab4 — Filesystem access.

repo/playground/worker/__tests__/es/worker-es.spec.ts:113

    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b0796fe3a6a24751 — Environment-variable access.

repo/playground/worker/__tests__/iife/worker-iife.spec.ts:19

    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e410fcb53d9253ac — Filesystem access.

repo/playground/worker/__tests__/iife/worker-iife.spec.ts:90

      const fileContent = fs.readFileSync(
        path.resolve(assetsDir, file),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #15757642939fd1af — Filesystem access.

repo/playground/worker/__tests__/iife/worker-iife.spec.ts:98

    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9fdee78b1a11fbff — Filesystem access.

repo/playground/worker/__tests__/iife/worker-iife.spec.ts:100

    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8a6a9f791e200f95 — Environment-variable access.

repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:10

    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #df8ff72b9d672471 — Filesystem access.

repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:66

    const content = fs.readFileSync(path.resolve(chunksDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #881aaee4022f958c — Filesystem access.

repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:73

    const workerContent = fs.readFileSync(
      path.resolve(workerEntriesDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f0e83deea5d98675 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:20

    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1199cf6e2582eded — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:23

    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b4d4559d20667c2d — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:31

    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #983029224900b2aa — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:39

    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #28e09d6e388e5690 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:49

    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #13fdd757d2a6d790 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:57

    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #293b45c6cd1a6639 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:14

    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #16c994b5098ad8d9 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:17

    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #877a5de3f7ae6c04 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:25

    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9755ed37b9087217 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:33

    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dcc9714b3d0439b3 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:43

    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d55f7dcdeae678d1 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:51

    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #daaab613a0f0faf4 — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:20

    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bf19cfa242838c4f — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:23

    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #efaf917688153aaf — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:31

    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #32ef6a73822de2b6 — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:39

    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #76e4f8b1d8b8a0ac — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:49

    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #570855eb9f35f4d3 — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:57

    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3db0cc0866e8d6b5 — Environment-variable access.

repo/playground/worker/modules/workerImport.ts:2

export const mode = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #071882cdc13a0f9f — Environment-variable access.

repo/playground/worker/worker-sourcemap-config.js:7

    /** @type {'inline' | 'hidden' | 'sourcemap'} */ (
      process.env.WORKER_MODE
    ) || sourcemap

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/lib

npm first-party

medium pii_flow production #cbda9488e4cfee1d — PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.

repo/playground/lib/src/main.js:8 · flow /tmp/closeopen-v_52xqqa/repo/playground/lib/src/main.js:8 → /tmp/closeopen-v_52xqqa/repo/playground/lib/src/main.js:8

  console.log(process.env.NODE_ENV)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 35 low-confidence finding(s)

low env_fs test-only #d5b4ea3441aa0f9e — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:11

    const code = readFile('dist/my-lib-custom-filename.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4336e1c3042a83af — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:12

    const noMinifyCode = readFile(
      'dist/nominify/my-lib-custom-filename.umd.cjs',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a6f97bdbdd96cf46 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:15

    const namedCode = readFile('dist/named/my-lib-named.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c61bc08c493a17a0 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:26

    const code = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cd130b2637a44265 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:27

    const noMinifyCode = readFile(
      'dist/nominify/my-lib-custom-filename.iife.js',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #40151bbff23e62bd — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:30

    const namedCode = readFile('dist/named/my-lib-named.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #00d00201a72d09de — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:40

    const code = readFile(
      'dist/helpers-injection/my-lib-custom-filename.iife.js',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #47dd66c2c4b102d5 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:52

    const code = readFile('dist/lib/dynamic-import-message.es.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3b6c93a7d8d573b5 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:60

    const code = readFile('dist/lib/dynamic-import-message.es.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #db4068bbb35811c3 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:70

    const es = readFile('dist/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #015be5eea6bbff6d — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:75

    const es = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b773e3a677e75fb5 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:87

    const es = readFile('dist/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b28124f9ce18f820 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:88

    const iife = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fcfe6bdf9aaa61b3 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:89

    const umd = readFile('dist/my-lib-custom-filename.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1ab00dfc9acb1c93 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:96

    const terserEs = readFile('dist/terser/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #300eacbc68f825f7 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:101

    const terserEs = readFile('dist/terser/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #94e44c78794a0ae9 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:106

    const terserIife = readFile('dist/terser/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bbf28b37ef42c627 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:111

    const css = readFile('dist/css-single-entry/test-my-lib.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9a0ff9aa58204ad6 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:112

    const js = readFile('dist/css-single-entry/test-my-lib.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3f49badef5b6402c — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:113

    const umd = readFile('dist/css-single-entry/test-my-lib.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3f18e17ba1a774ed — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:120

    const css = readFile('dist/css-multi-entry/test-my-lib.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a230a33770a60b21 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:121

    const js1 = readFile('dist/css-multi-entry/css-entry-1.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7cd364e4707b78d8 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:122

    const js2 = readFile('dist/css-multi-entry/css-entry-2.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1edc0c965a897785 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:123

    const cjs1 = readFile('dist/css-multi-entry/css-entry-1.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d9e80c25b4e201a7 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:124

    const cjs2 = readFile('dist/css-multi-entry/css-entry-2.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #32903a7cfc216735 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:134

    const css1 = readFile('dist/css-code-split/css-entry-1.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e3e6fbf8669600e4 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:135

    const css2 = readFile('dist/css-code-split/css-entry-2.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1b3f6870e90a6eef — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:136

    const js1 = readFile('dist/css-code-split/css-entry-1.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1461d6b6bfe91ea0 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:137

    const js2 = readFile('dist/css-code-split/css-entry-2.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c14722534fbdca02 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:138

    const cjs1 = readFile('dist/css-code-split/css-entry-1.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f6d711df3890efa2 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:139

    const cjs2 = readFile('dist/css-code-split/css-entry-2.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #eb7550ec889e0270 — Environment-variable access.

repo/playground/lib/__tests__/serve.ts:26

    process.env.VITE_INLINE = 'inline-serve'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4c92cd4f2307df1c — Environment-variable access.

repo/playground/lib/src/main.js:8

  console.log(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8ef547f47b967465 — Filesystem access.

repo/playground/lib/vite.config.js:38

          source: fs.readFileSync(
            path.resolve(import.meta.dirname, 'index.dist.html'),
            'utf-8',
          ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #145db0de3b2d4339 — Environment-variable access.

repo/playground/lib/vite.multiple-output.config.js:4

const root = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/create-vite

npm first-party

expand_more 18 low-confidence finding(s)

low env_fs test-only #600eaa68ad4a4707 — Filesystem access.

repo/packages/create-vite/__tests__/cli.spec.ts:32

  fs.writeFileSync(pkgJson, '{ "foo": "bar" }')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c772d3afea480dd0 — Filesystem access.

repo/packages/create-vite/__tests__/cli.spec.ts:179

  const configFile = fs.readFileSync(
    path.join(genPath, 'vite.config.ts'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4044a55d60f0736a — Filesystem access.

repo/packages/create-vite/__tests__/cli.spec.ts:183

  const packageJsonFile = fs.readFileSync(
    path.join(genPath, 'package.json'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #78846c09f273a7e0 — Filesystem access.

repo/packages/create-vite/__tests__/cli.spec.ts:187

  const readmeFile = fs.readFileSync(path.join(genPath, 'README.md'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f405d40f191b654b — Filesystem access.

repo/packages/create-vite/__tests__/cli.spec.ts:205

  const pkg = fs.readFileSync(path.join(genPath, 'package.json'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3f01b55b76a4babb — Filesystem access.

repo/packages/create-vite/__tests__/cli.spec.ts:210

  const readme = fs.readFileSync(path.join(genPath, 'README.md'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #075e344a8463bba7 — Filesystem access.

repo/packages/create-vite/__tests__/cli.spec.ts:224

  const pkg = fs.readFileSync(path.join(genPath, 'package.json'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8c0defef863b9248 — Filesystem access.

repo/packages/create-vite/__tests__/cli.spec.ts:288

  const indexHtmlContent = fs.readFileSync(indexHtmlPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3bac056a88661ba2 — Environment-variable access.

repo/packages/create-vite/src/index.ts:415

  if (process.env._VITE_TEST_CLI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f88064af75bb030e — Environment-variable access.

