Close Open Privacy Scan

link https://github.com/vitejs/vite

bolt Snapshot: commit 869e8ea

science engine v1

schedule 2026-06-27T01:12:30.410387+00:00

Incomplete scan — only 0/200 dependencies were analyzed. Treat the score as provisional.

App Privacy Score

47 /100

High privacy risk — possible application leak

High risk · 805 finding(s)

Dependency score: 100 (Low risk)

bar_chart Score Breakdown

pii_flow −45

egress −5

env_fs −3

list Scan Summary

0 high 3 medium 802 low

First-party packages: 43

Dependency packages: 0

Ecosystem: npm

swap_horiz Potential data exfiltration in application code

External domains: sponsors.vite.dev

medium first-party (npm) PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.

repo/playground/lib/src/main.js:8 → repo/playground/lib/src/main.js:8

medium first-party (npm): playground PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.

repo/playground/lib/src/main.js:8 → repo/playground/lib/src/main.js:8

medium first-party (npm): playground/lib PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.

repo/playground/lib/src/main.js:8 → repo/playground/lib/src/main.js:8

</> First-Party Code

first-party (npm)

npm first-party

medium pii_flow production #7998ed0dd8bf8d90 — PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.

repo/playground/lib/src/main.js:8 · flow /tmp/closeopen-nd_xe8fh/repo/playground/lib/src/main.js:8 → /tmp/closeopen-nd_xe8fh/repo/playground/lib/src/main.js:8

  console.log(process.env.NODE_ENV)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 331 low-confidence finding(s)

low env_fs production #9ca672094182b7fb — Filesystem access.

repo/docs/.vitepress/buildEnd.config.ts:49

  writeFileSync(path.join(config.outDir, 'blog.rss'), feed.rss2())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3428235d59b28896 — Environment-variable access.

repo/docs/.vitepress/config.ts:26

const deployURL = process.env.DEPLOY_PRIME_URL || ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c8bf9537bfbafe6f — Environment-variable access.

repo/docs/.vitepress/config.ts:27

const commitRef = process.env.COMMIT_REF?.slice(0, 8) || 'dev'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #961bda755f354e36 — Hardcoded external endpoint. Review what data is sent to this destination.

repo/docs/.vitepress/theme/composables/sponsor.ts:18

    const result = await fetch('https://sponsors.vite.dev/sponsors.json')

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #047b0dc0632bf5c1 — Filesystem access.

repo/docs/_data/acknowledgements.data.ts:114

  const content = fs.readFileSync(licensePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #45d1eacc0650eaac — Filesystem access.

repo/docs/_data/acknowledgements.data.ts:202

    const content = fs.readFileSync(packagePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ffa6077992f183bf — Environment-variable access.

repo/eslint.config.js:13

const shouldTypeCheck = typeof process.env.VSCODE_PID === 'string'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #69eed43622f46550 — Filesystem access.

repo/packages/create-vite/__tests__/cli.spec.ts:32

  fs.writeFileSync(pkgJson, '{ "foo": "bar" }')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9287559462ed2a83 — Filesystem access.

repo/packages/create-vite/__tests__/cli.spec.ts:179

  const configFile = fs.readFileSync(
    path.join(genPath, 'vite.config.ts'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fee6513da65fe2b3 — Filesystem access.

repo/packages/create-vite/__tests__/cli.spec.ts:183

  const packageJsonFile = fs.readFileSync(
    path.join(genPath, 'package.json'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fdff00261ea33bc8 — Filesystem access.

repo/packages/create-vite/__tests__/cli.spec.ts:187

  const readmeFile = fs.readFileSync(path.join(genPath, 'README.md'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a95c5eb7e0118469 — Filesystem access.

repo/packages/create-vite/__tests__/cli.spec.ts:205

  const pkg = fs.readFileSync(path.join(genPath, 'package.json'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #46694bd10acda627 — Filesystem access.

repo/packages/create-vite/__tests__/cli.spec.ts:210

  const readme = fs.readFileSync(path.join(genPath, 'README.md'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cc26b497e4a98401 — Filesystem access.

repo/packages/create-vite/__tests__/cli.spec.ts:224

  const pkg = fs.readFileSync(path.join(genPath, 'package.json'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6bde8ee61e36bd47 — Filesystem access.

repo/packages/create-vite/__tests__/cli.spec.ts:288

  const indexHtmlContent = fs.readFileSync(indexHtmlPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #109d08894954aa10 — Environment-variable access.

repo/packages/create-vite/src/index.ts:415

  if (process.env._VITE_TEST_CLI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bec29ba2342397b2 — Environment-variable access.

repo/packages/create-vite/src/index.ts:429

  if (process.env._VITE_TEST_CLI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ea8932f2124167eb — Environment-variable access.

repo/packages/create-vite/src/index.ts:466

  const pkgInfo = pkgFromUserAgent(process.env.npm_config_user_agent)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ba958cd317df0ff7 — Filesystem access.

repo/packages/create-vite/src/index.ts:676

      fs.writeFileSync(targetPath, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #73065bc3f42dd48a — Filesystem access.

repo/packages/create-vite/src/index.ts:679

      const templateContent = fs.readFileSync(templatePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d1a1de9b89066139 — Filesystem access.

repo/packages/create-vite/src/index.ts:684

      fs.writeFileSync(targetPath, updatedContent)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #acb95faedb11322a — Filesystem access.

repo/packages/create-vite/src/index.ts:696

    fs.readFileSync(path.join(templateDir, `package.json`), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8055350f66665aca — Filesystem access.

repo/packages/create-vite/src/index.ts:914

  fs.writeFileSync(path.resolve(root, 'eslint.config.js'), eslintConfig)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #55841142ea03fddd — Filesystem access.

repo/packages/create-vite/src/index.ts:1043

  const content = fs.readFileSync(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8e820b516d581fa7 — Filesystem access.

repo/packages/create-vite/src/index.ts:1044

  fs.writeFileSync(file, callback(content), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #77a16dcd746aaf1c — Filesystem access.

repo/packages/plugin-legacy/src/__tests__/readme.spec.ts:7

  const readme = fs.readFileSync(
    path.resolve(import.meta.dirname, '../../README.md'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ad66fa7e14627ed9 — Environment-variable access.

repo/packages/plugin-legacy/src/index.ts:163

  const debugFlags = (process.env.DEBUG || '').split(',')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #61335ff548448730 — Environment-variable access.

repo/packages/vite/bin/vite.js:6

  if (!process.env.DEBUG_DISABLE_SOURCE_MAP) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #42f83e0819123c99 — Environment-variable access.

repo/packages/vite/bin/vite.js:36

  process.env.DEBUG = `${

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2aee5649332979f1 — Environment-variable access.

repo/packages/vite/bin/vite.js:37

    process.env.DEBUG ? process.env.DEBUG + ',' : ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2aee5649332979f1 — Environment-variable access.

repo/packages/vite/bin/vite.js:37

    process.env.DEBUG ? process.env.DEBUG + ',' : ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a9aaa85bdc2a69a9 — Environment-variable access.

repo/packages/vite/bin/vite.js:43

      process.env.VITE_DEBUG_FILTER = filter

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7ee4924c58a0e211 — Filesystem access.

repo/packages/vite/rolldown.config.ts:12

  readFileSync(new URL('./package.json', import.meta.url)).toString(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f7f914ed2647a8f3 — Environment-variable access.

repo/packages/vite/rolldown.config.ts:14

const disableSourceMap = !!process.env.DEBUG_DISABLE_SOURCE_MAP

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #92f95eeda871aa84 — Filesystem access.

repo/packages/vite/rolldown.config.ts:186

        writeFileSync(
          'dist/node/index.d.ts',
          "export * from '../../src/node/index.ts'",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #23d812c11a43586e — Filesystem access.

repo/packages/vite/rolldown.config.ts:190

        writeFileSync(
          'dist/node/module-runner.d.ts',
          "export * from '../../src/module-runner/index.ts'",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c62ec6f09fe9855c — Filesystem access.

repo/packages/vite/rolldown.dts.config.ts:23

  readFileSync(new URL('./package.json', import.meta.url)).toString(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f33d4b98b03306e — Filesystem access.

repo/packages/vite/rollupLicensePlugin.ts:17

      const coreLicense = fs.readFileSync(
        new URL('../../LICENSE', import.meta.url),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #328048b86d90f675 — Filesystem access.

repo/packages/vite/rollupLicensePlugin.ts:108

      const existingLicenseText = fs.readFileSync(licenseFilePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #538c02baab1acb5c — Filesystem access.

repo/packages/vite/rollupLicensePlugin.ts:110

        fs.writeFileSync(licenseFilePath, licenseText)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #54bbd85eb6acc9a4 — Filesystem access.

repo/packages/vite/src/node/__tests__/build.spec.ts:1173

  const content = await fsp.readFile(entry, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e1c124b2014f1fb8 — Filesystem access.

repo/packages/vite/src/node/__tests__/build.spec.ts:1174

  await fsp.writeFile(
    entry,
    content.replace(`import('./dep.js')`, `'dep.js removed'`),
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f153d5bc38bb396c — Filesystem access.

repo/packages/vite/src/node/__tests__/build.spec.ts:1179

    await fsp.writeFile(entry, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a1e031c16feac2f7 — Filesystem access.

repo/packages/vite/src/node/__tests__/build.spec.ts:1209

    fsp.readFile(resolve(root, 'dist/favicon.svg'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d46eb935d5c538cf — Filesystem access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1386

      fs.writeFileSync(path.resolve(root, fileName), content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #da5cf0bfdfd8afdb — Filesystem access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1390

      fs.writeFileSync(
        path.resolve(root, 'package.json'),
        JSON.stringify({
          name: '@vitejs/test-load-config-from-file',
          type: typeField,
        }),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c50d050eca920831 — Environment-variable access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1599

    delete process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #951d8d12773a8ddb — Environment-variable access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1603

    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'example.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #37097f2b542a1f02 — Environment-variable access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1613

    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #391ec9596011d5d5 — Environment-variable access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1628

    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #125553f262ae7da6 — Environment-variable access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1643

    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ae101a8a21ff065d — Environment-variable access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1654

    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'new.com,another.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2412a1a9a30f0d73 — Environment-variable access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1668

    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'example.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #18fbd03b47d820cc — Environment-variable access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1680

      process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = env

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e2ca50c9353b7546 — Environment-variable access.

repo/packages/vite/src/node/__tests__/env.spec.ts:54

    expect(process.env.VITE_USER_NODE_ENV).toEqual(undefined)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2dde751827c181a3 — Environment-variable access.

repo/packages/vite/src/node/__tests__/env.spec.ts:58

    const _nodeEnv = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f5d79486d8a1bd4c — Environment-variable access.

repo/packages/vite/src/node/__tests__/env.spec.ts:59

    process.env.NODE_ENV = 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b1f45a32e5a3c93b — Environment-variable access.

repo/packages/vite/src/node/__tests__/env.spec.ts:61

    expect(process.env.VITE_USER_NODE_ENV).toEqual('development')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ecaf5f583ad80213 — Environment-variable access.

repo/packages/vite/src/node/__tests__/env.spec.ts:62

    process.env.NODE_ENV = _nodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #36899d5d0b71aac4 — Environment-variable access.

repo/packages/vite/src/node/__tests__/env.spec.ts:66

    process.env.VITE_USER_NODE_ENV = 'test'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #31893b74c001b947 — Environment-variable access.

repo/packages/vite/src/node/__tests__/env.spec.ts:68

    expect(process.env.VITE_USER_NODE_ENV).toEqual('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #05cce1f44cf0d518 — Environment-variable access.

repo/packages/vite/src/node/__tests__/env.spec.ts:72

    process.env.VITE_ENV_TEST_ENV = 'EXIST'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #06e8db0d71b8e0b5 — Filesystem access.

repo/packages/vite/src/node/__tests__/plugins/cssPreprocessorTeardown.spec.ts:25

    fs.writeFileSync(scssPath, '$c: red;\nbody { color: $c; }\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #98624cdab29dc1be — Filesystem access.

repo/packages/vite/src/node/__tests__/plugins/cssPreprocessorTeardown.spec.ts:37

        fs.readFileSync(scssPath, 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #41dabe5e5e018b73 — Filesystem access.

repo/packages/vite/src/node/__tests__/plugins/importGlob/fixture.spec.ts:14

      await transformWithEsbuild(await fs.readFile(id, 'utf-8'), id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2921f093192990cb — Filesystem access.

repo/packages/vite/src/node/__tests__/plugins/importGlob/fixture.spec.ts:85

      await transformWithEsbuild(await fs.readFile(id, 'utf-8'), id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c17eeb1e0db6b023 — Environment-variable access.

repo/packages/vite/src/node/build.ts:1091

  const tty = process.stdout.isTTY && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0020d56025290160 — Filesystem access.

repo/packages/vite/src/node/cli.ts:79

        fs.writeFileSync(outPath, JSON.stringify(profile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8032044e9497f792 — Environment-variable access.

repo/packages/vite/src/node/config.ts:1422

  if (process.env.NODE_ENV === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4d325fc66da34f25 — Environment-variable access.

repo/packages/vite/src/node/config.ts:1425

      process.env.NODE_ENV = nodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c8d6f2f0ef1ac5fd — Environment-variable access.

repo/packages/vite/src/node/config.ts:1428

  const isNodeEnvSet = !!process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b341336c888131c4 — Environment-variable access.

repo/packages/vite/src/node/config.ts:1434

    process.env.NODE_ENV = defaultNodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #faec10a94efd083a — Environment-variable access.

repo/packages/vite/src/node/config.ts:1730

  const userNodeEnv = process.env.VITE_USER_NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #06a7485694873d32 — Environment-variable access.

repo/packages/vite/src/node/config.ts:1733

      process.env.NODE_ENV = 'development'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a68a3c381ef03934 — Environment-variable access.

repo/packages/vite/src/node/config.ts:1744

  const isProduction = process.env.NODE_ENV === 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0dcdd60cf4642aa7 — Filesystem access.

repo/packages/vite/src/node/config.ts:2656

    await fsp.writeFile(tempFileName, bundledCode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fe21ed729f10343f — Filesystem access.

repo/packages/vite/src/node/constants.ts:7

  readFileSync(new URL('../../package.json', import.meta.url)).toString(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9a09805ed713380c — Filesystem access.

repo/packages/vite/src/node/env.ts:59

      const parsedEnv = parseEnv(fs.readFileSync(filePath, 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f3396bca349a4787 — Environment-variable access.

repo/packages/vite/src/node/env.ts:67

  if (parsed.NODE_ENV && process.env.VITE_USER_NODE_ENV === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6fda8a9d0471e4b8 — Environment-variable access.

repo/packages/vite/src/node/env.ts:68

    process.env.VITE_USER_NODE_ENV = parsed.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #66862bf044842529 — Environment-variable access.

repo/packages/vite/src/node/env.ts:71

  if (parsed.BROWSER && process.env.BROWSER === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #875cb70fa38e92e0 — Environment-variable access.

repo/packages/vite/src/node/env.ts:72

    process.env.BROWSER = parsed.BROWSER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #64c3caeed2e90f64 — Environment-variable access.

repo/packages/vite/src/node/env.ts:74

  if (parsed.BROWSER_ARGS && process.env.BROWSER_ARGS === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e681a07d320bb180 — Environment-variable access.

repo/packages/vite/src/node/env.ts:75

    process.env.BROWSER_ARGS = parsed.BROWSER_ARGS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8a8a648c10ae0f1d — Environment-variable access.

repo/packages/vite/src/node/env.ts:100

      env[key] = process.env[key]!

