Close Open Privacy Scan

bolt Snapshot: commit 94bcbcc
science engine v3
schedule 2026-07-08T09:06:33.845444+00:00

verified_user No application data leak found

No high-confidence exfiltration was found in application code.

App Privacy Score

97 /100
Low privacy risk

Low risk · 14 finding(s)

Dependency score: 97 (Low risk)

bar_chart Score Breakdown

env_fs −3

list Scan Summary

0 high 0 medium 14 low
First-party packages: 1
Dependency packages: 2
Ecosystem: npm

swap_horiz Application data flows

No high- or medium-confidence application data-flow findings in this scan.

</> First-Party Code

first-party (npm)

npm first-party
expand_more 6 low-confidence finding(s)
low env_fs production #004b819c184108d3 Filesystem access.
repo/examples/http2.js:8
    key: fs.readFileSync(path.join(__dirname, '../test/https/fastify.key')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #acfc543c2df0da8f Filesystem access.
repo/examples/http2.js:9
    cert: fs.readFileSync(path.join(__dirname, '../test/https/fastify.cert'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #41b090902d4db95d Filesystem access.
repo/examples/https.js:7
    key: fs.readFileSync(path.join(__dirname, '../test/https/fastify.key')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6d4c3606c116947e Filesystem access.
repo/examples/https.js:8
    cert: fs.readFileSync(path.join(__dirname, '../test/https/fastify.cert'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d841c75723cef6fa Environment-variable access.
repo/scripts/validate-ecosystem-links.js:24
  return process.env.GITHUB_TOKEN

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #827c762a527777ea Filesystem access.
repo/scripts/validate-ecosystem-links.js:100
  const content = fs.readFileSync(ECOSYSTEM_FILE, 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

</> Dependencies

pino

npm dependency
expand_more 6 low-confidence finding(s)
low env_fs tooling Excluded from app score unknown #24be38c11f559a34 Environment-variable access.
pkgs/npm/[email protected]/benchmarks/basic.bench.js:17
process.env.DEBUG = 'dlog'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #5ecd2c6d511de3b5 Filesystem access.
pkgs/npm/[email protected]/benchmarks/utils/wrap-log-level.js:6
const code = readFileSync(
  join(__dirname, '..', '..', 'node_modules', 'loglevel', 'lib', 'loglevel.js')
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dcab7ab30edceb50 Environment-variable access.
pkgs/npm/[email protected]/lib/transport-stream.js:22
      } else if (process.env && process.env.TS_NODE_DEV) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ba7bb4a2e1b366d Environment-variable access.
pkgs/npm/[email protected]/lib/transport.js:122
  if (!workerOpts.env && process.env.NODE_OPTIONS) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92e6d6264aa7cbce Environment-variable access.
pkgs/npm/[email protected]/lib/transport.js:123
    const nodeOptions = sanitizeNodeOptions(process.env.NODE_OPTIONS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a8ca52c0150a0ee Environment-variable access.
pkgs/npm/[email protected]/lib/transport.js:124
    if (nodeOptions !== process.env.NODE_OPTIONS) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

semver

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #d5fa3489c7d443d1 Environment-variable access.
pkgs/npm/[email protected]/internal/debug.js:6
  process.env.NODE_DEBUG &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad4cbf8311453651 Environment-variable access.
pkgs/npm/[email protected]/internal/debug.js:7
  /\bsemver\b/i.test(process.env.NODE_DEBUG)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.