repo/packages/create-vite/src/index.ts:429

  if (process.env._VITE_TEST_CLI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #070699aef77a8bb2 — Environment-variable access.

repo/packages/create-vite/src/index.ts:466

  const pkgInfo = pkgFromUserAgent(process.env.npm_config_user_agent)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #039352996256cb8b — Filesystem access.

repo/packages/create-vite/src/index.ts:676

      fs.writeFileSync(targetPath, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cc09e5069314d39b — Filesystem access.

repo/packages/create-vite/src/index.ts:679

      const templateContent = fs.readFileSync(templatePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b64150a364e5ee60 — Filesystem access.

repo/packages/create-vite/src/index.ts:684

      fs.writeFileSync(targetPath, updatedContent)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a586b6219da98a30 — Filesystem access.

repo/packages/create-vite/src/index.ts:696

    fs.readFileSync(path.join(templateDir, `package.json`), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #82b6b020753bd5cd — Filesystem access.

repo/packages/create-vite/src/index.ts:914

  fs.writeFileSync(path.resolve(root, 'eslint.config.js'), eslintConfig)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dbdf08fa361b5cd3 — Filesystem access.

repo/packages/create-vite/src/index.ts:1043

  const content = fs.readFileSync(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7b6e3bf613b691bb — Filesystem access.

repo/packages/create-vite/src/index.ts:1044

  fs.writeFileSync(file, callback(content), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/plugin-legacy

npm first-party

expand_more 2 low-confidence finding(s)

low env_fs test-only #13a87ebbd26b62c5 — Filesystem access.

repo/packages/plugin-legacy/src/__tests__/readme.spec.ts:7

  const readme = fs.readFileSync(
    path.resolve(import.meta.dirname, '../../README.md'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dee55c62f9849e7b — Environment-variable access.

repo/packages/plugin-legacy/src/index.ts:163

  const debugFlags = (process.env.DEBUG || '').split(',')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/vite

npm first-party

expand_more 128 low-confidence finding(s)

low env_fs production #0df1ee307460c207 — Environment-variable access.

repo/packages/vite/bin/vite.js:6

  if (!process.env.DEBUG_DISABLE_SOURCE_MAP) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8a05e71e3c43aa22 — Environment-variable access.

repo/packages/vite/bin/vite.js:36

  process.env.DEBUG = `${

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #39a7fc8e64accba2 — Environment-variable access.

repo/packages/vite/bin/vite.js:37

    process.env.DEBUG ? process.env.DEBUG + ',' : ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #39a7fc8e64accba2 — Environment-variable access.

repo/packages/vite/bin/vite.js:37

    process.env.DEBUG ? process.env.DEBUG + ',' : ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6da0c20028dde9bb — Environment-variable access.

repo/packages/vite/bin/vite.js:43

      process.env.VITE_DEBUG_FILTER = filter

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #61449dae61cee257 — Filesystem access.

repo/packages/vite/rolldown.config.ts:12

  readFileSync(new URL('./package.json', import.meta.url)).toString(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8e68b4a55c67031c — Environment-variable access.

repo/packages/vite/rolldown.config.ts:14

const disableSourceMap = !!process.env.DEBUG_DISABLE_SOURCE_MAP

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b221d3224da3e09a — Filesystem access.

repo/packages/vite/rolldown.config.ts:186

        writeFileSync(
          'dist/node/index.d.ts',
          "export * from '../../src/node/index.ts'",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a0aea6d64f78809 — Filesystem access.

repo/packages/vite/rolldown.config.ts:190

        writeFileSync(
          'dist/node/module-runner.d.ts',
          "export * from '../../src/module-runner/index.ts'",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #28e78b2dbe0aad6c — Filesystem access.

repo/packages/vite/rolldown.dts.config.ts:23

  readFileSync(new URL('./package.json', import.meta.url)).toString(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4a31e6282a4f7cf9 — Filesystem access.

repo/packages/vite/rollupLicensePlugin.ts:17

      const coreLicense = fs.readFileSync(
        new URL('../../LICENSE', import.meta.url),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #564f54169d7058a4 — Filesystem access.

repo/packages/vite/rollupLicensePlugin.ts:108

      const existingLicenseText = fs.readFileSync(licenseFilePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ea011ba125d1ef3b — Filesystem access.

repo/packages/vite/rollupLicensePlugin.ts:110

        fs.writeFileSync(licenseFilePath, licenseText)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #76372056fed0a84c — Filesystem access.

repo/packages/vite/src/node/__tests__/build.spec.ts:1173

  const content = await fsp.readFile(entry, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f3d42f3b30fb24f0 — Filesystem access.

repo/packages/vite/src/node/__tests__/build.spec.ts:1174

  await fsp.writeFile(
    entry,
    content.replace(`import('./dep.js')`, `'dep.js removed'`),
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1e9ad349a5f3b880 — Filesystem access.

repo/packages/vite/src/node/__tests__/build.spec.ts:1179

    await fsp.writeFile(entry, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9dd7604a00df2172 — Filesystem access.

repo/packages/vite/src/node/__tests__/build.spec.ts:1209

    fsp.readFile(resolve(root, 'dist/favicon.svg'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4fb17e6310e0c27f — Filesystem access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1386

      fs.writeFileSync(path.resolve(root, fileName), content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2f7eac18b0e9d0d3 — Filesystem access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1390

      fs.writeFileSync(
        path.resolve(root, 'package.json'),
        JSON.stringify({
          name: '@vitejs/test-load-config-from-file',
          type: typeField,
        }),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #369cb3e3bf16f194 — Environment-variable access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1599

    delete process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e0bcd3d32d2c4171 — Environment-variable access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1603

    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'example.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6608dea580a501e2 — Environment-variable access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1613

    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c8635a0c3459a9a8 — Environment-variable access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1628

    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ce39024dfea5040d — Environment-variable access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1643

    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fe5253fc0e675425 — Environment-variable access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1654

    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'new.com,another.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b07877801e33f3fc — Environment-variable access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1668

    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'example.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9b20c3238e8c8184 — Environment-variable access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1680

      process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = env

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #97c1f1996aced9f9 — Environment-variable access.

repo/packages/vite/src/node/__tests__/env.spec.ts:54

    expect(process.env.VITE_USER_NODE_ENV).toEqual(undefined)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #617f27a339d9036c — Environment-variable access.

repo/packages/vite/src/node/__tests__/env.spec.ts:58

    const _nodeEnv = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #963e9aa8d549e860 — Environment-variable access.

repo/packages/vite/src/node/__tests__/env.spec.ts:59

    process.env.NODE_ENV = 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9ea81947507d529c — Environment-variable access.

repo/packages/vite/src/node/__tests__/env.spec.ts:61

    expect(process.env.VITE_USER_NODE_ENV).toEqual('development')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #59151badb64c945b — Environment-variable access.

repo/packages/vite/src/node/__tests__/env.spec.ts:62

    process.env.NODE_ENV = _nodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5df29282e9f688e6 — Environment-variable access.

repo/packages/vite/src/node/__tests__/env.spec.ts:66

    process.env.VITE_USER_NODE_ENV = 'test'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0eac53c1be6fa30e — Environment-variable access.

repo/packages/vite/src/node/__tests__/env.spec.ts:68

    expect(process.env.VITE_USER_NODE_ENV).toEqual('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #91ee90697630cb58 — Environment-variable access.

repo/packages/vite/src/node/__tests__/env.spec.ts:72

    process.env.VITE_ENV_TEST_ENV = 'EXIST'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f08cd09ef8b1f9af — Filesystem access.

repo/packages/vite/src/node/__tests__/plugins/cssPreprocessorTeardown.spec.ts:25

    fs.writeFileSync(scssPath, '$c: red;\nbody { color: $c; }\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #aaf02d214f20dbcc — Filesystem access.

repo/packages/vite/src/node/__tests__/plugins/cssPreprocessorTeardown.spec.ts:37

        fs.readFileSync(scssPath, 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1d9ce6858b1c2285 — Filesystem access.

repo/packages/vite/src/node/__tests__/plugins/importGlob/fixture.spec.ts:14

      await transformWithEsbuild(await fs.readFile(id, 'utf-8'), id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #92db18fa5c81ee5d — Filesystem access.

repo/packages/vite/src/node/__tests__/plugins/importGlob/fixture.spec.ts:85

      await transformWithEsbuild(await fs.readFile(id, 'utf-8'), id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b0b7059d045b8f1e — Environment-variable access.