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb242f5b4de7eb7d — Filesystem access.

repo/packages/vite/src/node/http.ts:162

    return fsp.readFile(path.resolve(value)).catch(() => value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4c56f4d5fddc8163 — Environment-variable access.

repo/packages/vite/src/node/logger.ts:84

    allowClearScreen && process.stdout.isTTY && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0674f6027416cda — Filesystem access.

repo/packages/vite/src/node/optimizer/index.ts:414

        await fsp.readFile(cachedMetadataPath, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1edc9ee7a98ad46e — Filesystem access.

repo/packages/vite/src/node/optimizer/index.ts:540

  fs.writeFileSync(
    path.resolve(processingCacheDir, 'package.json'),
    `{\n  "type": "module"\n}\n`,
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #628ca1dad780ab6b — Filesystem access.

repo/packages/vite/src/node/optimizer/index.ts:595

      fs.writeFileSync(
        dataPath,
        stringifyDepsOptimizerMetadata(metadata, depsCacheDir),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #887ace5ade487778 — Environment-variable access.

repo/packages/vite/src/node/optimizer/index.ts:817

      : JSON.stringify(process.env.NODE_ENV || environment.config.mode),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2325efacbad7310f — Filesystem access.

repo/packages/vite/src/node/optimizer/index.ts:1161

  const entryContent = fs.readFileSync(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #24585b5ef6e9d888 — Environment-variable access.

repo/packages/vite/src/node/optimizer/index.ts:1280

  return process.env.npm_config_user_agent?.startsWith(manager) ? 1 : -1

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a5385f90347d06ff — Environment-variable access.

repo/packages/vite/src/node/optimizer/index.ts:1292

        ? process.env.NODE_ENV || config.mode

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cf505ff12f0cacdb — Filesystem access.

repo/packages/vite/src/node/optimizer/index.ts:1331

  let content = lockfilePath ? fs.readFileSync(lockfilePath, 'utf-8') : ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #46697ba92a982043 — Filesystem access.

repo/packages/vite/src/node/optimizer/scan.ts:440

    let raw = await fsp.readFile(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6a4d5427515dd79a — Filesystem access.

repo/packages/vite/src/node/packages.ts:179

  const data = JSON.parse(stripBomTag(fs.readFileSync(pkgPath, 'utf-8')))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6fa9354cd18722d9 — Filesystem access.

repo/packages/vite/src/node/plugins/asset.ts:210

              await fsp.readFile(file, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3dcb5e937fa40f1b — Filesystem access.

repo/packages/vite/src/node/plugins/asset.ts:344

    const content = await fsp.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7d7b9cdf5b6fbc5c — Filesystem access.

repo/packages/vite/src/node/plugins/asset.ts:353

    const content = await fsp.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f58c22e179513cd3 — Filesystem access.

repo/packages/vite/src/node/plugins/asset.ts:452

  const content = await fsp.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9c6abc83ed398b50 — Environment-variable access.

repo/packages/vite/src/node/plugins/clientInjections.ts:55

          JSON.stringify(process.env.NODE_ENV || config.mode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fafd8130e680700e — Filesystem access.

repo/packages/vite/src/node/plugins/clientInjections.ts:147

  const content = fs.readFileSync(normalizedClientEntry, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6707e950c318c8d5 — Filesystem access.

repo/packages/vite/src/node/plugins/css.ts:1586

          const code = await fs.promises.readFile(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #79a2bc88092b32ba — Filesystem access.

repo/packages/vite/src/node/plugins/css.ts:2581

            result.contents ?? (await fsp.readFile(result.file, 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7f3ac365246eb232 — Filesystem access.

repo/packages/vite/src/node/plugins/css.ts:2728

  const content = await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9f627150cfdb8fb5 — Filesystem access.

repo/packages/vite/src/node/plugins/css.ts:2858

                  (await fsp.readFile(result.resolved, 'utf-8')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #65515d016879ae93 — Filesystem access.

repo/packages/vite/src/node/plugins/css.ts:3245

              const code = fs.readFileSync(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #878e424afdf1cd9d — Filesystem access.

repo/packages/vite/src/node/plugins/css.ts:3336

        const code = fs.readFileSync(e.fileName, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0bdec52eae3bb385 — Environment-variable access.

repo/packages/vite/src/node/plugins/define.ts:19

    const nodeEnv = process.env.NODE_ENV || config.mode

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b35be33b63572d57 — Filesystem access.

repo/packages/vite/src/node/plugins/forwardConsole.ts:138

      const code = fs.readFileSync(stack.file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a593e86a3dc12baf — Filesystem access.

repo/packages/vite/src/node/plugins/license.ts:83

            entry.text = fs.readFileSync(licenseFile, 'utf-8').trim()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0042108404966f4d — Filesystem access.

repo/packages/vite/src/node/plugins/optimizedDeps.ts:89

            fsp.readFile(file, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d1b440c1b319c8b8 — Filesystem access.

repo/packages/vite/src/node/plugins/optimizedDeps.ts:90

            fsp
              .readFile(`${file}.map`, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9eacf2c3e55a2853 — Environment-variable access.

repo/packages/vite/src/node/plugins/reporter.ts:9

    const tty = process.stdout.isTTY && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #af27777d2ab10496 — Filesystem access.

repo/packages/vite/src/node/plugins/wasm.ts:192

    const wasmBinary = await fsp.readFile(wasmFilePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #53e08a0c9e185070 — Filesystem access.

repo/packages/vite/src/node/server/hmr.ts:1137

  const content = await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e784e46dc8e3edc3 — Filesystem access.

repo/packages/vite/src/node/server/hmr.ts:1149

    return await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #71c2740a2cbe17c9 — Environment-variable access.

repo/packages/vite/src/node/server/index.ts:934

  if (process.env.DEBUG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52ca86a1a5c9a771 — Filesystem access.

repo/packages/vite/src/node/server/index.ts:1275

    const content = fs.readFileSync(pnpmModulesYaml, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f8a4168423bb686e — Environment-variable access.

repo/packages/vite/src/node/server/index.ts:1316

    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9ae418db48f5572d — Environment-variable access.

repo/packages/vite/src/node/server/index.ts:1320

      process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #75e604383c25a2a2 — Filesystem access.

repo/packages/vite/src/node/server/middlewares/__tests__/indexHtml.spec.ts:9

const HTML_CONTENT = fs.readFileSync(HTML_PATH, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1cef80b4b55ca343 — Filesystem access.

repo/packages/vite/src/node/server/middlewares/__tests__/indexHtml.spec.ts:68

    const htmlContent = fs.readFileSync(htmlPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0a16e1d783c7d982 — Filesystem access.

repo/packages/vite/src/node/server/middlewares/indexHtml.ts:540

          let html = await fsp.readFile(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d537ff5d14d0fc01 — Filesystem access.

repo/packages/vite/src/node/server/middlewares/transform.ts:170

              await fsp.readFile(sourcemapPath, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1fba3b23001437c6 — Environment-variable access.

repo/packages/vite/src/node/server/openBrowser.ts:31

  const browser = typeof opt === 'string' ? opt : process.env.BROWSER || ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #76d6b74ab278dcdf — Environment-variable access.

repo/packages/vite/src/node/server/openBrowser.ts:35

    const browserArgs = process.env.BROWSER_ARGS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1f1d6382d62ce3a6 — Environment-variable access.

repo/packages/vite/src/node/server/openBrowser.ts:36

      ? process.env.BROWSER_ARGS.split(' ')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e4ce77b9f9ee77c9 — Environment-variable access.

repo/packages/vite/src/node/server/pluginContainer.ts:111

  process.env.DEBUG_VITE_SOURCEMAP_COMBINE_FILTER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #89a099cd62933c07 — Filesystem access.

repo/packages/vite/src/node/server/pluginContainer.ts:961

              code = fs.readFileSync(err.loc.file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #25c7c222849a97c4 — Filesystem access.

repo/packages/vite/src/node/server/pluginContainer.ts:1000

              code = fs.readFileSync(err.loc.file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7ecd044f3c36449d — Filesystem access.

repo/packages/vite/src/node/server/searchRoot.ts:31

    const content = JSON.parse(fs.readFileSync(path, 'utf-8')) || {}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e769a8171d275264 — Filesystem access.

repo/packages/vite/src/node/server/searchRoot.ts:46

      const content = JSON.parse(fs.readFileSync(path, 'utf-8')) || {}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #75d417681313c0bd — Filesystem access.

repo/packages/vite/src/node/server/sourcemap.ts:112

          sourcesContent[index] = await fsp
            .readFile(resolvedSourcePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #583bdbd74db3c703 — Filesystem access.

repo/packages/vite/src/node/server/sourcemap.ts:241

    return fs.readFileSync(resolvedPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4713721240dfcc7c — Filesystem access.

repo/packages/vite/src/node/server/transformRequest.ts:284

        code = await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5b948c5b8b03a941 — Filesystem access.

repo/packages/vite/src/node/server/warmup.ts:34

        const html = await fs.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f5a2b013868edfa6 — Environment-variable access.

repo/packages/vite/src/node/shortcuts.ts:36

  enabled: boolean = process.stdin.isTTY && !process.env.CI,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0d2c94c384235303 — Filesystem access.

repo/packages/vite/src/node/ssr/__tests__/ssrLoadModule.spec.ts:233

  const source = fs.readFileSync(
    path.join(root, 'fixtures/json/test.json'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5ce8f2533f1a7502 — Filesystem access.

repo/packages/vite/src/node/ssr/__tests__/ssrTransform.spec.ts:644

    return readFileSync(fileURLToPath(url), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4b9a3219cad57323 — Filesystem access.

repo/packages/vite/src/node/ssr/__tests__/ssrTransform.spec.ts:669

    return readFileSync(fileURLToPath(url), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #936c78743e0f7c19 — Filesystem access.

repo/packages/vite/src/node/ssr/runtime/__tests__/fixtures/native.js:3

export { readdirSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ab505a5e166bf64b — Environment-variable access.

repo/packages/vite/src/node/ssr/runtime/__tests__/server-hmr.spec.ts:137

  process.env.CI ? 50_00 : 5_000,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2c061c2758308b7f — Filesystem access.

repo/packages/vite/src/node/ssr/runtime/__tests__/utils.ts:114

      fs.writeFileSync(file, content, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f75c6e705e9996c5 — Filesystem access.

repo/packages/vite/src/node/ssr/runtime/__tests__/utils.ts:121

      const content = fs.readFileSync(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #354c86ead53bc33f — Filesystem access.

repo/packages/vite/src/node/ssr/runtime/__tests__/utils.ts:123

      fs.writeFileSync(file, callback(content), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #86d566a3ef791964 — Filesystem access.

repo/packages/vite/src/node/ssr/runtime/serverModuleRunner.ts:66

      return readFileSync(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2723aac57bb76c13 — Environment-variable access.

repo/packages/vite/src/node/utils.ts:176

const filter = process.env.VITE_DEBUG_FILTER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #363f7a30960af262 — Environment-variable access.

repo/packages/vite/src/node/utils.ts:178

const DEBUG = process.env.DEBUG

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a908fd9ad29e7a86 — Environment-variable access.

repo/packages/vite/src/node/utils.ts:1246

    const method = process.env.VITE_DEPRECATION_TRACE ? 'trace' : 'warn'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b36f53476a2a7f82 — Environment-variable access.

repo/packages/vite/src/node/utils.ts:1351

    const method = process.env.VITE_DEPRECATION_TRACE ? 'trace' : 'warn'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d14cd87d2162dc4d — Environment-variable access.

repo/packages/vite/src/node/utils.ts:1708

    process.env.npm_config_user_agent?.split(' ')[0].split('/')[0] || 'npm'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d2bbb28a944b5a73 — Environment-variable access.

repo/packages/vite/src/node/utils.ts:1833

    if (process.env.CI !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e89b754a0428c424 — Environment-variable access.

repo/packages/vite/src/node/utils.ts:1846

    if (process.env.CI !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #926349a03d996f38 — Filesystem access.

repo/playground/assets/__tests__/assets.spec.ts:536

  const src = readFile('foo.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d8cff3af78811d56 — Filesystem access.

repo/playground/assets/__tests__/assets.spec.ts:555

    const src = readFile('テスト-測試-white space.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #22a8d577d226c47e — Filesystem access.

repo/playground/assets/__tests__/assets.spec.ts:579

    const newContent = readFile('import-meta-url/img-update.png', null)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e68082b8e31dd91e — Filesystem access.

repo/playground/assets/__tests__/assets.spec.ts:787

  const indexHtml = readFile('./dist/foo/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a20274fda53bda69 — Filesystem access.

repo/playground/assets/__tests__/assets.spec.ts:794

  const indexHtml = readFile('./dist/foo/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7ef7dfd642571bdf — Filesystem access.

repo/playground/csp/vite.config.js:28

  const content = await fs.readFile(
    path.join(import.meta.dirname, file),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6b10a628e2eed1b1 — Environment-variable access.

repo/playground/css-lightningcss-proxy/server.js:6

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ec6f7b831636241b — Filesystem access.

repo/playground/css-lightningcss-proxy/server.js:59

      let template = fs.readFileSync(htmlLoc, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cc1c42bbf451ce34 — Filesystem access.

repo/playground/css/__tests__/tests.ts:411

    readFileSync(require.resolve('../raw-imported.css'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e9a33f310b0d54d — Filesystem access.

repo/playground/css/postcss.config.js:23

        const text = files.map((f) => fs.readFileSync(f, 'utf-8')).join('\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #67f94ca64423f19c — Environment-variable access.

repo/playground/env/__tests__/env.spec.ts:52

  expect(await page.textContent('.node-env')).toBe(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c7585456716b0f46 — Environment-variable access.

repo/playground/env/__tests__/env.spec.ts:53

  expect(await page.textContent('.global-node-env')).toBe(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9020688451d96f3f — Environment-variable access.

repo/playground/env/__tests__/env.spec.ts:55

    process.env.NODE_ENV,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4a043d0be07133fb — Environment-variable access.

repo/playground/env/vite.config.js:3

process.env.EXPAND = 'expand'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a1c25874b72ae059 — Filesystem access.

repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:49

      fs.readFileSync(file, 'utf-8').includes('process.env.NODE_ENV'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9aec97131888c38b — Filesystem access.

repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:67

      const originalContent = readFile(filePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0fe450dee37912de — Filesystem access.

repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:68

      fs.writeFileSync(
        filePath,
        `import 'react-fake-${env}'\n${originalContent}`,
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1f717dcc754dd028 — Filesystem access.

repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:74

        fs.writeFileSync(filePath, originalContent, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #36dbeb8379020b25 — Filesystem access.

repo/playground/external/vite.config.js:13

      const code = await fs.readFile(
        new URL(`./node_modules/${file}`, import.meta.url),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a393f7ed4dc560ba — Filesystem access.

repo/playground/fs-serve/__tests__/commonTests.ts:26

const safeJsonContent = fs.readFileSync(
  path.resolve(import.meta.dirname, '../safe.json'),
  'utf-8',
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #442528ee314f2789 — Filesystem access.

repo/playground/hmr-full-bundle-mode/__tests__/hmr-full-bundle-mode.spec.ts:144

    const original = readFile('hmr-asset.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #599d963360517c65 — Filesystem access.

repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:300

      const originalUnresolvedFile = readFile('unresolved.ts')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ec7d7efd754576d5 — Filesystem access.

repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:303

        fs.writeFileSync(filepath, originalUnresolvedFile, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2c62487a74349463 — Filesystem access.

repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:772

  const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b9ace840a385bd31 — Filesystem access.

repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:842

  const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1a0cb63cc0faaa21 — Filesystem access.

repo/playground/hmr/__tests__/hmr.spec.ts:907

    const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #438b95efa0b9c9b5 — Filesystem access.

repo/playground/hmr/__tests__/hmr.spec.ts:984

    const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #206dd7fd3376bc8f — Filesystem access.

repo/playground/hmr/vite.config.ts:114

        const dep = await fs.readFile(depPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e11a796fecceec2c — Filesystem access.

repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:308

      const mapContent = readFile(`dist/assets/${mapAsset}`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7bf7d4eed59e8788 — Filesystem access.

repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:384

      const jsContent = readFile(jsAsset)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1f27001b12f81c94 — Filesystem access.

repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:395

      const mapContent = readFile(mapFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #08df6ceead8fbbfe — Filesystem access.

repo/playground/json/__tests__/csr/json-csr.spec.ts:48

    readFileSync(require.resolve('../../test.json'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dfb70b9515fdd39c — Filesystem access.

repo/playground/legacy/__tests__/legacy.spec.ts:171

          readFile(`dist/assets/${filename}`).includes('Unable to preload'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b914d40fff990c71 — Filesystem access.

repo/playground/legacy/vite.config-chunk-importmap.js:21

    let index = fs.readFileSync(indexPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9e3150dbc02d507b — Filesystem access.

repo/playground/legacy/vite.config-chunk-importmap.js:25

    fs.writeFileSync(indexPath, index)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e3b1d02af06997ca — Filesystem access.

repo/playground/legacy/vite.config.js:45

    let index = fs.readFileSync(indexPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #18f99710d41ad456 — Filesystem access.