repo/packages/vite/src/node/build.ts:1091

  const tty = process.stdout.isTTY && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c9f1d8f6c49801cf — Filesystem access.

repo/packages/vite/src/node/cli.ts:79

        fs.writeFileSync(outPath, JSON.stringify(profile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fff549a90a23fc35 — Environment-variable access.

repo/packages/vite/src/node/config.ts:1422

  if (process.env.NODE_ENV === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f93ca6479fd5cb51 — Environment-variable access.

repo/packages/vite/src/node/config.ts:1425

      process.env.NODE_ENV = nodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74d5ff3ae3689363 — Environment-variable access.

repo/packages/vite/src/node/config.ts:1428

  const isNodeEnvSet = !!process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b8cea636c7d438cf — Environment-variable access.

repo/packages/vite/src/node/config.ts:1434

    process.env.NODE_ENV = defaultNodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2aa18aa84788faa3 — Environment-variable access.

repo/packages/vite/src/node/config.ts:1730

  const userNodeEnv = process.env.VITE_USER_NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9395b7c0e85aee00 — Environment-variable access.

repo/packages/vite/src/node/config.ts:1733

      process.env.NODE_ENV = 'development'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6e5783411123a3aa — Environment-variable access.

repo/packages/vite/src/node/config.ts:1744

  const isProduction = process.env.NODE_ENV === 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #326c64e43c2462f1 — Filesystem access.

repo/packages/vite/src/node/config.ts:2656

    await fsp.writeFile(tempFileName, bundledCode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0adf59be4b75bbea — Filesystem access.

repo/packages/vite/src/node/constants.ts:7

  readFileSync(new URL('../../package.json', import.meta.url)).toString(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c7ffc0dfb3be5ba3 — Filesystem access.

repo/packages/vite/src/node/env.ts:59

      const parsedEnv = parseEnv(fs.readFileSync(filePath, 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9e85b35b1472b9cb — Environment-variable access.

repo/packages/vite/src/node/env.ts:67

  if (parsed.NODE_ENV && process.env.VITE_USER_NODE_ENV === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #558037d8e6a71395 — Environment-variable access.

repo/packages/vite/src/node/env.ts:68

    process.env.VITE_USER_NODE_ENV = parsed.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #41533b467e6688c4 — Environment-variable access.

repo/packages/vite/src/node/env.ts:71

  if (parsed.BROWSER && process.env.BROWSER === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #90c5dfcd7c83e00a — Environment-variable access.

repo/packages/vite/src/node/env.ts:72

    process.env.BROWSER = parsed.BROWSER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #429b579545238e0b — Environment-variable access.

repo/packages/vite/src/node/env.ts:74

  if (parsed.BROWSER_ARGS && process.env.BROWSER_ARGS === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #72e887b70373d8ea — Environment-variable access.

repo/packages/vite/src/node/env.ts:75

    process.env.BROWSER_ARGS = parsed.BROWSER_ARGS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #35971cd36cd72cdf — Environment-variable access.

repo/packages/vite/src/node/env.ts:100

      env[key] = process.env[key]!

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #13dc6e6e0b1fbed4 — Filesystem access.

repo/packages/vite/src/node/http.ts:162

    return fsp.readFile(path.resolve(value)).catch(() => value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9ec3bac1dbf361c9 — Environment-variable access.

repo/packages/vite/src/node/logger.ts:84

    allowClearScreen && process.stdout.isTTY && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee040977eaf089ca — Filesystem access.

repo/packages/vite/src/node/optimizer/index.ts:414

        await fsp.readFile(cachedMetadataPath, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #51984cf99cb665ab — Filesystem access.

repo/packages/vite/src/node/optimizer/index.ts:540

  fs.writeFileSync(
    path.resolve(processingCacheDir, 'package.json'),
    `{\n  "type": "module"\n}\n`,
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74711de21b510782 — Filesystem access.

repo/packages/vite/src/node/optimizer/index.ts:595

      fs.writeFileSync(
        dataPath,
        stringifyDepsOptimizerMetadata(metadata, depsCacheDir),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #692b3330416c2432 — Environment-variable access.

repo/packages/vite/src/node/optimizer/index.ts:817

      : JSON.stringify(process.env.NODE_ENV || environment.config.mode),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ef3d06db4784d35e — Filesystem access.

repo/packages/vite/src/node/optimizer/index.ts:1161

  const entryContent = fs.readFileSync(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ef527fdd427eae39 — Environment-variable access.

repo/packages/vite/src/node/optimizer/index.ts:1280

  return process.env.npm_config_user_agent?.startsWith(manager) ? 1 : -1

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5e0eecac3ed78e9e — Environment-variable access.

repo/packages/vite/src/node/optimizer/index.ts:1292

        ? process.env.NODE_ENV || config.mode

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9c0e4e650ff34519 — Filesystem access.

repo/packages/vite/src/node/optimizer/index.ts:1331

  let content = lockfilePath ? fs.readFileSync(lockfilePath, 'utf-8') : ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c66fd459d1e8500e — Filesystem access.

repo/packages/vite/src/node/optimizer/scan.ts:443

    let raw = await fsp.readFile(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #389e38bf3a7177ef — Filesystem access.

repo/packages/vite/src/node/packages.ts:179

  const data = JSON.parse(stripBomTag(fs.readFileSync(pkgPath, 'utf-8')))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b197120c4812ac44 — Filesystem access.

repo/packages/vite/src/node/plugins/asset.ts:210

              await fsp.readFile(file, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #422158b320355872 — Filesystem access.

repo/packages/vite/src/node/plugins/asset.ts:344

    const content = await fsp.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5619e358cb7c09d3 — Filesystem access.

repo/packages/vite/src/node/plugins/asset.ts:353

    const content = await fsp.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a2047d3f1cb7a506 — Filesystem access.

repo/packages/vite/src/node/plugins/asset.ts:452

  const content = await fsp.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #faa01adf12b7d6ad — Environment-variable access.

repo/packages/vite/src/node/plugins/clientInjections.ts:55

          JSON.stringify(process.env.NODE_ENV || config.mode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #307d3da7fe18f43d — Filesystem access.

repo/packages/vite/src/node/plugins/clientInjections.ts:147

  const content = fs.readFileSync(normalizedClientEntry, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fcd41b0799826f31 — Filesystem access.

repo/packages/vite/src/node/plugins/css.ts:1583

          const code = await fs.promises.readFile(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #86c748ac1bb00cbf — Filesystem access.

repo/packages/vite/src/node/plugins/css.ts:2578

            result.contents ?? (await fsp.readFile(result.file, 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #528e80de964c4b7e — Filesystem access.

repo/packages/vite/src/node/plugins/css.ts:2725

  const content = await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a2c8addc98cfcf3c — Filesystem access.

repo/packages/vite/src/node/plugins/css.ts:2855

                  (await fsp.readFile(result.resolved, 'utf-8')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #53246d4ea6c164fe — Filesystem access.

repo/packages/vite/src/node/plugins/css.ts:3242

              const code = fs.readFileSync(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #702428fb424a70a7 — Filesystem access.

repo/packages/vite/src/node/plugins/css.ts:3333

        const code = fs.readFileSync(e.fileName, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #29d8e42f01e7415f — Environment-variable access.

repo/packages/vite/src/node/plugins/define.ts:19

    const nodeEnv = process.env.NODE_ENV || config.mode

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #645db1fcaa68b0c9 — Filesystem access.

repo/packages/vite/src/node/plugins/forwardConsole.ts:138

      const code = fs.readFileSync(stack.file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #48aae8a446840230 — Filesystem access.

repo/packages/vite/src/node/plugins/license.ts:83

            entry.text = fs.readFileSync(licenseFile, 'utf-8').trim()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a6cc17659ac5c93d — Filesystem access.

repo/packages/vite/src/node/plugins/optimizedDeps.ts:89

            fsp.readFile(file, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #92a671fd60293823 — Filesystem access.

repo/packages/vite/src/node/plugins/optimizedDeps.ts:90

            fsp
              .readFile(`${file}.map`, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #57335d752f12b34b — Environment-variable access.

repo/packages/vite/src/node/plugins/reporter.ts:9

    const tty = process.stdout.isTTY && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #13bfe3802ceec1c7 — Filesystem access.

repo/packages/vite/src/node/plugins/wasm.ts:192

    const wasmBinary = await fsp.readFile(wasmFilePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c800beb45f85dfc3 — Filesystem access.

repo/packages/vite/src/node/server/hmr.ts:1137

  const content = await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #35c25e0ad15bb77a — Filesystem access.

repo/packages/vite/src/node/server/hmr.ts:1149

    return await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ab0db2fa5b129ec0 — Environment-variable access.

repo/packages/vite/src/node/server/index.ts:934

  if (process.env.DEBUG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3bbd0c42686e8400 — Filesystem access.

repo/packages/vite/src/node/server/index.ts:1275

    const content = fs.readFileSync(pnpmModulesYaml, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f9724e2871f2f999 — Environment-variable access.

repo/packages/vite/src/node/server/index.ts:1316

    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fefede80ac3a0fae — Environment-variable access.

repo/packages/vite/src/node/server/index.ts:1320

      process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #99816eb23ebdf89a — Filesystem access.

repo/packages/vite/src/node/server/middlewares/__tests__/indexHtml.spec.ts:9

const HTML_CONTENT = fs.readFileSync(HTML_PATH, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #17b43f93c9990277 — Filesystem access.

repo/packages/vite/src/node/server/middlewares/__tests__/indexHtml.spec.ts:68

    const htmlContent = fs.readFileSync(htmlPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #171fb60c8bea20e4 — Filesystem access.

repo/packages/vite/src/node/server/middlewares/indexHtml.ts:534

          let html = await fsp.readFile(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #911c69065571b8a4 — Filesystem access.

repo/packages/vite/src/node/server/middlewares/transform.ts:170

              await fsp.readFile(sourcemapPath, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4b8caf191900b811 — Environment-variable access.

repo/packages/vite/src/node/server/openBrowser.ts:31

  const browser = typeof opt === 'string' ? opt : process.env.BROWSER || ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f0d2df92d2cf7e45 — Environment-variable access.

repo/packages/vite/src/node/server/openBrowser.ts:35

    const browserArgs = process.env.BROWSER_ARGS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b9aaeeda11b34eac — Environment-variable access.

repo/packages/vite/src/node/server/openBrowser.ts:36

      ? process.env.BROWSER_ARGS.split(' ')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #24216cd5d93a9ebc — Environment-variable access.

repo/packages/vite/src/node/server/pluginContainer.ts:111

  process.env.DEBUG_VITE_SOURCEMAP_COMBINE_FILTER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dff814ec46156255 — Filesystem access.

repo/packages/vite/src/node/server/pluginContainer.ts:961

              code = fs.readFileSync(err.loc.file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6cfff0db69d099ba — Filesystem access.

repo/packages/vite/src/node/server/pluginContainer.ts:1000

              code = fs.readFileSync(err.loc.file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7732318eccda5134 — Filesystem access.

repo/packages/vite/src/node/server/searchRoot.ts:31

    const content = JSON.parse(fs.readFileSync(path, 'utf-8')) || {}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d44e4d7b2fed4274 — Filesystem access.

repo/packages/vite/src/node/server/searchRoot.ts:46

      const content = JSON.parse(fs.readFileSync(path, 'utf-8')) || {}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a642a4bbd15971aa — Filesystem access.

repo/packages/vite/src/node/server/sourcemap.ts:112

          sourcesContent[index] = await fsp
            .readFile(resolvedSourcePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ef459bfb058265f5 — Filesystem access.

repo/packages/vite/src/node/server/sourcemap.ts:241

    return fs.readFileSync(resolvedPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fb00f4d337e06a6b — Filesystem access.

repo/packages/vite/src/node/server/transformRequest.ts:284

        code = await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d847917e7d60f869 — Filesystem access.

repo/packages/vite/src/node/server/warmup.ts:34

        const html = await fs.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #16c3f635dfde24eb — Environment-variable access.

repo/packages/vite/src/node/shortcuts.ts:36

  enabled: boolean = process.stdin.isTTY && !process.env.CI,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #60c93f4308dece87 — Filesystem access.

repo/packages/vite/src/node/ssr/__tests__/ssrLoadModule.spec.ts:233

  const source = fs.readFileSync(
    path.join(root, 'fixtures/json/test.json'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8375df6bfb78d4dd — Filesystem access.

repo/packages/vite/src/node/ssr/__tests__/ssrTransform.spec.ts:644

    return readFileSync(fileURLToPath(url), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #01fe9ec381fa9471 — Filesystem access.

repo/packages/vite/src/node/ssr/__tests__/ssrTransform.spec.ts:669

    return readFileSync(fileURLToPath(url), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b133b991a0946eb2 — Filesystem access.

repo/packages/vite/src/node/ssr/runtime/__tests__/fixtures/native.js:3

export { readdirSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c3d346c78707630c — Environment-variable access.

repo/packages/vite/src/node/ssr/runtime/__tests__/server-hmr.spec.ts:137

  process.env.CI ? 50_00 : 5_000,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3f65352b1b10367e — Filesystem access.

repo/packages/vite/src/node/ssr/runtime/__tests__/utils.ts:114

      fs.writeFileSync(file, content, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8fed54d5c6b4c95d — Filesystem access.

repo/packages/vite/src/node/ssr/runtime/__tests__/utils.ts:121

      const content = fs.readFileSync(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b7b3c029ffbdc78b — Filesystem access.

repo/packages/vite/src/node/ssr/runtime/__tests__/utils.ts:123

      fs.writeFileSync(file, callback(content), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1dd692c8bb2bc2f4 — Filesystem access.

repo/packages/vite/src/node/ssr/runtime/serverModuleRunner.ts:66

      return readFileSync(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #91d7be42516ddf90 — Environment-variable access.

repo/packages/vite/src/node/utils.ts:176

const filter = process.env.VITE_DEBUG_FILTER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3347ded7a56a48a2 — Environment-variable access.

repo/packages/vite/src/node/utils.ts:178

const DEBUG = process.env.DEBUG

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d6169ce3fe4d4dcd — Environment-variable access.

repo/packages/vite/src/node/utils.ts:1246

    const method = process.env.VITE_DEPRECATION_TRACE ? 'trace' : 'warn'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3099d6ff13078108 — Environment-variable access.

repo/packages/vite/src/node/utils.ts:1351

    const method = process.env.VITE_DEPRECATION_TRACE ? 'trace' : 'warn'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #49bb2d7abcb78670 — Environment-variable access.

repo/packages/vite/src/node/utils.ts:1708

    process.env.npm_config_user_agent?.split(' ')[0].split('/')[0] || 'npm'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a1cc336e3c6703f0 — Environment-variable access.

repo/packages/vite/src/node/utils.ts:1833

    if (process.env.CI !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #84c78625150e3653 — Environment-variable access.

repo/packages/vite/src/node/utils.ts:1846

    if (process.env.CI !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/assets

npm first-party

expand_more 5 low-confidence finding(s)

low env_fs test-only #f9c24756a4e13ba5 — Filesystem access.

repo/playground/assets/__tests__/assets.spec.ts:536

  const src = readFile('foo.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #51aa46c266eab2cb — Filesystem access.

repo/playground/assets/__tests__/assets.spec.ts:555

    const src = readFile('テスト-測試-white space.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #03a3325401470bbb — Filesystem access.

repo/playground/assets/__tests__/assets.spec.ts:579

    const newContent = readFile('import-meta-url/img-update.png', null)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3801a49d482ada8e — Filesystem access.

repo/playground/assets/__tests__/assets.spec.ts:787

  const indexHtml = readFile('./dist/foo/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e6dd5586c105b7fd — Filesystem access.

repo/playground/assets/__tests__/assets.spec.ts:794

  const indexHtml = readFile('./dist/foo/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/csp

npm first-party

expand_more 1 low-confidence finding(s)

low env_fs production #8503f82d8aa42ece — Filesystem access.

repo/playground/csp/vite.config.js:28

  const content = await fs.readFile(
    path.join(import.meta.dirname, file),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/css

npm first-party

expand_more 2 low-confidence finding(s)

low env_fs test-only #936a46ea43381fc6 — Filesystem access.

repo/playground/css/__tests__/tests.ts:411

    readFileSync(require.resolve('../raw-imported.css'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b6ec49800ef9538c — Filesystem access.