repo/playground/legacy/vite.config.js:49

    fs.writeFileSync(indexPath, index)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9a70237ef51cc2f0 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:11

    const code = readFile('dist/my-lib-custom-filename.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3a4b04fa279b5830 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:12

    const noMinifyCode = readFile(
      'dist/nominify/my-lib-custom-filename.umd.cjs',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #39dd47aacd76f6b6 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:15

    const namedCode = readFile('dist/named/my-lib-named.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b55208719b729785 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:26

    const code = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #25c3a528e449cb58 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:27

    const noMinifyCode = readFile(
      'dist/nominify/my-lib-custom-filename.iife.js',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #adf5c6e4505805d7 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:30

    const namedCode = readFile('dist/named/my-lib-named.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6ceaceb795fbfc0c — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:40

    const code = readFile(
      'dist/helpers-injection/my-lib-custom-filename.iife.js',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cc5baf1fe03e250f — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:52

    const code = readFile('dist/lib/dynamic-import-message.es.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e73f7e1818412c93 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:60

    const code = readFile('dist/lib/dynamic-import-message.es.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8da41e370c331152 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:70

    const es = readFile('dist/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8d49d572a4d0eb48 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:75

    const es = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #aff0c2c6fdc111ce — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:87

    const es = readFile('dist/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #951e33a9db54e098 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:88

    const iife = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7c1f6c6545d48d6a — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:89

    const umd = readFile('dist/my-lib-custom-filename.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d395f7520b8bc68e — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:96

    const terserEs = readFile('dist/terser/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #56197625c9b2bbc5 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:101

    const terserEs = readFile('dist/terser/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5eeb172b11f3ebf6 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:106

    const terserIife = readFile('dist/terser/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #61e4d449ed08a435 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:111

    const css = readFile('dist/css-single-entry/test-my-lib.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e557a807fe03be39 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:112

    const js = readFile('dist/css-single-entry/test-my-lib.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b31446724556d6e2 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:113

    const umd = readFile('dist/css-single-entry/test-my-lib.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #60edb617d1b22b8a — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:120

    const css = readFile('dist/css-multi-entry/test-my-lib.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #12cd3544e71d58aa — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:121

    const js1 = readFile('dist/css-multi-entry/css-entry-1.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3763ead666ad0558 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:122

    const js2 = readFile('dist/css-multi-entry/css-entry-2.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #315bac0eef9dfe1b — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:123

    const cjs1 = readFile('dist/css-multi-entry/css-entry-1.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4efaef3b9b1dc417 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:124

    const cjs2 = readFile('dist/css-multi-entry/css-entry-2.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e41af59dcb8d3ba2 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:134

    const css1 = readFile('dist/css-code-split/css-entry-1.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6f012ebfdffbe937 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:135

    const css2 = readFile('dist/css-code-split/css-entry-2.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bbb7bfe58ef83da4 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:136

    const js1 = readFile('dist/css-code-split/css-entry-1.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f562b00408bd901a — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:137

    const js2 = readFile('dist/css-code-split/css-entry-2.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #69914df318d802a3 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:138

    const cjs1 = readFile('dist/css-code-split/css-entry-1.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c1fa9d6d9b5bd9a2 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:139

    const cjs2 = readFile('dist/css-code-split/css-entry-2.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d9e69feaa8d5929b — Environment-variable access.

repo/playground/lib/__tests__/serve.ts:26

    process.env.VITE_INLINE = 'inline-serve'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f17c5e9363ff87e8 — Environment-variable access.

repo/playground/lib/src/main.js:8

  console.log(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cc6bd84e8ad939ef — Filesystem access.

repo/playground/lib/vite.config.js:38

          source: fs.readFileSync(
            path.resolve(import.meta.dirname, 'index.dist.html'),
            'utf-8',
          ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bda46deae6f58730 — Environment-variable access.

repo/playground/lib/vite.multiple-output.config.js:4

const root = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1e7d8cd2fbf1c7b6 — Filesystem access.

repo/playground/minify/__tests__/minify.spec.ts:11

  const jsContent = readFile(path.resolve(assetsDir, jsFile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fc554f5aa46d10b5 — Filesystem access.

repo/playground/minify/__tests__/minify.spec.ts:14

  const cssContent = readFile(path.resolve(assetsDir, cssFile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6215c2d277f23faa — Environment-variable access.

repo/playground/optimize-deps-no-discovery/vite.config.js:4

process.env.NODE_ENV = ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2e6840fd7b43d131 — Environment-variable access.

repo/playground/optimize-deps/dep-cjs-with-external-deps/index.js:5

if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bbe47ad87cd774dd — Filesystem access.

repo/playground/optimize-deps/dep-linked-include/index.mjs:16

  fs.readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9b14557b61c11b4f — Environment-variable access.

repo/playground/optimize-deps/dep-node-env/index.js:1

export const env = process.env.NODE_ENV === 'production' ? 'prod' : 'dev'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c22e6ecaa7854f98 — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:3

const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c22e6ecaa7854f98 — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:3

const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9a1cbe11af229b97 — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:20

  return fs.readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #62bae41df65e1237 — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:3

import { readFileSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c1b65ac71f79f652 — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:9

  readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4eadccea69916ea7 — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:23

  return readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a78940470b88390d — Filesystem access.

repo/playground/optimize-deps/vite.config.js:116

                    let contents = fs.readFileSync(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2902e6a1232dd601 — Environment-variable access.

repo/playground/optimize-missing-deps/server.js:6

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #96e58df945a10a87 — Filesystem access.

repo/playground/optimize-missing-deps/server.js:33

      let template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #88bf93b14dc9b7c1 — Environment-variable access.

repo/playground/ssr-alias/src/main.js:8

  builtin: process.env['__TEST_ALIAS__'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9186cd9b76cb216a — Environment-variable access.

repo/playground/ssr-conditions/server.js:6

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #83b7614f37546517 — Environment-variable access.

repo/playground/ssr-conditions/server.js:10

  isProd = process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ac673573a37dc407 — Filesystem access.

repo/playground/ssr-conditions/server.js:16

    ? fs.readFileSync(resolve('dist/client/index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b619bb70173d093f — Filesystem access.

repo/playground/ssr-conditions/server.js:56

        template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9ae1668189bcff7d — Environment-variable access.

repo/playground/ssr-deps/__tests__/ssr-deps.spec.ts:103

    `Hello World from ${process.env.NODE_ENV}!`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aac245681a4f9905 — Filesystem access.

repo/playground/ssr-deps/read-file-content/index.js:5

  return await fs.readFile(path.resolve(filePath), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #43d39118e7019aa2 — Environment-variable access.

repo/playground/ssr-deps/server.js:6

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9a9776b8f6bcfcd2 — Filesystem access.

repo/playground/ssr-deps/server.js:100

      template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0205faf7f9041da0 — Environment-variable access.

repo/playground/ssr-html/server.js:5

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fc5e55ec4a137849 — Filesystem access.

repo/playground/ssr-html/server.js:79

        const template = fs.readFileSync(resolve(`.${url}index.html`), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7f55b51dec632035 — Filesystem access.

repo/playground/ssr-html/server.js:94

      let template = fs.readFileSync(htmlLoc, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f84702a2c0e0f684 — Environment-variable access.

repo/playground/ssr-html/test-stacktrace.js:10

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ee129b1fadd8be0 — Environment-variable access.

repo/playground/ssr-noexternal/server.js:5

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e38b1848575c69d0 — Environment-variable access.

repo/playground/ssr-noexternal/server.js:9

  isProd = process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #82cbd7f7d1083d0d — Filesystem access.

repo/playground/ssr-noexternal/server.js:15

    ? fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #87e64f113fe53377 — Filesystem access.

repo/playground/ssr-noexternal/server.js:54

        template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3be46c26d20f9885 — Environment-variable access.

repo/playground/ssr-pug/server.js:6

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0f9855e91b5c6104 — Filesystem access.

repo/playground/ssr-resolve/__tests__/ssr-resolve.spec.ts:9

  const contents = readFile('dist/main.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #00c56ce454af0939 — Filesystem access.

repo/playground/ssr-resolve/__tests__/ssr-resolve.spec.ts:38

    const contents = readFile('dist/main.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e741d94594782c44 — Environment-variable access.

repo/playground/ssr-wasm/server.js:3

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #926f785ac1daee77 — Environment-variable access.

repo/playground/ssr-wasm/server.js:4

const isProduction = process.env.NODE_ENV === 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8befb97de3a6d9a6 — Environment-variable access.

repo/playground/ssr-webworker/worker.js:4

const isTest = !!process.env.TEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #02b0c6f986485ac5 — Environment-variable access.

repo/playground/ssr/server.js:5

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #64e5f9f6ccda3225 — Filesystem access.

repo/playground/ssr/server.js:47

      template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #be49e73931570825 — Filesystem access.

repo/playground/test-utils.ts:164

  return fs.readFileSync(path.resolve(testDir, filename), encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c8cb7e1931ec3781 — Filesystem access.

repo/playground/test-utils.ts:190

  const content: string | Buffer = fs.readFileSync(filename, encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #21687bc16dd38aa3 — Filesystem access.

repo/playground/test-utils.ts:194

  fs.writeFileSync(filename, modified)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #76df0435a712fc1b — Filesystem access.

repo/playground/test-utils.ts:200

  fs.writeFileSync(resolvedFilename, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a3ed554b55abe14e — Filesystem access.

repo/playground/test-utils.ts:233

            fs.readFileSync(path.resolve(assetsDir, file), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #719346167849aeda — Filesystem access.

repo/playground/test-utils.ts:240

      ? fs.readFileSync(path.resolve(assetsDir, matchedFile), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5251ef554efffa8b — Filesystem access.

repo/playground/test-utils.ts:247

    fs.readFileSync(
      path.join(testDir, 'dist', base, '.vite/manifest.json'),
      'utf-8',
    ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ad3f248201e30d81 — Filesystem access.

repo/playground/test-utils.ts:259

    fs.readFileSync(
      path.join(testDir, `node_modules/.vite/deps${suffix}/_metadata.json`),
      'utf-8',
    ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #86a0fde3e0f356f7 — Filesystem access.

repo/playground/tsconfig-json-load-error/__tests__/tsconfig-json-load-error.spec.ts:18

      readFile('dist/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1b9a9371304e5d97 — Filesystem access.

repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:37

    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c22dc12204038418 — Filesystem access.

repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:51

    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d313bec72ec7d97c — Filesystem access.

repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:66

    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2d0b3a11cdbfc2ae — Filesystem access.

repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:81

    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3c9d8e22afb28f08 — Environment-variable access.

repo/playground/vitestGlobalSetup.ts:13

    headless: !process.env.VITE_DEBUG_SERVE,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #47fc7d3c4640e6ca — Environment-variable access.

repo/playground/vitestGlobalSetup.ts:14

    args: process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3eb926ee8c9fd898 — Environment-variable access.

repo/playground/vitestGlobalSetup.ts:68

  if (!process.env.VITE_PRESERVE_BUILD_ARTIFACTS) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #19f083cb1c6ce0c7 — Environment-variable access.

repo/playground/vitestSetup.ts:66

export const isBuild = !!process.env.VITE_TEST_BUILD

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6d3119cc9ab25e99 — Environment-variable access.

repo/playground/vitestSetup.ts:157

        process.env.VITE_DEBUG_SERVE &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4dfb7b929f646756 — Environment-variable access.

repo/playground/vitestSetup.ts:279

    process.env.VITE_INLINE = 'inline-serve'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f10ace3aafb30089 — Environment-variable access.

repo/playground/vitestSetup.ts:288

    process.env.VITE_INLINE = 'inline-build'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8fe6e2fe360e6210 — Environment-variable access.

repo/playground/vitestSetup.ts:324

    const _nodeEnv = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5b8008955b85103e — Environment-variable access.

repo/playground/vitestSetup.ts:327

    process.env.NODE_ENV = _nodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d337caba8524b132 — Environment-variable access.

repo/playground/worker/__tests__/es/worker-es.spec.ts:10

    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #65348a4064fbd761 — Filesystem access.

repo/playground/worker/__tests__/es/worker-es.spec.ts:103

      const fileContent = fs.readFileSync(
        path.resolve(assetsDir, file),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2d7b002d9772f343 — Filesystem access.

repo/playground/worker/__tests__/es/worker-es.spec.ts:111

    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8942503b05819988 — Filesystem access.

repo/playground/worker/__tests__/es/worker-es.spec.ts:113

    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b16865cfdf066da6 — Environment-variable access.

repo/playground/worker/__tests__/iife/worker-iife.spec.ts:19

    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a0343ddd564e3b99 — Filesystem access.

repo/playground/worker/__tests__/iife/worker-iife.spec.ts:90

      const fileContent = fs.readFileSync(
        path.resolve(assetsDir, file),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #358b55ee97e9ca6b — Filesystem access.

repo/playground/worker/__tests__/iife/worker-iife.spec.ts:98

    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #459afb465fd0f4ad — Filesystem access.

repo/playground/worker/__tests__/iife/worker-iife.spec.ts:100

    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3b0c3cacc47a3896 — Environment-variable access.

repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:10

    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0774a108f1e91d23 — Filesystem access.

repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:66

    const content = fs.readFileSync(path.resolve(chunksDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #442369f1cdc4440f — Filesystem access.

repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:73

    const workerContent = fs.readFileSync(
      path.resolve(workerEntriesDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #990c2772e777c20e — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:20

    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7096727ae7151204 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:23

    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #264a3f089410bf44 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:31

    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d461a48b558606ef — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:39

    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7ca7af220046dfa1 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:49

    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4b899603bba26aae — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:57

    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c96e75de4e613850 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:14

    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b1bba820dfd29f62 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:17

    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e2367cb8f4b912d4 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:25

    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2fec1847787bdd73 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:33

    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #18cf50e166b943c3 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:43

    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #92b3ccb2f8b8692b — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:51

    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f2a5287857feae57 — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:20

    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b3f7d900a4be9603 — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:23

    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e94e341e91077cb8 — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:31

    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d36658b58cbd363b — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:39

    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a3f4f7589ccfda52 — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:49

    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c9081bef06628318 — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:57

    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8c52d4899f22ece4 — Environment-variable access.

repo/playground/worker/modules/workerImport.ts:2

export const mode = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1299b8835d06231b — Environment-variable access.

repo/playground/worker/worker-sourcemap-config.js:7

    /** @type {'inline' | 'hidden' | 'sourcemap'} */ (
      process.env.WORKER_MODE
    ) || sourcemap

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52d8e6a52f4ace01 — Filesystem access.

repo/scripts/mergeChangelog.ts:188

const content = await readFile(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1e318d1c0cee26df — Filesystem access.

repo/scripts/mergeChangelog.ts:212

await writeFile(filePath, result, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6b96b2494fb42255 — Filesystem access.

repo/scripts/releaseUtils.ts:19

    await fs.readFile(`packages/${pkgName}/package.json`, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ad689843297705fc — Filesystem access.

repo/scripts/releaseUtils.ts:55

    await fs.readFile('packages/vite/package.json', 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9b38ca73c4626003 — Filesystem access.

repo/scripts/releaseUtils.ts:66

    const pkg = JSON.parse(await fs.readFile(pkgPath, 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b8e8094bdfc6f595 — Filesystem access.

repo/scripts/releaseUtils.ts:68

    await fs.writeFile(pkgPath, JSON.stringify(pkg, null, 2) + '\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #abe28b457d20b5a2 — Environment-variable access.

repo/vitest.config.e2e.ts:4

const isBuild = !!process.env.VITE_TEST_BUILD

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4c5a4d92146dba86 — Environment-variable access.

repo/vitest.config.e2e.ts:6

const timeout = process.env.PWDEBUG ? Infinity : process.env.CI ? 50000 : 30000

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4c5a4d92146dba86 — Environment-variable access.

repo/vitest.config.e2e.ts:6

const timeout = process.env.PWDEBUG ? Infinity : process.env.CI ? 50000 : 30000

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d9cd3cc6e631f637 — Environment-variable access.

repo/vitest.config.e2e.ts:36

        timeout: 50 * (process.env.CI ? 200 : 50),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b26aa5e9d36e690e — Environment-variable access.

repo/vitest.config.e2e.ts:40

      NODE_ENV: process.env.VITE_TEST_BUILD ? 'production' : 'development',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground

npm first-party

medium pii_flow production #7998ed0dd8bf8d90 — PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.

repo/playground/lib/src/main.js:8 · flow /tmp/closeopen-nd_xe8fh/repo/playground/lib/src/main.js:8 → /tmp/closeopen-nd_xe8fh/repo/playground/lib/src/main.js:8

  console.log(process.env.NODE_ENV)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 165 low-confidence finding(s)

low env_fs test-only #926349a03d996f38 — Filesystem access.

repo/playground/assets/__tests__/assets.spec.ts:536

  const src = readFile('foo.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d8cff3af78811d56 — Filesystem access.

repo/playground/assets/__tests__/assets.spec.ts:555

    const src = readFile('テスト-測試-white space.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #22a8d577d226c47e — Filesystem access.