repo/playground/css/postcss.config.js:23

        const text = files.map((f) => fs.readFileSync(f, 'utf-8')).join('\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/css-lightningcss-proxy

npm first-party

expand_more 2 low-confidence finding(s)

low env_fs production #979159ec3fbc54e2 — Environment-variable access.

repo/playground/css-lightningcss-proxy/server.js:6

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #58bc3bec1a2c6d7e — Filesystem access.

repo/playground/css-lightningcss-proxy/server.js:59

      let template = fs.readFileSync(htmlLoc, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/env

npm first-party

expand_more 4 low-confidence finding(s)

low env_fs test-only #6121044fe1d6d6fb — Environment-variable access.

repo/playground/env/__tests__/env.spec.ts:52

  expect(await page.textContent('.node-env')).toBe(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4b93b644dcded747 — Environment-variable access.

repo/playground/env/__tests__/env.spec.ts:53

  expect(await page.textContent('.global-node-env')).toBe(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #63093ce522bcd5cf — Environment-variable access.

repo/playground/env/__tests__/env.spec.ts:55

    process.env.NODE_ENV,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #75169bd071479bbc — Environment-variable access.

repo/playground/env/vite.config.js:3

process.env.EXPAND = 'expand'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/environment-react-ssr

npm first-party

expand_more 4 low-confidence finding(s)

low env_fs test-only #4cef1b082fff7d1e — Filesystem access.

repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:49

      fs.readFileSync(file, 'utf-8').includes('process.env.NODE_ENV'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9e07e7c98c9bbf97 — Filesystem access.

repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:67

      const originalContent = readFile(filePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fc8b65a9b3e23846 — Filesystem access.

repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:68

      fs.writeFileSync(
        filePath,
        `import 'react-fake-${env}'\n${originalContent}`,
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2df5a9dac9fad331 — Filesystem access.

repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:74

        fs.writeFileSync(filePath, originalContent, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/external

npm first-party

expand_more 1 low-confidence finding(s)

low env_fs production #27492fe0766eceba — Filesystem access.

repo/playground/external/vite.config.js:13

      const code = await fs.readFile(
        new URL(`./node_modules/${file}`, import.meta.url),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/fs-serve

npm first-party

expand_more 1 low-confidence finding(s)

low env_fs test-only #9eda4b6c9a3028c1 — Filesystem access.

repo/playground/fs-serve/__tests__/commonTests.ts:26

const safeJsonContent = fs.readFileSync(
  path.resolve(import.meta.dirname, '../safe.json'),
  'utf-8',
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/hmr

npm first-party

expand_more 3 low-confidence finding(s)

low env_fs test-only #95099173a59b02e0 — Filesystem access.

repo/playground/hmr/__tests__/hmr.spec.ts:907

    const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5300344abe177cf1 — Filesystem access.

repo/playground/hmr/__tests__/hmr.spec.ts:984

    const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f470524396825316 — Filesystem access.

repo/playground/hmr/vite.config.ts:114

        const dep = await fs.readFile(depPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/hmr-ssr

npm first-party

expand_more 4 low-confidence finding(s)

low env_fs test-only #b596a8751cff90aa — Filesystem access.

repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:300

      const originalUnresolvedFile = readFile('unresolved.ts')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5a0badc03d3dbf4c — Filesystem access.

repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:303

        fs.writeFileSync(filepath, originalUnresolvedFile, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #06c89afe3b940cea — Filesystem access.

repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:772

  const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3159a3e5adfafe19 — Filesystem access.

repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:842

  const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/js-sourcemap

npm first-party

expand_more 3 low-confidence finding(s)

low env_fs test-only #d2589799f304daef — Filesystem access.

repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:308

      const mapContent = readFile(`dist/assets/${mapAsset}`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b6da588d068bfb1b — Filesystem access.

repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:384

      const jsContent = readFile(jsAsset)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #01620fa08f418935 — Filesystem access.

repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:395

      const mapContent = readFile(mapFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/json

npm first-party

expand_more 1 low-confidence finding(s)

low env_fs test-only #d4471828003d09cd — Filesystem access.

repo/playground/json/__tests__/csr/json-csr.spec.ts:48

    readFileSync(require.resolve('../../test.json'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/legacy

npm first-party

expand_more 5 low-confidence finding(s)

low env_fs test-only #569e92752fe44f27 — Filesystem access.

repo/playground/legacy/__tests__/legacy.spec.ts:171

          readFile(`dist/assets/${filename}`).includes('Unable to preload'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a2b311df79c6a367 — Filesystem access.

repo/playground/legacy/vite.config-chunk-importmap.js:21

    let index = fs.readFileSync(indexPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dcac165f41ec4f2e — Filesystem access.

repo/playground/legacy/vite.config-chunk-importmap.js:25

    fs.writeFileSync(indexPath, index)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #428d7c75499a15af — Filesystem access.

repo/playground/legacy/vite.config.js:45

    let index = fs.readFileSync(indexPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #35e6fee02b85254b — Filesystem access.

repo/playground/legacy/vite.config.js:49

    fs.writeFileSync(indexPath, index)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/minify

npm first-party

expand_more 2 low-confidence finding(s)

low env_fs test-only #7bdb0d3109dd3c0c — Filesystem access.

repo/playground/minify/__tests__/minify.spec.ts:11

  const jsContent = readFile(path.resolve(assetsDir, jsFile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #da6f09ffb58445db — Filesystem access.

repo/playground/minify/__tests__/minify.spec.ts:14

  const cssContent = readFile(path.resolve(assetsDir, cssFile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps

npm first-party

expand_more 10 low-confidence finding(s)

low env_fs production #aa57805f0673f6d9 — Environment-variable access.

repo/playground/optimize-deps/dep-cjs-with-external-deps/index.js:5

if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a09ad325a460da64 — Filesystem access.

repo/playground/optimize-deps/dep-linked-include/index.mjs:16

  fs.readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #44498659e30e75c2 — Environment-variable access.

repo/playground/optimize-deps/dep-node-env/index.js:1

export const env = process.env.NODE_ENV === 'production' ? 'prod' : 'dev'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e3363f2da8a9f9de — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:3

const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e3363f2da8a9f9de — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:3

const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5998b82bd86275d9 — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:20

  return fs.readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1f229111ba6ff7da — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:3

import { readFileSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #76ac3f482e4684af — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:9

  readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #694f91eed712680a — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:23

  return readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6638cc39e0742d1a — Filesystem access.

repo/playground/optimize-deps/vite.config.js:116

                    let contents = fs.readFileSync(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps-no-discovery

npm first-party

expand_more 1 low-confidence finding(s)

low env_fs production #e2dccebcec364139 — Environment-variable access.

repo/playground/optimize-deps-no-discovery/vite.config.js:4

process.env.NODE_ENV = ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps/dep-cjs-with-external-deps

npm first-party

expand_more 1 low-confidence finding(s)

low env_fs production #aa57805f0673f6d9 — Environment-variable access.

repo/playground/optimize-deps/dep-cjs-with-external-deps/index.js:5

if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps/dep-linked-include

npm first-party

expand_more 1 low-confidence finding(s)

low env_fs production #a09ad325a460da64 — Filesystem access.

repo/playground/optimize-deps/dep-linked-include/index.mjs:16

  fs.readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps/dep-node-env

npm first-party

expand_more 1 low-confidence finding(s)

low env_fs production #44498659e30e75c2 — Environment-variable access.

repo/playground/optimize-deps/dep-node-env/index.js:1

export const env = process.env.NODE_ENV === 'production' ? 'prod' : 'dev'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps/dep-with-builtin-module-cjs

npm first-party

expand_more 3 low-confidence finding(s)

low env_fs production #e3363f2da8a9f9de — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:3

const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e3363f2da8a9f9de — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:3

const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5998b82bd86275d9 — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:20

  return fs.readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps/dep-with-builtin-module-esm

npm first-party

expand_more 3 low-confidence finding(s)

low env_fs production #1f229111ba6ff7da — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:3

import { readFileSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #76ac3f482e4684af — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:9

  readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #694f91eed712680a — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:23

  return readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-missing-deps

npm first-party

expand_more 2 low-confidence finding(s)

low env_fs production #a441cde5b2d29628 — Environment-variable access.

repo/playground/optimize-missing-deps/server.js:6

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1cd25ec7394ac507 — Filesystem access.

repo/playground/optimize-missing-deps/server.js:33

      let template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr

npm first-party

expand_more 2 low-confidence finding(s)

low env_fs production #e6f31590968b6e25 — Environment-variable access.

repo/playground/ssr/server.js:5

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #499eb395913f1fd6 — Filesystem access.

repo/playground/ssr/server.js:47

      template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-alias

npm first-party

expand_more 1 low-confidence finding(s)

low env_fs production #c5a10221af1313bd — Environment-variable access.

repo/playground/ssr-alias/src/main.js:8

  builtin: process.env['__TEST_ALIAS__'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-conditions

npm first-party

expand_more 4 low-confidence finding(s)

low env_fs production #3d9387e6196380a5 — Environment-variable access.

repo/playground/ssr-conditions/server.js:6

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #255a3f598b33e63c — Environment-variable access.

repo/playground/ssr-conditions/server.js:10

  isProd = process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #24bb43b31d99386f — Filesystem access.

repo/playground/ssr-conditions/server.js:16

    ? fs.readFileSync(resolve('dist/client/index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6d547fcaec0b8754 — Filesystem access.

repo/playground/ssr-conditions/server.js:56

        template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-deps

npm first-party

expand_more 4 low-confidence finding(s)

low env_fs test-only #71ed73377c7181a3 — Environment-variable access.

repo/playground/ssr-deps/__tests__/ssr-deps.spec.ts:103

    `Hello World from ${process.env.NODE_ENV}!`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dba11ad7c2afa387 — Filesystem access.

repo/playground/ssr-deps/read-file-content/index.js:5

  return await fs.readFile(path.resolve(filePath), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4923ee53da80c62a — Environment-variable access.

repo/playground/ssr-deps/server.js:6

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ab6198d0de36a9f1 — Filesystem access.

repo/playground/ssr-deps/server.js:100

      template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-html

npm first-party

expand_more 4 low-confidence finding(s)

low env_fs production #25453593c7bc085c — Environment-variable access.

repo/playground/ssr-html/server.js:5

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #38d2896b46140b26 — Filesystem access.

repo/playground/ssr-html/server.js:79

        const template = fs.readFileSync(resolve(`.${url}index.html`), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1f7a4d92bc293066 — Filesystem access.

repo/playground/ssr-html/server.js:94

      let template = fs.readFileSync(htmlLoc, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3a7525532febbee1 — Environment-variable access.

repo/playground/ssr-html/test-stacktrace.js:10

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-noexternal

npm first-party

expand_more 4 low-confidence finding(s)

low env_fs production #494be6553e5f2dd9 — Environment-variable access.

repo/playground/ssr-noexternal/server.js:5

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cb91a2d010461011 — Environment-variable access.

repo/playground/ssr-noexternal/server.js:9

  isProd = process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #36a16bcea0cd029c — Filesystem access.

repo/playground/ssr-noexternal/server.js:15

    ? fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #296a1bc066ea62e7 — Filesystem access.

repo/playground/ssr-noexternal/server.js:54

        template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-pug

npm first-party

expand_more 1 low-confidence finding(s)

low env_fs production #52a2eb24c8efdfcd — Environment-variable access.

repo/playground/ssr-pug/server.js:6

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-resolve

npm first-party

expand_more 2 low-confidence finding(s)

low env_fs test-only #c5b824cacb90873b — Filesystem access.

repo/playground/ssr-resolve/__tests__/ssr-resolve.spec.ts:9

  const contents = readFile('dist/main.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #68c50b2c3fff77b2 — Filesystem access.

repo/playground/ssr-resolve/__tests__/ssr-resolve.spec.ts:38

    const contents = readFile('dist/main.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-wasm

npm first-party

expand_more 2 low-confidence finding(s)

low env_fs production #bfefc36da93844f8 — Environment-variable access.

repo/playground/ssr-wasm/server.js:3

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #379a642e132ba121 — Environment-variable access.

repo/playground/ssr-wasm/server.js:4

const isProduction = process.env.NODE_ENV === 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-webworker

npm first-party

expand_more 1 low-confidence finding(s)

low env_fs production #cc2a47582032ad17 — Environment-variable access.

repo/playground/ssr-webworker/worker.js:4

const isTest = !!process.env.TEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/tsconfig-json

npm first-party

expand_more 4 low-confidence finding(s)

low env_fs test-only #e18a33db6b5b7e70 — Filesystem access.

repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:37

    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #49c487b33cb89950 — Filesystem access.

repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:51

    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bb4feefd91288205 — Filesystem access.

repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:66

    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1022d696e60e7b83 — Filesystem access.

repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:81

    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/tsconfig-json-load-error

npm first-party

expand_more 1 low-confidence finding(s)

low env_fs test-only #46d7b29383ec9004 — Filesystem access.

repo/playground/tsconfig-json-load-error/__tests__/tsconfig-json-load-error.spec.ts:18

      readFile('dist/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/worker

npm first-party

expand_more 31 low-confidence finding(s)

low env_fs test-only #dbd0e55cbaad0b93 — Environment-variable access.

repo/playground/worker/__tests__/es/worker-es.spec.ts:10

    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2af59cd0c602a947 — Filesystem access.

repo/playground/worker/__tests__/es/worker-es.spec.ts:103

      const fileContent = fs.readFileSync(
        path.resolve(assetsDir, file),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bfc919d6d162e053 — Filesystem access.

repo/playground/worker/__tests__/es/worker-es.spec.ts:111

    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2124255d78886ab4 — Filesystem access.

repo/playground/worker/__tests__/es/worker-es.spec.ts:113

    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b0796fe3a6a24751 — Environment-variable access.

repo/playground/worker/__tests__/iife/worker-iife.spec.ts:19

    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e410fcb53d9253ac — Filesystem access.

repo/playground/worker/__tests__/iife/worker-iife.spec.ts:90

      const fileContent = fs.readFileSync(
        path.resolve(assetsDir, file),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #15757642939fd1af — Filesystem access.

repo/playground/worker/__tests__/iife/worker-iife.spec.ts:98

    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9fdee78b1a11fbff — Filesystem access.

repo/playground/worker/__tests__/iife/worker-iife.spec.ts:100

    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8a6a9f791e200f95 — Environment-variable access.

repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:10

    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #df8ff72b9d672471 — Filesystem access.

repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:66

    const content = fs.readFileSync(path.resolve(chunksDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #881aaee4022f958c — Filesystem access.

repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:73

    const workerContent = fs.readFileSync(
      path.resolve(workerEntriesDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f0e83deea5d98675 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:20

    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1199cf6e2582eded — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:23

    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b4d4559d20667c2d — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:31

    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #983029224900b2aa — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:39

    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #28e09d6e388e5690 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:49

    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #13fdd757d2a6d790 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:57

    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #293b45c6cd1a6639 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:14

    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #16c994b5098ad8d9 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:17

    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #877a5de3f7ae6c04 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:25

    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9755ed37b9087217 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:33

    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dcc9714b3d0439b3 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:43

    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d55f7dcdeae678d1 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:51

    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #daaab613a0f0faf4 — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:20

    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bf19cfa242838c4f — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:23

    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #efaf917688153aaf — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:31

    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #32ef6a73822de2b6 — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:39

    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #76e4f8b1d8b8a0ac — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:49

    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #570855eb9f35f4d3 — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:57

    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3db0cc0866e8d6b5 — Environment-variable access.

repo/playground/worker/modules/workerImport.ts:2

export const mode = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #071882cdc13a0f9f — Environment-variable access.

repo/playground/worker/worker-sourcemap-config.js:7

    /** @type {'inline' | 'hidden' | 'sourcemap'} */ (
      process.env.WORKER_MODE
    ) || sourcemap