repo/playground/assets/__tests__/assets.spec.ts:579

    const newContent = readFile('import-meta-url/img-update.png', null)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e68082b8e31dd91e — Filesystem access.

repo/playground/assets/__tests__/assets.spec.ts:787

  const indexHtml = readFile('./dist/foo/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a20274fda53bda69 — Filesystem access.

repo/playground/assets/__tests__/assets.spec.ts:794

  const indexHtml = readFile('./dist/foo/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7ef7dfd642571bdf — Filesystem access.

repo/playground/csp/vite.config.js:28

  const content = await fs.readFile(
    path.join(import.meta.dirname, file),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6b10a628e2eed1b1 — Environment-variable access.

repo/playground/css-lightningcss-proxy/server.js:6

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ec6f7b831636241b — Filesystem access.

repo/playground/css-lightningcss-proxy/server.js:59

      let template = fs.readFileSync(htmlLoc, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cc1c42bbf451ce34 — Filesystem access.

repo/playground/css/__tests__/tests.ts:411

    readFileSync(require.resolve('../raw-imported.css'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e9a33f310b0d54d — Filesystem access.

repo/playground/css/postcss.config.js:23

        const text = files.map((f) => fs.readFileSync(f, 'utf-8')).join('\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #67f94ca64423f19c — Environment-variable access.

repo/playground/env/__tests__/env.spec.ts:52

  expect(await page.textContent('.node-env')).toBe(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c7585456716b0f46 — Environment-variable access.

repo/playground/env/__tests__/env.spec.ts:53

  expect(await page.textContent('.global-node-env')).toBe(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9020688451d96f3f — Environment-variable access.

repo/playground/env/__tests__/env.spec.ts:55

    process.env.NODE_ENV,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4a043d0be07133fb — Environment-variable access.

repo/playground/env/vite.config.js:3

process.env.EXPAND = 'expand'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a1c25874b72ae059 — Filesystem access.

repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:49

      fs.readFileSync(file, 'utf-8').includes('process.env.NODE_ENV'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9aec97131888c38b — Filesystem access.

repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:67

      const originalContent = readFile(filePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0fe450dee37912de — Filesystem access.

repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:68

      fs.writeFileSync(
        filePath,
        `import 'react-fake-${env}'\n${originalContent}`,
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1f717dcc754dd028 — Filesystem access.

repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:74

        fs.writeFileSync(filePath, originalContent, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #36dbeb8379020b25 — Filesystem access.

repo/playground/external/vite.config.js:13

      const code = await fs.readFile(
        new URL(`./node_modules/${file}`, import.meta.url),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a393f7ed4dc560ba — Filesystem access.

repo/playground/fs-serve/__tests__/commonTests.ts:26

const safeJsonContent = fs.readFileSync(
  path.resolve(import.meta.dirname, '../safe.json'),
  'utf-8',
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #442528ee314f2789 — Filesystem access.

repo/playground/hmr-full-bundle-mode/__tests__/hmr-full-bundle-mode.spec.ts:144

    const original = readFile('hmr-asset.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #599d963360517c65 — Filesystem access.

repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:300

      const originalUnresolvedFile = readFile('unresolved.ts')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ec7d7efd754576d5 — Filesystem access.

repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:303

        fs.writeFileSync(filepath, originalUnresolvedFile, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2c62487a74349463 — Filesystem access.

repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:772

  const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b9ace840a385bd31 — Filesystem access.

repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:842

  const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1a0cb63cc0faaa21 — Filesystem access.

repo/playground/hmr/__tests__/hmr.spec.ts:907

    const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #438b95efa0b9c9b5 — Filesystem access.

repo/playground/hmr/__tests__/hmr.spec.ts:984

    const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #206dd7fd3376bc8f — Filesystem access.

repo/playground/hmr/vite.config.ts:114

        const dep = await fs.readFile(depPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e11a796fecceec2c — Filesystem access.

repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:308

      const mapContent = readFile(`dist/assets/${mapAsset}`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7bf7d4eed59e8788 — Filesystem access.

repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:384

      const jsContent = readFile(jsAsset)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1f27001b12f81c94 — Filesystem access.

repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:395

      const mapContent = readFile(mapFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #08df6ceead8fbbfe — Filesystem access.

repo/playground/json/__tests__/csr/json-csr.spec.ts:48

    readFileSync(require.resolve('../../test.json'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dfb70b9515fdd39c — Filesystem access.

repo/playground/legacy/__tests__/legacy.spec.ts:171

          readFile(`dist/assets/${filename}`).includes('Unable to preload'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b914d40fff990c71 — Filesystem access.

repo/playground/legacy/vite.config-chunk-importmap.js:21

    let index = fs.readFileSync(indexPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9e3150dbc02d507b — Filesystem access.

repo/playground/legacy/vite.config-chunk-importmap.js:25

    fs.writeFileSync(indexPath, index)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e3b1d02af06997ca — Filesystem access.

repo/playground/legacy/vite.config.js:45

    let index = fs.readFileSync(indexPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #18f99710d41ad456 — Filesystem access.

repo/playground/legacy/vite.config.js:49

    fs.writeFileSync(indexPath, index)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9a70237ef51cc2f0 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:11

    const code = readFile('dist/my-lib-custom-filename.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3a4b04fa279b5830 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:12

    const noMinifyCode = readFile(
      'dist/nominify/my-lib-custom-filename.umd.cjs',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #39dd47aacd76f6b6 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:15

    const namedCode = readFile('dist/named/my-lib-named.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b55208719b729785 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:26

    const code = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #25c3a528e449cb58 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:27

    const noMinifyCode = readFile(
      'dist/nominify/my-lib-custom-filename.iife.js',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #adf5c6e4505805d7 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:30

    const namedCode = readFile('dist/named/my-lib-named.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6ceaceb795fbfc0c — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:40

    const code = readFile(
      'dist/helpers-injection/my-lib-custom-filename.iife.js',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cc5baf1fe03e250f — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:52

    const code = readFile('dist/lib/dynamic-import-message.es.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e73f7e1818412c93 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:60

    const code = readFile('dist/lib/dynamic-import-message.es.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8da41e370c331152 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:70

    const es = readFile('dist/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8d49d572a4d0eb48 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:75

    const es = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #aff0c2c6fdc111ce — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:87

    const es = readFile('dist/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #951e33a9db54e098 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:88

    const iife = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7c1f6c6545d48d6a — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:89

    const umd = readFile('dist/my-lib-custom-filename.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d395f7520b8bc68e — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:96

    const terserEs = readFile('dist/terser/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #56197625c9b2bbc5 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:101

    const terserEs = readFile('dist/terser/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5eeb172b11f3ebf6 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:106

    const terserIife = readFile('dist/terser/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #61e4d449ed08a435 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:111

    const css = readFile('dist/css-single-entry/test-my-lib.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e557a807fe03be39 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:112

    const js = readFile('dist/css-single-entry/test-my-lib.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b31446724556d6e2 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:113

    const umd = readFile('dist/css-single-entry/test-my-lib.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #60edb617d1b22b8a — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:120

    const css = readFile('dist/css-multi-entry/test-my-lib.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #12cd3544e71d58aa — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:121

    const js1 = readFile('dist/css-multi-entry/css-entry-1.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3763ead666ad0558 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:122

    const js2 = readFile('dist/css-multi-entry/css-entry-2.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #315bac0eef9dfe1b — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:123

    const cjs1 = readFile('dist/css-multi-entry/css-entry-1.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4efaef3b9b1dc417 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:124

    const cjs2 = readFile('dist/css-multi-entry/css-entry-2.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e41af59dcb8d3ba2 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:134

    const css1 = readFile('dist/css-code-split/css-entry-1.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6f012ebfdffbe937 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:135

    const css2 = readFile('dist/css-code-split/css-entry-2.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bbb7bfe58ef83da4 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:136

    const js1 = readFile('dist/css-code-split/css-entry-1.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f562b00408bd901a — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:137

    const js2 = readFile('dist/css-code-split/css-entry-2.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #69914df318d802a3 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:138

    const cjs1 = readFile('dist/css-code-split/css-entry-1.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c1fa9d6d9b5bd9a2 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:139

    const cjs2 = readFile('dist/css-code-split/css-entry-2.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d9e69feaa8d5929b — Environment-variable access.

repo/playground/lib/__tests__/serve.ts:26

    process.env.VITE_INLINE = 'inline-serve'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f17c5e9363ff87e8 — Environment-variable access.

repo/playground/lib/src/main.js:8

  console.log(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cc6bd84e8ad939ef — Filesystem access.

repo/playground/lib/vite.config.js:38

          source: fs.readFileSync(
            path.resolve(import.meta.dirname, 'index.dist.html'),
            'utf-8',
          ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bda46deae6f58730 — Environment-variable access.

repo/playground/lib/vite.multiple-output.config.js:4

const root = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1e7d8cd2fbf1c7b6 — Filesystem access.

repo/playground/minify/__tests__/minify.spec.ts:11

  const jsContent = readFile(path.resolve(assetsDir, jsFile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fc554f5aa46d10b5 — Filesystem access.

repo/playground/minify/__tests__/minify.spec.ts:14

  const cssContent = readFile(path.resolve(assetsDir, cssFile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6215c2d277f23faa — Environment-variable access.

repo/playground/optimize-deps-no-discovery/vite.config.js:4

process.env.NODE_ENV = ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2e6840fd7b43d131 — Environment-variable access.

repo/playground/optimize-deps/dep-cjs-with-external-deps/index.js:5

if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bbe47ad87cd774dd — Filesystem access.

repo/playground/optimize-deps/dep-linked-include/index.mjs:16

  fs.readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9b14557b61c11b4f — Environment-variable access.

repo/playground/optimize-deps/dep-node-env/index.js:1

export const env = process.env.NODE_ENV === 'production' ? 'prod' : 'dev'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c22e6ecaa7854f98 — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:3

const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c22e6ecaa7854f98 — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:3

const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9a1cbe11af229b97 — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:20

  return fs.readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #62bae41df65e1237 — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:3

import { readFileSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c1b65ac71f79f652 — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:9

  readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4eadccea69916ea7 — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:23

  return readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a78940470b88390d — Filesystem access.

repo/playground/optimize-deps/vite.config.js:116

                    let contents = fs.readFileSync(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2902e6a1232dd601 — Environment-variable access.

repo/playground/optimize-missing-deps/server.js:6

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #96e58df945a10a87 — Filesystem access.

repo/playground/optimize-missing-deps/server.js:33

      let template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #88bf93b14dc9b7c1 — Environment-variable access.

repo/playground/ssr-alias/src/main.js:8

  builtin: process.env['__TEST_ALIAS__'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9186cd9b76cb216a — Environment-variable access.

repo/playground/ssr-conditions/server.js:6

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #83b7614f37546517 — Environment-variable access.

repo/playground/ssr-conditions/server.js:10

  isProd = process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ac673573a37dc407 — Filesystem access.

repo/playground/ssr-conditions/server.js:16

    ? fs.readFileSync(resolve('dist/client/index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b619bb70173d093f — Filesystem access.

repo/playground/ssr-conditions/server.js:56

        template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9ae1668189bcff7d — Environment-variable access.

repo/playground/ssr-deps/__tests__/ssr-deps.spec.ts:103

    `Hello World from ${process.env.NODE_ENV}!`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aac245681a4f9905 — Filesystem access.

repo/playground/ssr-deps/read-file-content/index.js:5

  return await fs.readFile(path.resolve(filePath), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #43d39118e7019aa2 — Environment-variable access.

repo/playground/ssr-deps/server.js:6

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9a9776b8f6bcfcd2 — Filesystem access.

repo/playground/ssr-deps/server.js:100

      template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0205faf7f9041da0 — Environment-variable access.

repo/playground/ssr-html/server.js:5

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fc5e55ec4a137849 — Filesystem access.

repo/playground/ssr-html/server.js:79

        const template = fs.readFileSync(resolve(`.${url}index.html`), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7f55b51dec632035 — Filesystem access.

repo/playground/ssr-html/server.js:94

      let template = fs.readFileSync(htmlLoc, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f84702a2c0e0f684 — Environment-variable access.

repo/playground/ssr-html/test-stacktrace.js:10

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ee129b1fadd8be0 — Environment-variable access.

repo/playground/ssr-noexternal/server.js:5

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e38b1848575c69d0 — Environment-variable access.

repo/playground/ssr-noexternal/server.js:9

  isProd = process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #82cbd7f7d1083d0d — Filesystem access.

repo/playground/ssr-noexternal/server.js:15

    ? fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #87e64f113fe53377 — Filesystem access.

repo/playground/ssr-noexternal/server.js:54

        template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3be46c26d20f9885 — Environment-variable access.

repo/playground/ssr-pug/server.js:6

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0f9855e91b5c6104 — Filesystem access.

repo/playground/ssr-resolve/__tests__/ssr-resolve.spec.ts:9

  const contents = readFile('dist/main.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #00c56ce454af0939 — Filesystem access.

repo/playground/ssr-resolve/__tests__/ssr-resolve.spec.ts:38

    const contents = readFile('dist/main.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e741d94594782c44 — Environment-variable access.

repo/playground/ssr-wasm/server.js:3

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #926f785ac1daee77 — Environment-variable access.

repo/playground/ssr-wasm/server.js:4

const isProduction = process.env.NODE_ENV === 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8befb97de3a6d9a6 — Environment-variable access.

repo/playground/ssr-webworker/worker.js:4

const isTest = !!process.env.TEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #02b0c6f986485ac5 — Environment-variable access.

repo/playground/ssr/server.js:5

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #64e5f9f6ccda3225 — Filesystem access.

repo/playground/ssr/server.js:47

      template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #be49e73931570825 — Filesystem access.

repo/playground/test-utils.ts:164

  return fs.readFileSync(path.resolve(testDir, filename), encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c8cb7e1931ec3781 — Filesystem access.

repo/playground/test-utils.ts:190

  const content: string | Buffer = fs.readFileSync(filename, encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #21687bc16dd38aa3 — Filesystem access.

repo/playground/test-utils.ts:194

  fs.writeFileSync(filename, modified)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #76df0435a712fc1b — Filesystem access.

repo/playground/test-utils.ts:200

  fs.writeFileSync(resolvedFilename, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a3ed554b55abe14e — Filesystem access.

repo/playground/test-utils.ts:233

            fs.readFileSync(path.resolve(assetsDir, file), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #719346167849aeda — Filesystem access.

repo/playground/test-utils.ts:240

      ? fs.readFileSync(path.resolve(assetsDir, matchedFile), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5251ef554efffa8b — Filesystem access.

repo/playground/test-utils.ts:247

    fs.readFileSync(
      path.join(testDir, 'dist', base, '.vite/manifest.json'),
      'utf-8',
    ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ad3f248201e30d81 — Filesystem access.

repo/playground/test-utils.ts:259

    fs.readFileSync(
      path.join(testDir, `node_modules/.vite/deps${suffix}/_metadata.json`),
      'utf-8',
    ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #86a0fde3e0f356f7 — Filesystem access.

repo/playground/tsconfig-json-load-error/__tests__/tsconfig-json-load-error.spec.ts:18

      readFile('dist/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1b9a9371304e5d97 — Filesystem access.

repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:37

    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c22dc12204038418 — Filesystem access.

repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:51

    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d313bec72ec7d97c — Filesystem access.

repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:66

    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2d0b3a11cdbfc2ae — Filesystem access.

repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:81

    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3c9d8e22afb28f08 — Environment-variable access.

repo/playground/vitestGlobalSetup.ts:13

    headless: !process.env.VITE_DEBUG_SERVE,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #47fc7d3c4640e6ca — Environment-variable access.

repo/playground/vitestGlobalSetup.ts:14

    args: process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3eb926ee8c9fd898 — Environment-variable access.

repo/playground/vitestGlobalSetup.ts:68

  if (!process.env.VITE_PRESERVE_BUILD_ARTIFACTS) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #19f083cb1c6ce0c7 — Environment-variable access.

repo/playground/vitestSetup.ts:66

export const isBuild = !!process.env.VITE_TEST_BUILD

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6d3119cc9ab25e99 — Environment-variable access.

repo/playground/vitestSetup.ts:157

        process.env.VITE_DEBUG_SERVE &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4dfb7b929f646756 — Environment-variable access.

repo/playground/vitestSetup.ts:279

    process.env.VITE_INLINE = 'inline-serve'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f10ace3aafb30089 — Environment-variable access.

repo/playground/vitestSetup.ts:288

    process.env.VITE_INLINE = 'inline-build'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8fe6e2fe360e6210 — Environment-variable access.