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

Skipped dependencies

Production

first-party (npm): playground/ssr-deps/nested-external prod — scan budget exceeded
first-party (npm): playground/ssr-deps/define-property-exports prod — scan budget exceeded
first-party (npm): playground/ssr-deps/read-file-content prod — scan budget exceeded
first-party (npm): playground/ssr-deps/no-external-css prod — scan budget exceeded
first-party (npm): playground/ssr-deps/module-condition prod — scan budget exceeded
first-party (npm): playground/ssr-deps/import-builtin-cjs prod — scan budget exceeded
first-party (npm): playground/ssr-deps/pkg-exports prod — scan budget exceeded
first-party (npm): playground/ssr-deps/define-properties-exports prod — scan budget exceeded
first-party (npm): playground/ssr-deps/nested-external-cjs prod — scan budget exceeded
first-party (npm): playground/ssr-deps/css-lib prod — scan budget exceeded
first-party (npm): playground/ssr-deps/no-external-cjs prod — scan budget exceeded
first-party (npm): playground/ssr-deps/require-absolute prod — scan budget exceeded
first-party (npm): playground/ssr-deps/optimized-with-nested-external prod — scan budget exceeded
first-party (npm): playground/ssr-deps/linked-no-external prod — scan budget exceeded
first-party (npm): playground/ssr-deps/optimized-cjs-with-nested-external prod — scan budget exceeded
first-party (npm): playground/ssr-deps/external-entry prod — scan budget exceeded
first-party (npm): playground/ssr-deps/nested-exclude prod — scan budget exceeded
first-party (npm): playground/ssr-deps/external-using-external-entry prod — scan budget exceeded
first-party (npm): playground/ssr-deps/ts-transpiled-exports prod — scan budget exceeded
first-party (npm): playground/ssr-deps/only-object-assigned-exports prod — scan budget exceeded
first-party (npm): playground/dynamic-import/pkg prod — scan budget exceeded
first-party (npm): playground/proxy-hmr/other-app prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__ prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/packages prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/plugins/fixtures/license prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/plugins/fixtures/license/dep-nested-license-isc prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/plugins/fixtures/license/dep-licence-cc0 prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/plugins/fixtures/license/dep-license-mit prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/plugins/fixtures/sass-package-resolution/node_modules/sass-pkg-with-index prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/fixtures/watch-rebuild-manifest prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/fixtures/test-dep-conditions prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/fixtures/cjs-ssr-dep prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/fixtures/scan-subpath-import-glob prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/fixtures/file-url prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/fixtures/config/plugin-module-condition prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/fixtures/config/siblings prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/fixtures/config/import-meta prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/fixtures/config/entry prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/fixtures/glob-exports/node_modules/my-pkg prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/packages/noname prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/packages/parent prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/packages/child prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/packages/module prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/packages/name prod — scan budget exceeded
first-party (npm): packages/vite/src/node/server/__tests__/fixtures/watcher prod — scan budget exceeded
first-party (npm): packages/vite/src/node/server/__tests__/fixtures/pnpm prod — scan budget exceeded
first-party (npm): packages/vite/src/node/server/__tests__/fixtures/yarn prod — scan budget exceeded
first-party (npm): packages/vite/src/node/server/__tests__/fixtures/lerna/nested prod — scan budget exceeded
first-party (npm): packages/vite/src/node/server/__tests__/fixtures/deno/nested prod — scan budget exceeded
first-party (npm): packages/vite/src/node/server/__tests__/fixtures/pnpm/nested prod — scan budget exceeded
first-party (npm): packages/vite/src/node/server/__tests__/fixtures/yarn/nested prod — scan budget exceeded
first-party (npm): packages/vite/src/node/server/__tests__/fixtures/none/nested prod — scan budget exceeded
first-party (npm): packages/vite/src/node/ssr/runtime/__tests__ prod — scan budget exceeded
first-party (npm): packages/vite/src/node/ssr/runtime/__tests__/fixtures/live-binding prod — scan budget exceeded
first-party (npm): packages/vite/src/node/ssr/runtime/__tests__/fixtures/cyclic2 prod — scan budget exceeded
first-party (npm): packages/vite/src/node/ssr/runtime/__tests__/fixtures/cjs-external prod — scan budget exceeded
first-party (npm): packages/vite/src/node/ssr/runtime/__tests__/fixtures/esm-external prod — scan budget exceeded
first-party (npm): packages/vite/src/node/ssr/runtime/__tests__/fixtures/invalid-package/deps/test-dep-invalid-exports prod — scan budget exceeded
first-party (npm): docs prod — scan budget exceeded
lightningcss prod — scan budget exceeded
picomatch prod — scan budget exceeded
postcss prod — scan budget exceeded
tinyglobby prod — scan budget exceeded
@babel/core prod — scan budget exceeded
@babel/plugin-transform-dynamic-import prod — scan budget exceeded
@babel/plugin-transform-modules-systemjs prod — scan budget exceeded
@babel/preset-env prod — scan budget exceeded
babel-plugin-polyfill-corejs3 prod — scan budget exceeded
babel-plugin-polyfill-regenerator prod — scan budget exceeded
browserslist prod — scan budget exceeded
browserslist-to-esbuild prod — scan budget exceeded
core-js prod — scan budget exceeded
regenerator-runtime prod — scan budget exceeded
systemjs prod — scan budget exceeded
@tailwindcss/vite prod — scan budget exceeded
tailwindcss prod — scan budget exceeded
@vitejs/test-dep-no-discovery prod — scan budget exceeded
vue prod — scan budget exceeded
vuex prod — scan budget exceeded
clipboard prod — scan budget exceeded
@vitejs/test-dep-cjs-browser-field prod — scan budget exceeded
@vitejs/longfilename-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa prod — scan budget exceeded
@vitejs/test-dep-alias-using-absolute-path prod — scan budget exceeded
@vitejs/test-dep-cjs-browser-field-bare prod — scan budget exceeded
@vitejs/test-dep-cjs-compiled-from-cjs prod — scan budget exceeded
@vitejs/test-dep-cjs-compiled-from-esm prod — scan budget exceeded
@vitejs/test-dep-cjs-with-assets prod — scan budget exceeded
@vitejs/test-dep-cjs-with-es-module-flag prod — scan budget exceeded
@vitejs/test-dep-cjs-with-external-deps prod — scan budget exceeded
@vitejs/test-dep-cjs-css-main-field prod — scan budget exceeded
@vitejs/test-dep-cjs-require-css-main-field prod — scan budget exceeded
@vitejs/test-dep-css-require prod — scan budget exceeded
@vitejs/test-dep-esbuild-plugin-transform prod — scan budget exceeded
@vitejs/test-dep-incompatible prod — scan budget exceeded
@vitejs/test-dep-linked prod — scan budget exceeded
@vitejs/test-dep-linked-include prod — scan budget exceeded
@vitejs/test-dep-node-env prod — scan budget exceeded
@vitejs/test-dep-not-js prod — scan budget exceeded
@vitejs/test-dep-optimize-exports-with-glob prod — scan budget exceeded
@vitejs/test-dep-optimize-exports-with-root-glob prod — scan budget exceeded
@vitejs/test-dep-optimize-with-glob prod — scan budget exceeded
@vitejs/test-dep-relative-to-main prod — scan budget exceeded
@vitejs/test-dep-source-map-no-sources prod — scan budget exceeded
@vitejs/test-dep-with-asset-ext1.pdf prod — scan budget exceeded
@vitejs/test-dep-with-asset-ext2.pdf prod — scan budget exceeded
@vitejs/test-dep-with-builtin-module-cjs prod — scan budget exceeded
@vitejs/test-dep-with-builtin-module-esm prod — scan budget exceeded
@vitejs/test-dep-with-dynamic-import prod — scan budget exceeded
@vitejs/test-dep-with-optional-peer-dep prod — scan budget exceeded
@vitejs/test-dep-with-optional-peer-dep-cjs prod — scan budget exceeded
@vitejs/test-dep-with-optional-peer-dep-submodule prod — scan budget exceeded
@vitejs/test-dep-with-plus-subpath prod — scan budget exceeded
@vitejs/test-dep-non-optimized prod — scan budget exceeded
@vitejs/test-added-in-entries prod — scan budget exceeded
@vitejs/test-dep-cjs-external-package-omit-js-suffix prod — scan budget exceeded
@vitejs/test-dep-with-assets prod — scan budget exceeded
@vitejs/test-dep-lodash prod — scan budget exceeded
@vitejs/test-dep-lodash.clonedeep prod — scan budget exceeded
@vitejs/test-dep-lodash-es prod — scan budget exceeded
@vitejs/test-nested-exclude prod — scan budget exceeded
phoenix prod — scan budget exceeded
react prod — scan budget exceeded
react-dom prod — scan budget exceeded
@vitejs/test-resolve-linked prod — scan budget exceeded
@vitejs/test-alias-original prod — scan budget exceeded
aliased-module prod — scan budget exceeded
@vue/shared prod — scan budget exceeded
@vitejs/test-import-assertion-dep prod — scan budget exceeded
@vitejs/test-dep-that-imports prod — scan budget exceeded
@vitejs/test-dep-that-requires prod — scan budget exceeded
@vitejs/test-commonjs-dep prod — scan budget exceeded
@vitejs/test-deep-import prod — scan budget exceeded
@vitejs/test-entries prod — scan budget exceeded
@vitejs/test-module-sync prod — scan budget exceeded
@vitejs/test-resolve-pkg-exports prod — scan budget exceeded
@tailwindcss/postcss prod — scan budget exceeded
@vitejs/test-external-cjs prod — scan budget exceeded
@vitejs/test-require-external-cjs prod — scan budget exceeded
@vitejs/test-import-meta-glob-pkg prod — scan budget exceeded
@vitejs/test-ssr-conditions-external prod — scan budget exceeded
@vitejs/test-ssr-conditions-no-external prod — scan budget exceeded
autoprefixer prod — scan budget exceeded
@babel/runtime prod — scan budget exceeded
normalize.css prod — scan budget exceeded
@vitejs/test-resolve-browser-field prod — scan budget exceeded
@vitejs/test-resolve-browser-module-field1 prod — scan budget exceeded