repo/playground/vitestSetup.ts:324

    const _nodeEnv = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5b8008955b85103e — Environment-variable access.

repo/playground/vitestSetup.ts:327

    process.env.NODE_ENV = _nodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d337caba8524b132 — Environment-variable access.

repo/playground/worker/__tests__/es/worker-es.spec.ts:10

    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #65348a4064fbd761 — Filesystem access.

repo/playground/worker/__tests__/es/worker-es.spec.ts:103

      const fileContent = fs.readFileSync(
        path.resolve(assetsDir, file),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2d7b002d9772f343 — Filesystem access.

repo/playground/worker/__tests__/es/worker-es.spec.ts:111

    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8942503b05819988 — Filesystem access.

repo/playground/worker/__tests__/es/worker-es.spec.ts:113

    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b16865cfdf066da6 — Environment-variable access.

repo/playground/worker/__tests__/iife/worker-iife.spec.ts:19

    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a0343ddd564e3b99 — Filesystem access.

repo/playground/worker/__tests__/iife/worker-iife.spec.ts:90

      const fileContent = fs.readFileSync(
        path.resolve(assetsDir, file),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #358b55ee97e9ca6b — Filesystem access.

repo/playground/worker/__tests__/iife/worker-iife.spec.ts:98

    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #459afb465fd0f4ad — Filesystem access.

repo/playground/worker/__tests__/iife/worker-iife.spec.ts:100

    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3b0c3cacc47a3896 — Environment-variable access.

repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:10

    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0774a108f1e91d23 — Filesystem access.

repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:66

    const content = fs.readFileSync(path.resolve(chunksDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #442369f1cdc4440f — Filesystem access.

repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:73

    const workerContent = fs.readFileSync(
      path.resolve(workerEntriesDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #990c2772e777c20e — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:20

    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7096727ae7151204 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:23

    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #264a3f089410bf44 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:31

    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d461a48b558606ef — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:39

    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7ca7af220046dfa1 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:49

    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4b899603bba26aae — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:57

    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c96e75de4e613850 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:14

    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b1bba820dfd29f62 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:17

    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e2367cb8f4b912d4 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:25

    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2fec1847787bdd73 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:33

    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #18cf50e166b943c3 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:43

    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #92b3ccb2f8b8692b — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:51

    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f2a5287857feae57 — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:20

    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b3f7d900a4be9603 — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:23

    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e94e341e91077cb8 — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:31

    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d36658b58cbd363b — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:39

    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a3f4f7589ccfda52 — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:49

    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c9081bef06628318 — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:57

    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8c52d4899f22ece4 — Environment-variable access.

repo/playground/worker/modules/workerImport.ts:2

export const mode = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1299b8835d06231b — Environment-variable access.

repo/playground/worker/worker-sourcemap-config.js:7

    /** @type {'inline' | 'hidden' | 'sourcemap'} */ (
      process.env.WORKER_MODE
    ) || sourcemap

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/lib

npm first-party

medium pii_flow production #7998ed0dd8bf8d90 — PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.

repo/playground/lib/src/main.js:8 · flow /tmp/closeopen-nd_xe8fh/repo/playground/lib/src/main.js:8 → /tmp/closeopen-nd_xe8fh/repo/playground/lib/src/main.js:8

  console.log(process.env.NODE_ENV)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 35 low-confidence finding(s)

low env_fs test-only #9a70237ef51cc2f0 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:11

    const code = readFile('dist/my-lib-custom-filename.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3a4b04fa279b5830 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:12

    const noMinifyCode = readFile(
      'dist/nominify/my-lib-custom-filename.umd.cjs',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #39dd47aacd76f6b6 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:15

    const namedCode = readFile('dist/named/my-lib-named.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b55208719b729785 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:26

    const code = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #25c3a528e449cb58 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:27

    const noMinifyCode = readFile(
      'dist/nominify/my-lib-custom-filename.iife.js',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #adf5c6e4505805d7 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:30

    const namedCode = readFile('dist/named/my-lib-named.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6ceaceb795fbfc0c — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:40

    const code = readFile(
      'dist/helpers-injection/my-lib-custom-filename.iife.js',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cc5baf1fe03e250f — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:52

    const code = readFile('dist/lib/dynamic-import-message.es.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e73f7e1818412c93 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:60

    const code = readFile('dist/lib/dynamic-import-message.es.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8da41e370c331152 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:70

    const es = readFile('dist/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8d49d572a4d0eb48 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:75

    const es = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #aff0c2c6fdc111ce — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:87

    const es = readFile('dist/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #951e33a9db54e098 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:88

    const iife = readFile('dist/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7c1f6c6545d48d6a — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:89

    const umd = readFile('dist/my-lib-custom-filename.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d395f7520b8bc68e — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:96

    const terserEs = readFile('dist/terser/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #56197625c9b2bbc5 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:101

    const terserEs = readFile('dist/terser/my-lib-custom-filename.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5eeb172b11f3ebf6 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:106

    const terserIife = readFile('dist/terser/my-lib-custom-filename.iife.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #61e4d449ed08a435 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:111

    const css = readFile('dist/css-single-entry/test-my-lib.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e557a807fe03be39 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:112

    const js = readFile('dist/css-single-entry/test-my-lib.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b31446724556d6e2 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:113

    const umd = readFile('dist/css-single-entry/test-my-lib.umd.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #60edb617d1b22b8a — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:120

    const css = readFile('dist/css-multi-entry/test-my-lib.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #12cd3544e71d58aa — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:121

    const js1 = readFile('dist/css-multi-entry/css-entry-1.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3763ead666ad0558 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:122

    const js2 = readFile('dist/css-multi-entry/css-entry-2.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #315bac0eef9dfe1b — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:123

    const cjs1 = readFile('dist/css-multi-entry/css-entry-1.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4efaef3b9b1dc417 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:124

    const cjs2 = readFile('dist/css-multi-entry/css-entry-2.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e41af59dcb8d3ba2 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:134

    const css1 = readFile('dist/css-code-split/css-entry-1.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6f012ebfdffbe937 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:135

    const css2 = readFile('dist/css-code-split/css-entry-2.css')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bbb7bfe58ef83da4 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:136

    const js1 = readFile('dist/css-code-split/css-entry-1.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f562b00408bd901a — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:137

    const js2 = readFile('dist/css-code-split/css-entry-2.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #69914df318d802a3 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:138

    const cjs1 = readFile('dist/css-code-split/css-entry-1.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c1fa9d6d9b5bd9a2 — Filesystem access.

repo/playground/lib/__tests__/lib.spec.ts:139

    const cjs2 = readFile('dist/css-code-split/css-entry-2.cjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d9e69feaa8d5929b — Environment-variable access.

repo/playground/lib/__tests__/serve.ts:26

    process.env.VITE_INLINE = 'inline-serve'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f17c5e9363ff87e8 — Environment-variable access.

repo/playground/lib/src/main.js:8

  console.log(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cc6bd84e8ad939ef — Filesystem access.

repo/playground/lib/vite.config.js:38

          source: fs.readFileSync(
            path.resolve(import.meta.dirname, 'index.dist.html'),
            'utf-8',
          ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bda46deae6f58730 — Environment-variable access.

repo/playground/lib/vite.multiple-output.config.js:4

const root = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/create-vite

npm first-party

expand_more 18 low-confidence finding(s)

low env_fs test-only #69eed43622f46550 — Filesystem access.

repo/packages/create-vite/__tests__/cli.spec.ts:32

  fs.writeFileSync(pkgJson, '{ "foo": "bar" }')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9287559462ed2a83 — Filesystem access.

repo/packages/create-vite/__tests__/cli.spec.ts:179

  const configFile = fs.readFileSync(
    path.join(genPath, 'vite.config.ts'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fee6513da65fe2b3 — Filesystem access.

repo/packages/create-vite/__tests__/cli.spec.ts:183

  const packageJsonFile = fs.readFileSync(
    path.join(genPath, 'package.json'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fdff00261ea33bc8 — Filesystem access.

repo/packages/create-vite/__tests__/cli.spec.ts:187

  const readmeFile = fs.readFileSync(path.join(genPath, 'README.md'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a95c5eb7e0118469 — Filesystem access.

repo/packages/create-vite/__tests__/cli.spec.ts:205

  const pkg = fs.readFileSync(path.join(genPath, 'package.json'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #46694bd10acda627 — Filesystem access.

repo/packages/create-vite/__tests__/cli.spec.ts:210

  const readme = fs.readFileSync(path.join(genPath, 'README.md'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cc26b497e4a98401 — Filesystem access.

repo/packages/create-vite/__tests__/cli.spec.ts:224

  const pkg = fs.readFileSync(path.join(genPath, 'package.json'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6bde8ee61e36bd47 — Filesystem access.

repo/packages/create-vite/__tests__/cli.spec.ts:288

  const indexHtmlContent = fs.readFileSync(indexHtmlPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #109d08894954aa10 — Environment-variable access.

repo/packages/create-vite/src/index.ts:415

  if (process.env._VITE_TEST_CLI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bec29ba2342397b2 — Environment-variable access.

repo/packages/create-vite/src/index.ts:429

  if (process.env._VITE_TEST_CLI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ea8932f2124167eb — Environment-variable access.

repo/packages/create-vite/src/index.ts:466

  const pkgInfo = pkgFromUserAgent(process.env.npm_config_user_agent)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ba958cd317df0ff7 — Filesystem access.

repo/packages/create-vite/src/index.ts:676

      fs.writeFileSync(targetPath, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #73065bc3f42dd48a — Filesystem access.

repo/packages/create-vite/src/index.ts:679

      const templateContent = fs.readFileSync(templatePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d1a1de9b89066139 — Filesystem access.

repo/packages/create-vite/src/index.ts:684

      fs.writeFileSync(targetPath, updatedContent)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #acb95faedb11322a — Filesystem access.

repo/packages/create-vite/src/index.ts:696

    fs.readFileSync(path.join(templateDir, `package.json`), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8055350f66665aca — Filesystem access.

repo/packages/create-vite/src/index.ts:914

  fs.writeFileSync(path.resolve(root, 'eslint.config.js'), eslintConfig)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #55841142ea03fddd — Filesystem access.

repo/packages/create-vite/src/index.ts:1043

  const content = fs.readFileSync(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8e820b516d581fa7 — Filesystem access.

repo/packages/create-vite/src/index.ts:1044

  fs.writeFileSync(file, callback(content), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/plugin-legacy

npm first-party

expand_more 2 low-confidence finding(s)

low env_fs test-only #77a16dcd746aaf1c — Filesystem access.

repo/packages/plugin-legacy/src/__tests__/readme.spec.ts:7

  const readme = fs.readFileSync(
    path.resolve(import.meta.dirname, '../../README.md'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ad66fa7e14627ed9 — Environment-variable access.

repo/packages/plugin-legacy/src/index.ts:163

  const debugFlags = (process.env.DEBUG || '').split(',')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/vite

npm first-party

expand_more 128 low-confidence finding(s)

low env_fs production #61335ff548448730 — Environment-variable access.

repo/packages/vite/bin/vite.js:6

  if (!process.env.DEBUG_DISABLE_SOURCE_MAP) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #42f83e0819123c99 — Environment-variable access.

repo/packages/vite/bin/vite.js:36

  process.env.DEBUG = `${

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2aee5649332979f1 — Environment-variable access.

repo/packages/vite/bin/vite.js:37

    process.env.DEBUG ? process.env.DEBUG + ',' : ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2aee5649332979f1 — Environment-variable access.

repo/packages/vite/bin/vite.js:37

    process.env.DEBUG ? process.env.DEBUG + ',' : ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a9aaa85bdc2a69a9 — Environment-variable access.

repo/packages/vite/bin/vite.js:43

      process.env.VITE_DEBUG_FILTER = filter

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7ee4924c58a0e211 — Filesystem access.

repo/packages/vite/rolldown.config.ts:12

  readFileSync(new URL('./package.json', import.meta.url)).toString(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f7f914ed2647a8f3 — Environment-variable access.

repo/packages/vite/rolldown.config.ts:14

const disableSourceMap = !!process.env.DEBUG_DISABLE_SOURCE_MAP

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #92f95eeda871aa84 — Filesystem access.

repo/packages/vite/rolldown.config.ts:186

        writeFileSync(
          'dist/node/index.d.ts',
          "export * from '../../src/node/index.ts'",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #23d812c11a43586e — Filesystem access.

repo/packages/vite/rolldown.config.ts:190

        writeFileSync(
          'dist/node/module-runner.d.ts',
          "export * from '../../src/module-runner/index.ts'",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c62ec6f09fe9855c — Filesystem access.

repo/packages/vite/rolldown.dts.config.ts:23

  readFileSync(new URL('./package.json', import.meta.url)).toString(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f33d4b98b03306e — Filesystem access.

repo/packages/vite/rollupLicensePlugin.ts:17

      const coreLicense = fs.readFileSync(
        new URL('../../LICENSE', import.meta.url),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #328048b86d90f675 — Filesystem access.

repo/packages/vite/rollupLicensePlugin.ts:108

      const existingLicenseText = fs.readFileSync(licenseFilePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #538c02baab1acb5c — Filesystem access.

repo/packages/vite/rollupLicensePlugin.ts:110

        fs.writeFileSync(licenseFilePath, licenseText)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #54bbd85eb6acc9a4 — Filesystem access.

repo/packages/vite/src/node/__tests__/build.spec.ts:1173

  const content = await fsp.readFile(entry, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e1c124b2014f1fb8 — Filesystem access.

repo/packages/vite/src/node/__tests__/build.spec.ts:1174

  await fsp.writeFile(
    entry,
    content.replace(`import('./dep.js')`, `'dep.js removed'`),
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f153d5bc38bb396c — Filesystem access.

repo/packages/vite/src/node/__tests__/build.spec.ts:1179

    await fsp.writeFile(entry, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a1e031c16feac2f7 — Filesystem access.

repo/packages/vite/src/node/__tests__/build.spec.ts:1209

    fsp.readFile(resolve(root, 'dist/favicon.svg'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d46eb935d5c538cf — Filesystem access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1386

      fs.writeFileSync(path.resolve(root, fileName), content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #da5cf0bfdfd8afdb — Filesystem access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1390

      fs.writeFileSync(
        path.resolve(root, 'package.json'),
        JSON.stringify({
          name: '@vitejs/test-load-config-from-file',
          type: typeField,
        }),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c50d050eca920831 — Environment-variable access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1599

    delete process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #951d8d12773a8ddb — Environment-variable access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1603

    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'example.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #37097f2b542a1f02 — Environment-variable access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1613

    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #391ec9596011d5d5 — Environment-variable access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1628

    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #125553f262ae7da6 — Environment-variable access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1643

    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ae101a8a21ff065d — Environment-variable access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1654

    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'new.com,another.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2412a1a9a30f0d73 — Environment-variable access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1668

    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = 'example.com'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #18fbd03b47d820cc — Environment-variable access.

repo/packages/vite/src/node/__tests__/config.spec.ts:1680

      process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS = env

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e2ca50c9353b7546 — Environment-variable access.

repo/packages/vite/src/node/__tests__/env.spec.ts:54

    expect(process.env.VITE_USER_NODE_ENV).toEqual(undefined)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2dde751827c181a3 — Environment-variable access.

repo/packages/vite/src/node/__tests__/env.spec.ts:58

    const _nodeEnv = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f5d79486d8a1bd4c — Environment-variable access.

repo/packages/vite/src/node/__tests__/env.spec.ts:59

    process.env.NODE_ENV = 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b1f45a32e5a3c93b — Environment-variable access.

repo/packages/vite/src/node/__tests__/env.spec.ts:61

    expect(process.env.VITE_USER_NODE_ENV).toEqual('development')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ecaf5f583ad80213 — Environment-variable access.

repo/packages/vite/src/node/__tests__/env.spec.ts:62

    process.env.NODE_ENV = _nodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #36899d5d0b71aac4 — Environment-variable access.

repo/packages/vite/src/node/__tests__/env.spec.ts:66

    process.env.VITE_USER_NODE_ENV = 'test'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #31893b74c001b947 — Environment-variable access.

repo/packages/vite/src/node/__tests__/env.spec.ts:68

    expect(process.env.VITE_USER_NODE_ENV).toEqual('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #05cce1f44cf0d518 — Environment-variable access.

repo/packages/vite/src/node/__tests__/env.spec.ts:72

    process.env.VITE_ENV_TEST_ENV = 'EXIST'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #06e8db0d71b8e0b5 — Filesystem access.

repo/packages/vite/src/node/__tests__/plugins/cssPreprocessorTeardown.spec.ts:25

    fs.writeFileSync(scssPath, '$c: red;\nbody { color: $c; }\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #98624cdab29dc1be — Filesystem access.

repo/packages/vite/src/node/__tests__/plugins/cssPreprocessorTeardown.spec.ts:37

        fs.readFileSync(scssPath, 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #41dabe5e5e018b73 — Filesystem access.

repo/packages/vite/src/node/__tests__/plugins/importGlob/fixture.spec.ts:14

      await transformWithEsbuild(await fs.readFile(id, 'utf-8'), id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2921f093192990cb — Filesystem access.

repo/packages/vite/src/node/__tests__/plugins/importGlob/fixture.spec.ts:85

      await transformWithEsbuild(await fs.readFile(id, 'utf-8'), id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c17eeb1e0db6b023 — Environment-variable access.

repo/packages/vite/src/node/build.ts:1091

  const tty = process.stdout.isTTY && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0020d56025290160 — Filesystem access.

repo/packages/vite/src/node/cli.ts:79

        fs.writeFileSync(outPath, JSON.stringify(profile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8032044e9497f792 — Environment-variable access.

repo/packages/vite/src/node/config.ts:1422

  if (process.env.NODE_ENV === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4d325fc66da34f25 — Environment-variable access.

repo/packages/vite/src/node/config.ts:1425

      process.env.NODE_ENV = nodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c8d6f2f0ef1ac5fd — Environment-variable access.

repo/packages/vite/src/node/config.ts:1428

  const isNodeEnvSet = !!process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b341336c888131c4 — Environment-variable access.

repo/packages/vite/src/node/config.ts:1434

    process.env.NODE_ENV = defaultNodeEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #faec10a94efd083a — Environment-variable access.

repo/packages/vite/src/node/config.ts:1730

  const userNodeEnv = process.env.VITE_USER_NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #06a7485694873d32 — Environment-variable access.

repo/packages/vite/src/node/config.ts:1733

      process.env.NODE_ENV = 'development'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a68a3c381ef03934 — Environment-variable access.

repo/packages/vite/src/node/config.ts:1744

  const isProduction = process.env.NODE_ENV === 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0dcdd60cf4642aa7 — Filesystem access.

repo/packages/vite/src/node/config.ts:2656

    await fsp.writeFile(tempFileName, bundledCode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fe21ed729f10343f — Filesystem access.

repo/packages/vite/src/node/constants.ts:7

  readFileSync(new URL('../../package.json', import.meta.url)).toString(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9a09805ed713380c — Filesystem access.

repo/packages/vite/src/node/env.ts:59

      const parsedEnv = parseEnv(fs.readFileSync(filePath, 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f3396bca349a4787 — Environment-variable access.

repo/packages/vite/src/node/env.ts:67

  if (parsed.NODE_ENV && process.env.VITE_USER_NODE_ENV === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6fda8a9d0471e4b8 — Environment-variable access.

repo/packages/vite/src/node/env.ts:68

    process.env.VITE_USER_NODE_ENV = parsed.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #66862bf044842529 — Environment-variable access.

repo/packages/vite/src/node/env.ts:71

  if (parsed.BROWSER && process.env.BROWSER === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #875cb70fa38e92e0 — Environment-variable access.

repo/packages/vite/src/node/env.ts:72

    process.env.BROWSER = parsed.BROWSER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #64c3caeed2e90f64 — Environment-variable access.

repo/packages/vite/src/node/env.ts:74

  if (parsed.BROWSER_ARGS && process.env.BROWSER_ARGS === undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e681a07d320bb180 — Environment-variable access.

repo/packages/vite/src/node/env.ts:75

    process.env.BROWSER_ARGS = parsed.BROWSER_ARGS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8a8a648c10ae0f1d — Environment-variable access.

repo/packages/vite/src/node/env.ts:100

      env[key] = process.env[key]!

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb242f5b4de7eb7d — Filesystem access.

repo/packages/vite/src/node/http.ts:162

    return fsp.readFile(path.resolve(value)).catch(() => value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4c56f4d5fddc8163 — Environment-variable access.

repo/packages/vite/src/node/logger.ts:84

    allowClearScreen && process.stdout.isTTY && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0674f6027416cda — Filesystem access.

repo/packages/vite/src/node/optimizer/index.ts:414

        await fsp.readFile(cachedMetadataPath, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1edc9ee7a98ad46e — Filesystem access.

repo/packages/vite/src/node/optimizer/index.ts:540

  fs.writeFileSync(
    path.resolve(processingCacheDir, 'package.json'),
    `{\n  "type": "module"\n}\n`,
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #628ca1dad780ab6b — Filesystem access.

repo/packages/vite/src/node/optimizer/index.ts:595

      fs.writeFileSync(
        dataPath,
        stringifyDepsOptimizerMetadata(metadata, depsCacheDir),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #887ace5ade487778 — Environment-variable access.

repo/packages/vite/src/node/optimizer/index.ts:817

      : JSON.stringify(process.env.NODE_ENV || environment.config.mode),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2325efacbad7310f — Filesystem access.

repo/packages/vite/src/node/optimizer/index.ts:1161

  const entryContent = fs.readFileSync(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #24585b5ef6e9d888 — Environment-variable access.

repo/packages/vite/src/node/optimizer/index.ts:1280

  return process.env.npm_config_user_agent?.startsWith(manager) ? 1 : -1

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a5385f90347d06ff — Environment-variable access.

repo/packages/vite/src/node/optimizer/index.ts:1292

        ? process.env.NODE_ENV || config.mode

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cf505ff12f0cacdb — Filesystem access.

repo/packages/vite/src/node/optimizer/index.ts:1331

  let content = lockfilePath ? fs.readFileSync(lockfilePath, 'utf-8') : ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #46697ba92a982043 — Filesystem access.

repo/packages/vite/src/node/optimizer/scan.ts:440

    let raw = await fsp.readFile(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6a4d5427515dd79a — Filesystem access.

repo/packages/vite/src/node/packages.ts:179

  const data = JSON.parse(stripBomTag(fs.readFileSync(pkgPath, 'utf-8')))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6fa9354cd18722d9 — Filesystem access.

repo/packages/vite/src/node/plugins/asset.ts:210

              await fsp.readFile(file, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3dcb5e937fa40f1b — Filesystem access.

repo/packages/vite/src/node/plugins/asset.ts:344

    const content = await fsp.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7d7b9cdf5b6fbc5c — Filesystem access.

repo/packages/vite/src/node/plugins/asset.ts:353

    const content = await fsp.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f58c22e179513cd3 — Filesystem access.

repo/packages/vite/src/node/plugins/asset.ts:452

  const content = await fsp.readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9c6abc83ed398b50 — Environment-variable access.

repo/packages/vite/src/node/plugins/clientInjections.ts:55

          JSON.stringify(process.env.NODE_ENV || config.mode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fafd8130e680700e — Filesystem access.

repo/packages/vite/src/node/plugins/clientInjections.ts:147

  const content = fs.readFileSync(normalizedClientEntry, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6707e950c318c8d5 — Filesystem access.

repo/packages/vite/src/node/plugins/css.ts:1586

          const code = await fs.promises.readFile(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #79a2bc88092b32ba — Filesystem access.

repo/packages/vite/src/node/plugins/css.ts:2581

            result.contents ?? (await fsp.readFile(result.file, 'utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7f3ac365246eb232 — Filesystem access.

repo/packages/vite/src/node/plugins/css.ts:2728

  const content = await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9f627150cfdb8fb5 — Filesystem access.

repo/packages/vite/src/node/plugins/css.ts:2858

                  (await fsp.readFile(result.resolved, 'utf-8')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #65515d016879ae93 — Filesystem access.

repo/packages/vite/src/node/plugins/css.ts:3245

              const code = fs.readFileSync(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #878e424afdf1cd9d — Filesystem access.

repo/packages/vite/src/node/plugins/css.ts:3336

        const code = fs.readFileSync(e.fileName, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0bdec52eae3bb385 — Environment-variable access.

repo/packages/vite/src/node/plugins/define.ts:19

    const nodeEnv = process.env.NODE_ENV || config.mode

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b35be33b63572d57 — Filesystem access.

repo/packages/vite/src/node/plugins/forwardConsole.ts:138

      const code = fs.readFileSync(stack.file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a593e86a3dc12baf — Filesystem access.

repo/packages/vite/src/node/plugins/license.ts:83

            entry.text = fs.readFileSync(licenseFile, 'utf-8').trim()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0042108404966f4d — Filesystem access.

repo/packages/vite/src/node/plugins/optimizedDeps.ts:89

            fsp.readFile(file, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d1b440c1b319c8b8 — Filesystem access.

repo/packages/vite/src/node/plugins/optimizedDeps.ts:90

            fsp
              .readFile(`${file}.map`, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9eacf2c3e55a2853 — Environment-variable access.

repo/packages/vite/src/node/plugins/reporter.ts:9

    const tty = process.stdout.isTTY && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #af27777d2ab10496 — Filesystem access.

repo/packages/vite/src/node/plugins/wasm.ts:192

    const wasmBinary = await fsp.readFile(wasmFilePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #53e08a0c9e185070 — Filesystem access.

repo/packages/vite/src/node/server/hmr.ts:1137

  const content = await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e784e46dc8e3edc3 — Filesystem access.

repo/packages/vite/src/node/server/hmr.ts:1149

    return await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #71c2740a2cbe17c9 — Environment-variable access.

repo/packages/vite/src/node/server/index.ts:934

  if (process.env.DEBUG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52ca86a1a5c9a771 — Filesystem access.

repo/packages/vite/src/node/server/index.ts:1275

    const content = fs.readFileSync(pnpmModulesYaml, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f8a4168423bb686e — Environment-variable access.

repo/packages/vite/src/node/server/index.ts:1316

    process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9ae418db48f5572d — Environment-variable access.

repo/packages/vite/src/node/server/index.ts:1320

      process.env.__VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #75e604383c25a2a2 — Filesystem access.

repo/packages/vite/src/node/server/middlewares/__tests__/indexHtml.spec.ts:9

const HTML_CONTENT = fs.readFileSync(HTML_PATH, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1cef80b4b55ca343 — Filesystem access.

repo/packages/vite/src/node/server/middlewares/__tests__/indexHtml.spec.ts:68

    const htmlContent = fs.readFileSync(htmlPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0a16e1d783c7d982 — Filesystem access.

repo/packages/vite/src/node/server/middlewares/indexHtml.ts:540

          let html = await fsp.readFile(filePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d537ff5d14d0fc01 — Filesystem access.

repo/packages/vite/src/node/server/middlewares/transform.ts:170

              await fsp.readFile(sourcemapPath, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1fba3b23001437c6 — Environment-variable access.

repo/packages/vite/src/node/server/openBrowser.ts:31

  const browser = typeof opt === 'string' ? opt : process.env.BROWSER || ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #76d6b74ab278dcdf — Environment-variable access.

repo/packages/vite/src/node/server/openBrowser.ts:35

    const browserArgs = process.env.BROWSER_ARGS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1f1d6382d62ce3a6 — Environment-variable access.

repo/packages/vite/src/node/server/openBrowser.ts:36

      ? process.env.BROWSER_ARGS.split(' ')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e4ce77b9f9ee77c9 — Environment-variable access.

repo/packages/vite/src/node/server/pluginContainer.ts:111

  process.env.DEBUG_VITE_SOURCEMAP_COMBINE_FILTER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #89a099cd62933c07 — Filesystem access.

repo/packages/vite/src/node/server/pluginContainer.ts:961

              code = fs.readFileSync(err.loc.file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #25c7c222849a97c4 — Filesystem access.

repo/packages/vite/src/node/server/pluginContainer.ts:1000

              code = fs.readFileSync(err.loc.file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7ecd044f3c36449d — Filesystem access.

repo/packages/vite/src/node/server/searchRoot.ts:31

    const content = JSON.parse(fs.readFileSync(path, 'utf-8')) || {}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e769a8171d275264 — Filesystem access.

repo/packages/vite/src/node/server/searchRoot.ts:46

      const content = JSON.parse(fs.readFileSync(path, 'utf-8')) || {}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #75d417681313c0bd — Filesystem access.

repo/packages/vite/src/node/server/sourcemap.ts:112

          sourcesContent[index] = await fsp
            .readFile(resolvedSourcePath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #583bdbd74db3c703 — Filesystem access.

repo/packages/vite/src/node/server/sourcemap.ts:241

    return fs.readFileSync(resolvedPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4713721240dfcc7c — Filesystem access.

repo/packages/vite/src/node/server/transformRequest.ts:284

        code = await fsp.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5b948c5b8b03a941 — Filesystem access.

repo/packages/vite/src/node/server/warmup.ts:34

        const html = await fs.readFile(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f5a2b013868edfa6 — Environment-variable access.

repo/packages/vite/src/node/shortcuts.ts:36

  enabled: boolean = process.stdin.isTTY && !process.env.CI,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0d2c94c384235303 — Filesystem access.

repo/packages/vite/src/node/ssr/__tests__/ssrLoadModule.spec.ts:233

  const source = fs.readFileSync(
    path.join(root, 'fixtures/json/test.json'),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5ce8f2533f1a7502 — Filesystem access.

repo/packages/vite/src/node/ssr/__tests__/ssrTransform.spec.ts:644

    return readFileSync(fileURLToPath(url), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4b9a3219cad57323 — Filesystem access.

repo/packages/vite/src/node/ssr/__tests__/ssrTransform.spec.ts:669

    return readFileSync(fileURLToPath(url), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #936c78743e0f7c19 — Filesystem access.

repo/packages/vite/src/node/ssr/runtime/__tests__/fixtures/native.js:3

export { readdirSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ab505a5e166bf64b — Environment-variable access.

repo/packages/vite/src/node/ssr/runtime/__tests__/server-hmr.spec.ts:137

  process.env.CI ? 50_00 : 5_000,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2c061c2758308b7f — Filesystem access.

repo/packages/vite/src/node/ssr/runtime/__tests__/utils.ts:114

      fs.writeFileSync(file, content, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f75c6e705e9996c5 — Filesystem access.

repo/packages/vite/src/node/ssr/runtime/__tests__/utils.ts:121

      const content = fs.readFileSync(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #354c86ead53bc33f — Filesystem access.

repo/packages/vite/src/node/ssr/runtime/__tests__/utils.ts:123

      fs.writeFileSync(file, callback(content), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #86d566a3ef791964 — Filesystem access.

repo/packages/vite/src/node/ssr/runtime/serverModuleRunner.ts:66

      return readFileSync(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2723aac57bb76c13 — Environment-variable access.

repo/packages/vite/src/node/utils.ts:176

const filter = process.env.VITE_DEBUG_FILTER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #363f7a30960af262 — Environment-variable access.

repo/packages/vite/src/node/utils.ts:178

const DEBUG = process.env.DEBUG

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a908fd9ad29e7a86 — Environment-variable access.

repo/packages/vite/src/node/utils.ts:1246

    const method = process.env.VITE_DEPRECATION_TRACE ? 'trace' : 'warn'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b36f53476a2a7f82 — Environment-variable access.

repo/packages/vite/src/node/utils.ts:1351

    const method = process.env.VITE_DEPRECATION_TRACE ? 'trace' : 'warn'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d14cd87d2162dc4d — Environment-variable access.

repo/packages/vite/src/node/utils.ts:1708

    process.env.npm_config_user_agent?.split(' ')[0].split('/')[0] || 'npm'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d2bbb28a944b5a73 — Environment-variable access.

repo/packages/vite/src/node/utils.ts:1833

    if (process.env.CI !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e89b754a0428c424 — Environment-variable access.

repo/packages/vite/src/node/utils.ts:1846

    if (process.env.CI !== 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/assets

npm first-party

expand_more 5 low-confidence finding(s)

low env_fs test-only #926349a03d996f38 — Filesystem access.

repo/playground/assets/__tests__/assets.spec.ts:536

  const src = readFile('foo.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d8cff3af78811d56 — Filesystem access.

repo/playground/assets/__tests__/assets.spec.ts:555

    const src = readFile('テスト-測試-white space.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #22a8d577d226c47e — Filesystem access.

repo/playground/assets/__tests__/assets.spec.ts:579

    const newContent = readFile('import-meta-url/img-update.png', null)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e68082b8e31dd91e — Filesystem access.

repo/playground/assets/__tests__/assets.spec.ts:787

  const indexHtml = readFile('./dist/foo/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a20274fda53bda69 — Filesystem access.

repo/playground/assets/__tests__/assets.spec.ts:794

  const indexHtml = readFile('./dist/foo/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/csp

npm first-party

expand_more 1 low-confidence finding(s)

low env_fs production #7ef7dfd642571bdf — Filesystem access.