Development

@eslint/js dev — scan budget exceeded
@type-challenges/utils dev — scan budget exceeded
@types/babel__core dev — scan budget exceeded
@types/babel__preset-env dev — scan budget exceeded
@types/convert-source-map dev — scan budget exceeded
@types/cross-spawn dev — scan budget exceeded
@types/etag dev — scan budget exceeded
@types/less dev — scan budget exceeded
@types/node dev — scan budget exceeded
@types/picomatch dev — scan budget exceeded
@types/stylus dev — scan budget exceeded
@types/ws dev — scan budget exceeded
@vitejs/release-scripts dev — scan budget exceeded
eslint dev — scan budget exceeded
eslint-plugin-import-x dev — scan budget exceeded
eslint-plugin-n dev — scan budget exceeded
eslint-plugin-regexp dev — scan budget exceeded
execa dev — scan budget exceeded
globals dev — scan budget exceeded
lint-staged dev — scan budget exceeded
oxfmt dev — scan budget exceeded
picocolors dev — scan budget exceeded
playwright-chromium dev — scan budget exceeded
rolldown dev — scan budget exceeded
rollup dev — scan budget exceeded
simple-git-hooks dev — scan budget exceeded
tsx dev — scan budget exceeded
typescript dev — scan budget exceeded
typescript-eslint dev — scan budget exceeded
vite dev — scan budget exceeded
vitest dev — scan budget exceeded
@clack/prompts dev — scan budget exceeded
@vercel/detect-agent dev — scan budget exceeded
cross-spawn dev — scan budget exceeded
mri dev — scan budget exceeded
tsdown dev — scan budget exceeded
unrun dev — scan budget exceeded
@babel/parser dev — scan budget exceeded
@jridgewell/remapping dev — scan budget exceeded
@jridgewell/trace-mapping dev — scan budget exceeded
@polka/compression dev — scan budget exceeded
@rollup/plugin-alias dev — scan budget exceeded
@rollup/plugin-dynamic-import-vars dev — scan budget exceeded
@rollup/pluginutils dev — scan budget exceeded
@types/escape-html dev — scan budget exceeded
@types/pnpapi dev — scan budget exceeded
@vitejs/devtools dev — scan budget exceeded
@vitest/utils dev — scan budget exceeded
@voidzero-dev/vite-task-client dev — scan budget exceeded
artichokie dev — scan budget exceeded
baseline-browser-mapping dev — scan budget exceeded
cac dev — scan budget exceeded
chokidar dev — scan budget exceeded
connect dev — scan budget exceeded
convert-source-map dev — scan budget exceeded
cors dev — scan budget exceeded
dotenv-expand dev — scan budget exceeded
es-module-lexer dev — scan budget exceeded
esbuild dev — scan budget exceeded
escape-html dev — scan budget exceeded
estree-walker dev — scan budget exceeded
etag dev — scan budget exceeded
fresh-import dev — scan budget exceeded
host-validation-middleware dev — scan budget exceeded
http-proxy-3 dev — scan budget exceeded
launch-editor-middleware dev — scan budget exceeded
magic-string dev — scan budget exceeded
mlly dev — scan budget exceeded
mrmime dev — scan budget exceeded
nanoid dev — scan budget exceeded
obug dev — scan budget exceeded
open dev — scan budget exceeded
parse5 dev — scan budget exceeded
pathe dev — scan budget exceeded
periscopic dev — scan budget exceeded
postcss-import dev — scan budget exceeded
postcss-load-config dev — scan budget exceeded
postcss-modules dev — scan budget exceeded
premove dev — scan budget exceeded
resolve.exports dev — scan budget exceeded
rolldown-plugin-dts dev — scan budget exceeded
rollup-plugin-license dev — scan budget exceeded
sass dev — scan budget exceeded
sass-embedded dev — scan budget exceeded
sirv dev — scan budget exceeded
strip-literal dev — scan budget exceeded
terser dev — scan budget exceeded
ufo dev — scan budget exceeded
ws dev — scan budget exceeded
acorn dev — scan budget exceeded
css-color-names dev — scan budget exceeded
kill-port dev — scan budget exceeded
url dev — scan budget exceeded
express dev — scan budget exceeded
slash3 dev — scan budget exceeded
slash5 dev — scan budget exceeded
vue34 dev — scan budget exceeded
pug dev — scan budget exceeded
@types/react dev — scan budget exceeded
@types/react-dom dev — scan budget exceeded
react-fake-client dev — scan budget exceeded
react-fake-server dev — scan budget exceeded
@vitejs/test-css-dep dev — scan budget exceeded
@vitejs/test-css-dep-exports dev — scan budget exceeded
@vitejs/test-css-js-dep dev — scan budget exceeded
@vitejs/test-css-proxy-dep dev — scan budget exceeded
@vitejs/test-scss-proxy-dep dev — scan budget exceeded
less dev — scan budget exceeded
postcss-nested dev — scan budget exceeded
stylus dev — scan budget exceeded
sugarss dev — scan budget exceeded
@vitejs/test-json-require dev — scan budget exceeded
@vitejs/test-json-module dev — scan budget exceeded

verified_user Possible application data leak

App Privacy Score

bar_chart Score Breakdown

list Scan Summary

swap_horiz Potential data exfiltration in application code

</> First-Party Code

first-party (npm)

first-party (npm): playground

first-party (npm): playground/lib

first-party (npm): packages/create-vite

first-party (npm): packages/plugin-legacy

first-party (npm): packages/vite

first-party (npm): playground/assets

first-party (npm): playground/csp

first-party (npm): playground/css

first-party (npm): playground/css-lightningcss-proxy

first-party (npm): playground/env

first-party (npm): playground/environment-react-ssr

first-party (npm): playground/external

first-party (npm): playground/fs-serve

first-party (npm): playground/hmr

first-party (npm): playground/hmr-ssr

first-party (npm): playground/js-sourcemap

first-party (npm): playground/json

first-party (npm): playground/legacy

first-party (npm): playground/minify

first-party (npm): playground/optimize-deps

first-party (npm): playground/optimize-deps-no-discovery

first-party (npm): playground/optimize-deps/dep-cjs-with-external-deps

first-party (npm): playground/optimize-deps/dep-linked-include

first-party (npm): playground/optimize-deps/dep-node-env

first-party (npm): playground/optimize-deps/dep-with-builtin-module-cjs

first-party (npm): playground/optimize-deps/dep-with-builtin-module-esm

first-party (npm): playground/optimize-missing-deps

first-party (npm): playground/ssr

first-party (npm): playground/ssr-alias

first-party (npm): playground/ssr-conditions

first-party (npm): playground/ssr-deps

first-party (npm): playground/ssr-html

first-party (npm): playground/ssr-noexternal

first-party (npm): playground/ssr-pug

first-party (npm): playground/ssr-resolve

first-party (npm): playground/ssr-wasm

first-party (npm): playground/ssr-webworker

first-party (npm): playground/tsconfig-json

first-party (npm): playground/tsconfig-json-load-error

first-party (npm): playground/worker

Skipped dependencies