repo/playground/csp/vite.config.js:28

  const content = await fs.readFile(
    path.join(import.meta.dirname, file),
    'utf-8',
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/css

npm first-party

expand_more 2 low-confidence finding(s)

low env_fs test-only #cc1c42bbf451ce34 — Filesystem access.

repo/playground/css/__tests__/tests.ts:411

    readFileSync(require.resolve('../raw-imported.css'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e9a33f310b0d54d — Filesystem access.

repo/playground/css/postcss.config.js:23

        const text = files.map((f) => fs.readFileSync(f, 'utf-8')).join('\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/css-lightningcss-proxy

npm first-party

expand_more 2 low-confidence finding(s)

low env_fs production #6b10a628e2eed1b1 — Environment-variable access.

repo/playground/css-lightningcss-proxy/server.js:6

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ec6f7b831636241b — Filesystem access.

repo/playground/css-lightningcss-proxy/server.js:59

      let template = fs.readFileSync(htmlLoc, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/env

npm first-party

expand_more 4 low-confidence finding(s)

low env_fs test-only #67f94ca64423f19c — Environment-variable access.

repo/playground/env/__tests__/env.spec.ts:52

  expect(await page.textContent('.node-env')).toBe(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c7585456716b0f46 — Environment-variable access.

repo/playground/env/__tests__/env.spec.ts:53

  expect(await page.textContent('.global-node-env')).toBe(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9020688451d96f3f — Environment-variable access.

repo/playground/env/__tests__/env.spec.ts:55

    process.env.NODE_ENV,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4a043d0be07133fb — Environment-variable access.

repo/playground/env/vite.config.js:3

process.env.EXPAND = 'expand'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/environment-react-ssr

npm first-party

expand_more 4 low-confidence finding(s)

low env_fs test-only #a1c25874b72ae059 — Filesystem access.

repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:49

      fs.readFileSync(file, 'utf-8').includes('process.env.NODE_ENV'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9aec97131888c38b — Filesystem access.

repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:67

      const originalContent = readFile(filePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0fe450dee37912de — Filesystem access.

repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:68

      fs.writeFileSync(
        filePath,
        `import 'react-fake-${env}'\n${originalContent}`,
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1f717dcc754dd028 — Filesystem access.

repo/playground/environment-react-ssr/__tests__/environment-react-ssr.spec.ts:74

        fs.writeFileSync(filePath, originalContent, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/external

npm first-party

expand_more 1 low-confidence finding(s)

low env_fs production #36dbeb8379020b25 — Filesystem access.

repo/playground/external/vite.config.js:13

      const code = await fs.readFile(
        new URL(`./node_modules/${file}`, import.meta.url),
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/fs-serve

npm first-party

expand_more 1 low-confidence finding(s)

low env_fs test-only #a393f7ed4dc560ba — Filesystem access.

repo/playground/fs-serve/__tests__/commonTests.ts:26

const safeJsonContent = fs.readFileSync(
  path.resolve(import.meta.dirname, '../safe.json'),
  'utf-8',
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/hmr

npm first-party

expand_more 3 low-confidence finding(s)

low env_fs test-only #1a0cb63cc0faaa21 — Filesystem access.

repo/playground/hmr/__tests__/hmr.spec.ts:907

    const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #438b95efa0b9c9b5 — Filesystem access.

repo/playground/hmr/__tests__/hmr.spec.ts:984

    const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #206dd7fd3376bc8f — Filesystem access.

repo/playground/hmr/vite.config.ts:114

        const dep = await fs.readFile(depPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/hmr-full-bundle-mode

npm first-party

expand_more 1 low-confidence finding(s)

low env_fs test-only #442528ee314f2789 — Filesystem access.

repo/playground/hmr-full-bundle-mode/__tests__/hmr-full-bundle-mode.spec.ts:144

    const original = readFile('hmr-asset.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/hmr-ssr

npm first-party

expand_more 4 low-confidence finding(s)

low env_fs test-only #599d963360517c65 — Filesystem access.

repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:300

      const originalUnresolvedFile = readFile('unresolved.ts')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ec7d7efd754576d5 — Filesystem access.

repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:303

        fs.writeFileSync(filepath, originalUnresolvedFile, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2c62487a74349463 — Filesystem access.

repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:772

  const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b9ace840a385bd31 — Filesystem access.

repo/playground/hmr-ssr/__tests__/hmr-ssr.spec.ts:842

  const originalChildFileCode = readFile(childFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/js-sourcemap

npm first-party

expand_more 3 low-confidence finding(s)

low env_fs test-only #e11a796fecceec2c — Filesystem access.

repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:308

      const mapContent = readFile(`dist/assets/${mapAsset}`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7bf7d4eed59e8788 — Filesystem access.

repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:384

      const jsContent = readFile(jsAsset)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1f27001b12f81c94 — Filesystem access.

repo/playground/js-sourcemap/__tests__/js-sourcemap.spec.ts:395

      const mapContent = readFile(mapFile)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/json

npm first-party

expand_more 1 low-confidence finding(s)

low env_fs test-only #08df6ceead8fbbfe — Filesystem access.

repo/playground/json/__tests__/csr/json-csr.spec.ts:48

    readFileSync(require.resolve('../../test.json'), 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/legacy

npm first-party

expand_more 5 low-confidence finding(s)

low env_fs test-only #dfb70b9515fdd39c — Filesystem access.

repo/playground/legacy/__tests__/legacy.spec.ts:171

          readFile(`dist/assets/${filename}`).includes('Unable to preload'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b914d40fff990c71 — Filesystem access.

repo/playground/legacy/vite.config-chunk-importmap.js:21

    let index = fs.readFileSync(indexPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9e3150dbc02d507b — Filesystem access.

repo/playground/legacy/vite.config-chunk-importmap.js:25

    fs.writeFileSync(indexPath, index)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e3b1d02af06997ca — Filesystem access.

repo/playground/legacy/vite.config.js:45

    let index = fs.readFileSync(indexPath, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #18f99710d41ad456 — Filesystem access.

repo/playground/legacy/vite.config.js:49

    fs.writeFileSync(indexPath, index)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/minify

npm first-party

expand_more 2 low-confidence finding(s)

low env_fs test-only #1e7d8cd2fbf1c7b6 — Filesystem access.

repo/playground/minify/__tests__/minify.spec.ts:11

  const jsContent = readFile(path.resolve(assetsDir, jsFile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fc554f5aa46d10b5 — Filesystem access.

repo/playground/minify/__tests__/minify.spec.ts:14

  const cssContent = readFile(path.resolve(assetsDir, cssFile))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps

npm first-party

expand_more 10 low-confidence finding(s)

low env_fs production #2e6840fd7b43d131 — Environment-variable access.

repo/playground/optimize-deps/dep-cjs-with-external-deps/index.js:5

if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bbe47ad87cd774dd — Filesystem access.

repo/playground/optimize-deps/dep-linked-include/index.mjs:16

  fs.readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9b14557b61c11b4f — Environment-variable access.

repo/playground/optimize-deps/dep-node-env/index.js:1

export const env = process.env.NODE_ENV === 'production' ? 'prod' : 'dev'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c22e6ecaa7854f98 — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:3

const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c22e6ecaa7854f98 — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:3

const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9a1cbe11af229b97 — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:20

  return fs.readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #62bae41df65e1237 — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:3

import { readFileSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c1b65ac71f79f652 — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:9

  readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4eadccea69916ea7 — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:23

  return readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a78940470b88390d — Filesystem access.

repo/playground/optimize-deps/vite.config.js:116

                    let contents = fs.readFileSync(id, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps-no-discovery

npm first-party

expand_more 1 low-confidence finding(s)

low env_fs production #6215c2d277f23faa — Environment-variable access.

repo/playground/optimize-deps-no-discovery/vite.config.js:4

process.env.NODE_ENV = ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps/dep-cjs-with-external-deps

npm first-party

expand_more 1 low-confidence finding(s)

low env_fs production #2e6840fd7b43d131 — Environment-variable access.

repo/playground/optimize-deps/dep-cjs-with-external-deps/index.js:5

if (process.env.NODE_ENV === 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps/dep-linked-include

npm first-party

expand_more 1 low-confidence finding(s)

low env_fs production #bbe47ad87cd774dd — Filesystem access.

repo/playground/optimize-deps/dep-linked-include/index.mjs:16

  fs.readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps/dep-node-env

npm first-party

expand_more 1 low-confidence finding(s)

low env_fs production #9b14557b61c11b4f — Environment-variable access.

repo/playground/optimize-deps/dep-node-env/index.js:1

export const env = process.env.NODE_ENV === 'production' ? 'prod' : 'dev'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps/dep-with-builtin-module-cjs

npm first-party

expand_more 3 low-confidence finding(s)

low env_fs production #c22e6ecaa7854f98 — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:3

const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c22e6ecaa7854f98 — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:3

const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9a1cbe11af229b97 — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-cjs/index.js:20

  return fs.readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-deps/dep-with-builtin-module-esm

npm first-party

expand_more 3 low-confidence finding(s)

low env_fs production #62bae41df65e1237 — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:3

import { readFileSync } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c1b65ac71f79f652 — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:9

  readFileSync()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4eadccea69916ea7 — Filesystem access.

repo/playground/optimize-deps/dep-with-builtin-module-esm/index.js:23

  return readFileSync('test')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/optimize-missing-deps

npm first-party

expand_more 2 low-confidence finding(s)

low env_fs production #2902e6a1232dd601 — Environment-variable access.

repo/playground/optimize-missing-deps/server.js:6

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #96e58df945a10a87 — Filesystem access.

repo/playground/optimize-missing-deps/server.js:33

      let template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr

npm first-party

expand_more 2 low-confidence finding(s)

low env_fs production #02b0c6f986485ac5 — Environment-variable access.

repo/playground/ssr/server.js:5

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #64e5f9f6ccda3225 — Filesystem access.

repo/playground/ssr/server.js:47

      template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-alias

npm first-party

expand_more 1 low-confidence finding(s)

low env_fs production #88bf93b14dc9b7c1 — Environment-variable access.

repo/playground/ssr-alias/src/main.js:8

  builtin: process.env['__TEST_ALIAS__'],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-conditions

npm first-party

expand_more 4 low-confidence finding(s)

low env_fs production #9186cd9b76cb216a — Environment-variable access.

repo/playground/ssr-conditions/server.js:6

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #83b7614f37546517 — Environment-variable access.

repo/playground/ssr-conditions/server.js:10

  isProd = process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ac673573a37dc407 — Filesystem access.

repo/playground/ssr-conditions/server.js:16

    ? fs.readFileSync(resolve('dist/client/index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b619bb70173d093f — Filesystem access.

repo/playground/ssr-conditions/server.js:56

        template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-deps

npm first-party

expand_more 4 low-confidence finding(s)

low env_fs test-only #9ae1668189bcff7d — Environment-variable access.

repo/playground/ssr-deps/__tests__/ssr-deps.spec.ts:103

    `Hello World from ${process.env.NODE_ENV}!`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aac245681a4f9905 — Filesystem access.

repo/playground/ssr-deps/read-file-content/index.js:5

  return await fs.readFile(path.resolve(filePath), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #43d39118e7019aa2 — Environment-variable access.

repo/playground/ssr-deps/server.js:6

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9a9776b8f6bcfcd2 — Filesystem access.

repo/playground/ssr-deps/server.js:100

      template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-deps/read-file-content

npm first-party

expand_more 1 low-confidence finding(s)

low env_fs production #aac245681a4f9905 — Filesystem access.

repo/playground/ssr-deps/read-file-content/index.js:5

  return await fs.readFile(path.resolve(filePath), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-html

npm first-party

expand_more 4 low-confidence finding(s)

low env_fs production #0205faf7f9041da0 — Environment-variable access.

repo/playground/ssr-html/server.js:5

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fc5e55ec4a137849 — Filesystem access.

repo/playground/ssr-html/server.js:79

        const template = fs.readFileSync(resolve(`.${url}index.html`), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7f55b51dec632035 — Filesystem access.

repo/playground/ssr-html/server.js:94

      let template = fs.readFileSync(htmlLoc, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f84702a2c0e0f684 — Environment-variable access.

repo/playground/ssr-html/test-stacktrace.js:10

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-noexternal

npm first-party

expand_more 4 low-confidence finding(s)

low env_fs production #2ee129b1fadd8be0 — Environment-variable access.

repo/playground/ssr-noexternal/server.js:5

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e38b1848575c69d0 — Environment-variable access.

repo/playground/ssr-noexternal/server.js:9

  isProd = process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #82cbd7f7d1083d0d — Filesystem access.

repo/playground/ssr-noexternal/server.js:15

    ? fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #87e64f113fe53377 — Filesystem access.

repo/playground/ssr-noexternal/server.js:54

        template = fs.readFileSync(resolve('index.html'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-pug

npm first-party

expand_more 1 low-confidence finding(s)

low env_fs production #3be46c26d20f9885 — Environment-variable access.

repo/playground/ssr-pug/server.js:6

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-resolve

npm first-party

expand_more 2 low-confidence finding(s)

low env_fs test-only #0f9855e91b5c6104 — Filesystem access.

repo/playground/ssr-resolve/__tests__/ssr-resolve.spec.ts:9

  const contents = readFile('dist/main.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #00c56ce454af0939 — Filesystem access.

repo/playground/ssr-resolve/__tests__/ssr-resolve.spec.ts:38

    const contents = readFile('dist/main.mjs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-wasm

npm first-party

expand_more 2 low-confidence finding(s)

low env_fs production #e741d94594782c44 — Environment-variable access.

repo/playground/ssr-wasm/server.js:3

const isTest = process.env.VITEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #926f785ac1daee77 — Environment-variable access.

repo/playground/ssr-wasm/server.js:4

const isProduction = process.env.NODE_ENV === 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/ssr-webworker

npm first-party

expand_more 1 low-confidence finding(s)

low env_fs production #8befb97de3a6d9a6 — Environment-variable access.

repo/playground/ssr-webworker/worker.js:4

const isTest = !!process.env.TEST

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/tsconfig-json

npm first-party

expand_more 4 low-confidence finding(s)

low env_fs test-only #1b9a9371304e5d97 — Filesystem access.

repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:37

    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c22dc12204038418 — Filesystem access.

repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:51

    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d313bec72ec7d97c — Filesystem access.

repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:66

    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2d0b3a11cdbfc2ae — Filesystem access.

repo/playground/tsconfig-json/__tests__/tsconfig-json.spec.ts:81

    const mainContent = fs.readFileSync(main, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/tsconfig-json-load-error

npm first-party

expand_more 1 low-confidence finding(s)

low env_fs test-only #86a0fde3e0f356f7 — Filesystem access.

repo/playground/tsconfig-json-load-error/__tests__/tsconfig-json-load-error.spec.ts:18

      readFile('dist/index.html')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): playground/worker

npm first-party

expand_more 31 low-confidence finding(s)

low env_fs test-only #d337caba8524b132 — Environment-variable access.

repo/playground/worker/__tests__/es/worker-es.spec.ts:10

    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #65348a4064fbd761 — Filesystem access.

repo/playground/worker/__tests__/es/worker-es.spec.ts:103

      const fileContent = fs.readFileSync(
        path.resolve(assetsDir, file),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2d7b002d9772f343 — Filesystem access.

repo/playground/worker/__tests__/es/worker-es.spec.ts:111

    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8942503b05819988 — Filesystem access.

repo/playground/worker/__tests__/es/worker-es.spec.ts:113

    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b16865cfdf066da6 — Environment-variable access.

repo/playground/worker/__tests__/iife/worker-iife.spec.ts:19

    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a0343ddd564e3b99 — Filesystem access.

repo/playground/worker/__tests__/iife/worker-iife.spec.ts:90

      const fileContent = fs.readFileSync(
        path.resolve(assetsDir, file),
        'utf-8',
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #358b55ee97e9ca6b — Filesystem access.

repo/playground/worker/__tests__/iife/worker-iife.spec.ts:98

    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #459afb465fd0f4ad — Filesystem access.

repo/playground/worker/__tests__/iife/worker-iife.spec.ts:100

    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3b0c3cacc47a3896 — Environment-variable access.

repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:10

    .toMatch(process.env.NODE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0774a108f1e91d23 — Filesystem access.

repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:66

    const content = fs.readFileSync(path.resolve(chunksDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #442369f1cdc4440f — Filesystem access.

repo/playground/worker/__tests__/relative-base/worker-relative-base.spec.ts:73

    const workerContent = fs.readFileSync(
      path.resolve(workerEntriesDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #990c2772e777c20e — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:20

    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7096727ae7151204 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:23

    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #264a3f089410bf44 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:31

    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d461a48b558606ef — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:39

    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7ca7af220046dfa1 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:49

    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4b899603bba26aae — Filesystem access.

repo/playground/worker/__tests__/sourcemap-hidden/worker-sourcemap-hidden.spec.ts:57

    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c96e75de4e613850 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:14

    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b1bba820dfd29f62 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:17

    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e2367cb8f4b912d4 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:25

    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2fec1847787bdd73 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:33

    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #18cf50e166b943c3 — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:43

    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #92b3ccb2f8b8692b — Filesystem access.

repo/playground/worker/__tests__/sourcemap-inline/worker-sourcemap-inline.spec.ts:51

    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f2a5287857feae57 — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:20

    const content = fs.readFileSync(path.resolve(assetsDir, index), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b3f7d900a4be9603 — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:23

    const workerContent = fs.readFileSync(
      path.resolve(assetsDir, worker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e94e341e91077cb8 — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:31

    const sharedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, sharedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d36658b58cbd363b — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:39

    const possibleTsOutputWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, possibleTsOutputWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a3f4f7589ccfda52 — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:49

    const workerNestedWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, workerNestedWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c9081bef06628318 — Filesystem access.

repo/playground/worker/__tests__/sourcemap/worker-sourcemap.spec.ts:57

    const subWorkerContent = fs.readFileSync(
      path.resolve(assetsDir, subWorker),
      'utf-8',
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8c52d4899f22ece4 — Environment-variable access.

repo/playground/worker/modules/workerImport.ts:2

export const mode = process.env.NODE_ENV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1299b8835d06231b — Environment-variable access.

repo/playground/worker/worker-sourcemap-config.js:7

    /** @type {'inline' | 'hidden' | 'sourcemap'} */ (
      process.env.WORKER_MODE
    ) || sourcemap

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

Skipped dependencies

Production

first-party (npm): playground/ssr-deps/linked-no-external prod — scan budget exceeded
first-party (npm): playground/ssr-deps/optimized-cjs-with-nested-external prod — scan budget exceeded
first-party (npm): playground/ssr-deps/external-entry prod — scan budget exceeded
first-party (npm): playground/ssr-deps/nested-exclude prod — scan budget exceeded
first-party (npm): playground/ssr-deps/external-using-external-entry prod — scan budget exceeded
first-party (npm): playground/ssr-deps/ts-transpiled-exports prod — scan budget exceeded
first-party (npm): playground/ssr-deps/only-object-assigned-exports prod — scan budget exceeded
first-party (npm): playground/dynamic-import/pkg prod — scan budget exceeded
first-party (npm): playground/proxy-hmr/other-app prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__ prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/packages prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/plugins/fixtures/license prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/plugins/fixtures/license/dep-nested-license-isc prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/plugins/fixtures/license/dep-licence-cc0 prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/plugins/fixtures/license/dep-license-mit prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/plugins/fixtures/sass-package-resolution/node_modules/sass-pkg-with-index prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/fixtures/watch-rebuild-manifest prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/fixtures/test-dep-conditions prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/fixtures/cjs-ssr-dep prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/fixtures/scan-subpath-import-glob prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/fixtures/file-url prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/fixtures/config/plugin-module-condition prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/fixtures/config/siblings prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/fixtures/config/import-meta prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/fixtures/config/entry prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/fixtures/glob-exports/node_modules/my-pkg prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/packages/noname prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/packages/parent prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/packages/child prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/packages/module prod — scan budget exceeded
first-party (npm): packages/vite/src/node/__tests__/packages/name prod — scan budget exceeded
first-party (npm): packages/vite/src/node/server/__tests__/fixtures/watcher prod — scan budget exceeded
first-party (npm): packages/vite/src/node/server/__tests__/fixtures/pnpm prod — scan budget exceeded
first-party (npm): packages/vite/src/node/server/__tests__/fixtures/yarn prod — scan budget exceeded
first-party (npm): packages/vite/src/node/server/__tests__/fixtures/lerna/nested prod — scan budget exceeded
first-party (npm): packages/vite/src/node/server/__tests__/fixtures/deno/nested prod — scan budget exceeded
first-party (npm): packages/vite/src/node/server/__tests__/fixtures/pnpm/nested prod — scan budget exceeded
first-party (npm): packages/vite/src/node/server/__tests__/fixtures/yarn/nested prod — scan budget exceeded
first-party (npm): packages/vite/src/node/server/__tests__/fixtures/none/nested prod — scan budget exceeded
first-party (npm): packages/vite/src/node/ssr/runtime/__tests__ prod — scan budget exceeded
first-party (npm): packages/vite/src/node/ssr/runtime/__tests__/fixtures/live-binding prod — scan budget exceeded
first-party (npm): packages/vite/src/node/ssr/runtime/__tests__/fixtures/cyclic2 prod — scan budget exceeded
first-party (npm): packages/vite/src/node/ssr/runtime/__tests__/fixtures/cjs-external prod — scan budget exceeded
first-party (npm): packages/vite/src/node/ssr/runtime/__tests__/fixtures/esm-external prod — scan budget exceeded
first-party (npm): packages/vite/src/node/ssr/runtime/__tests__/fixtures/invalid-package/deps/test-dep-invalid-exports prod — scan budget exceeded
first-party (npm): docs prod — scan budget exceeded
lightningcss prod — scan budget exceeded
picomatch prod — scan budget exceeded
postcss prod — scan budget exceeded
tinyglobby prod — scan budget exceeded
@babel/core prod — scan budget exceeded
@babel/plugin-transform-dynamic-import prod — scan budget exceeded
@babel/plugin-transform-modules-systemjs prod — scan budget exceeded
@babel/preset-env prod — scan budget exceeded
babel-plugin-polyfill-corejs3 prod — scan budget exceeded
babel-plugin-polyfill-regenerator prod — scan budget exceeded
browserslist prod — scan budget exceeded
browserslist-to-esbuild prod — scan budget exceeded
core-js prod — scan budget exceeded
regenerator-runtime prod — scan budget exceeded
systemjs prod — scan budget exceeded
@tailwindcss/vite prod — scan budget exceeded
tailwindcss prod — scan budget exceeded
@vitejs/test-dep-no-discovery prod — scan budget exceeded
vue prod — scan budget exceeded
vuex prod — scan budget exceeded
clipboard prod — scan budget exceeded
@vitejs/test-dep-cjs-browser-field prod — scan budget exceeded
@vitejs/longfilename-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa prod — scan budget exceeded
@vitejs/test-dep-alias-using-absolute-path prod — scan budget exceeded
@vitejs/test-dep-cjs-browser-field-bare prod — scan budget exceeded
@vitejs/test-dep-cjs-compiled-from-cjs prod — scan budget exceeded
@vitejs/test-dep-cjs-compiled-from-esm prod — scan budget exceeded
@vitejs/test-dep-cjs-with-assets prod — scan budget exceeded
@vitejs/test-dep-cjs-with-es-module-flag prod — scan budget exceeded
@vitejs/test-dep-cjs-with-external-deps prod — scan budget exceeded
@vitejs/test-dep-cjs-css-main-field prod — scan budget exceeded
@vitejs/test-dep-cjs-require-css-main-field prod — scan budget exceeded
@vitejs/test-dep-css-require prod — scan budget exceeded
@vitejs/test-dep-esbuild-plugin-transform prod — scan budget exceeded
@vitejs/test-dep-incompatible prod — scan budget exceeded
@vitejs/test-dep-linked prod — scan budget exceeded
@vitejs/test-dep-linked-include prod — scan budget exceeded
@vitejs/test-dep-node-env prod — scan budget exceeded
@vitejs/test-dep-not-js prod — scan budget exceeded
@vitejs/test-dep-optimize-exports-with-glob prod — scan budget exceeded
@vitejs/test-dep-optimize-exports-with-root-glob prod — scan budget exceeded
@vitejs/test-dep-optimize-with-glob prod — scan budget exceeded
@vitejs/test-dep-relative-to-main prod — scan budget exceeded
@vitejs/test-dep-source-map-no-sources prod — scan budget exceeded
@vitejs/test-dep-with-asset-ext1.pdf prod — scan budget exceeded
@vitejs/test-dep-with-asset-ext2.pdf prod — scan budget exceeded
@vitejs/test-dep-with-builtin-module-cjs prod — scan budget exceeded
@vitejs/test-dep-with-builtin-module-esm prod — scan budget exceeded
@vitejs/test-dep-with-dynamic-import prod — scan budget exceeded
@vitejs/test-dep-with-optional-peer-dep prod — scan budget exceeded
@vitejs/test-dep-with-optional-peer-dep-cjs prod — scan budget exceeded
@vitejs/test-dep-with-optional-peer-dep-submodule prod — scan budget exceeded
@vitejs/test-dep-with-plus-subpath prod — scan budget exceeded
@vitejs/test-dep-non-optimized prod — scan budget exceeded
@vitejs/test-added-in-entries prod — scan budget exceeded
@vitejs/test-dep-cjs-external-package-omit-js-suffix prod — scan budget exceeded
@vitejs/test-dep-with-assets prod — scan budget exceeded
@vitejs/test-dep-lodash prod — scan budget exceeded
@vitejs/test-dep-lodash.clonedeep prod — scan budget exceeded
@vitejs/test-dep-lodash-es prod — scan budget exceeded
@vitejs/test-nested-exclude prod — scan budget exceeded
phoenix prod — scan budget exceeded
react prod — scan budget exceeded
react-dom prod — scan budget exceeded
@vitejs/test-resolve-linked prod — scan budget exceeded
@vitejs/test-alias-original prod — scan budget exceeded
aliased-module prod — scan budget exceeded
@vue/shared prod — scan budget exceeded
@vitejs/test-import-assertion-dep prod — scan budget exceeded
@vitejs/test-dep-that-imports prod — scan budget exceeded
@vitejs/test-dep-that-requires prod — scan budget exceeded
@vitejs/test-commonjs-dep prod — scan budget exceeded
@vitejs/test-deep-import prod — scan budget exceeded
@vitejs/test-entries prod — scan budget exceeded
@vitejs/test-module-sync prod — scan budget exceeded
@vitejs/test-resolve-pkg-exports prod — scan budget exceeded
@tailwindcss/postcss prod — scan budget exceeded
@vitejs/test-external-cjs prod — scan budget exceeded
@vitejs/test-require-external-cjs prod — scan budget exceeded
@vitejs/test-import-meta-glob-pkg prod — scan budget exceeded
@vitejs/test-ssr-conditions-external prod — scan budget exceeded
@vitejs/test-ssr-conditions-no-external prod — scan budget exceeded
autoprefixer prod — scan budget exceeded
@babel/runtime prod — scan budget exceeded
normalize.css prod — scan budget exceeded
@vitejs/test-resolve-browser-field prod — scan budget exceeded
@vitejs/test-resolve-browser-module-field1 prod — scan budget exceeded

Development

@eslint/js dev — scan budget exceeded
@type-challenges/utils dev — scan budget exceeded
@types/babel__core dev — scan budget exceeded
@types/babel__preset-env dev — scan budget exceeded
@types/convert-source-map dev — scan budget exceeded
@types/cross-spawn dev — scan budget exceeded
@types/etag dev — scan budget exceeded
@types/less dev — scan budget exceeded
@types/node dev — scan budget exceeded
@types/picomatch dev — scan budget exceeded
@types/stylus dev — scan budget exceeded
@types/ws dev — scan budget exceeded
@vitejs/release-scripts dev — scan budget exceeded
eslint dev — scan budget exceeded
eslint-plugin-import-x dev — scan budget exceeded
eslint-plugin-n dev — scan budget exceeded
eslint-plugin-regexp dev — scan budget exceeded
execa dev — scan budget exceeded
globals dev — scan budget exceeded
lint-staged dev — scan budget exceeded
oxfmt dev — scan budget exceeded
picocolors dev — scan budget exceeded
playwright-chromium dev — scan budget exceeded
rolldown dev — scan budget exceeded
rollup dev — scan budget exceeded
simple-git-hooks dev — scan budget exceeded
tsx dev — scan budget exceeded
typescript dev — scan budget exceeded
typescript-eslint dev — scan budget exceeded
vite dev — scan budget exceeded
vitest dev — scan budget exceeded
@clack/prompts dev — scan budget exceeded
@vercel/detect-agent dev — scan budget exceeded
cross-spawn dev — scan budget exceeded
mri dev — scan budget exceeded
tsdown dev — scan budget exceeded
unrun dev — scan budget exceeded
@babel/parser dev — scan budget exceeded
@jridgewell/remapping dev — scan budget exceeded
@jridgewell/trace-mapping dev — scan budget exceeded
@polka/compression dev — scan budget exceeded
@rollup/plugin-alias dev — scan budget exceeded
@rollup/plugin-dynamic-import-vars dev — scan budget exceeded
@rollup/pluginutils dev — scan budget exceeded
@types/escape-html dev — scan budget exceeded
@types/pnpapi dev — scan budget exceeded
@vitejs/devtools dev — scan budget exceeded
@vitest/utils dev — scan budget exceeded
@voidzero-dev/vite-task-client dev — scan budget exceeded
artichokie dev — scan budget exceeded
baseline-browser-mapping dev — scan budget exceeded
cac dev — scan budget exceeded
chokidar dev — scan budget exceeded
connect dev — scan budget exceeded
convert-source-map dev — scan budget exceeded
cors dev — scan budget exceeded
dotenv-expand dev — scan budget exceeded
es-module-lexer dev — scan budget exceeded
esbuild dev — scan budget exceeded
escape-html dev — scan budget exceeded
estree-walker dev — scan budget exceeded
etag dev — scan budget exceeded
fresh-import dev — scan budget exceeded
host-validation-middleware dev — scan budget exceeded
http-proxy-3 dev — scan budget exceeded
launch-editor-middleware dev — scan budget exceeded
magic-string dev — scan budget exceeded
mlly dev — scan budget exceeded
mrmime dev — scan budget exceeded
nanoid dev — scan budget exceeded
obug dev — scan budget exceeded
open dev — scan budget exceeded
parse5 dev — scan budget exceeded
pathe dev — scan budget exceeded
periscopic dev — scan budget exceeded
postcss-import dev — scan budget exceeded
postcss-load-config dev — scan budget exceeded
postcss-modules dev — scan budget exceeded
premove dev — scan budget exceeded
resolve.exports dev — scan budget exceeded
rolldown-plugin-dts dev — scan budget exceeded
rollup-plugin-license dev — scan budget exceeded
sass dev — scan budget exceeded
sass-embedded dev — scan budget exceeded
sirv dev — scan budget exceeded
strip-literal dev — scan budget exceeded
terser dev — scan budget exceeded
ufo dev — scan budget exceeded
ws dev — scan budget exceeded
acorn dev — scan budget exceeded
css-color-names dev — scan budget exceeded
kill-port dev — scan budget exceeded
url dev — scan budget exceeded
express dev — scan budget exceeded
slash3 dev — scan budget exceeded
slash5 dev — scan budget exceeded
vue34 dev — scan budget exceeded
pug dev — scan budget exceeded
@types/react dev — scan budget exceeded
@types/react-dom dev — scan budget exceeded
react-fake-client dev — scan budget exceeded
react-fake-server dev — scan budget exceeded
@vitejs/test-css-dep dev — scan budget exceeded
@vitejs/test-css-dep-exports dev — scan budget exceeded
@vitejs/test-css-js-dep dev — scan budget exceeded
@vitejs/test-css-proxy-dep dev — scan budget exceeded
@vitejs/test-scss-proxy-dep dev — scan budget exceeded
less dev — scan budget exceeded
postcss-nested dev — scan budget exceeded
stylus dev — scan budget exceeded
sugarss dev — scan budget exceeded
@vitejs/test-json-require dev — scan budget exceeded
@vitejs/test-json-module dev — scan budget exceeded

verified_user Possible application data leak

App Privacy Score

bar_chart Score Breakdown

list Scan Summary

swap_horiz Potential data exfiltration in application code

</> First-Party Code

first-party (npm)

first-party (npm): playground

first-party (npm): playground/lib

first-party (npm): packages/create-vite

first-party (npm): packages/plugin-legacy

first-party (npm): packages/vite

first-party (npm): playground/assets

first-party (npm): playground/csp

first-party (npm): playground/css

first-party (npm): playground/css-lightningcss-proxy

first-party (npm): playground/env

first-party (npm): playground/environment-react-ssr

first-party (npm): playground/external

first-party (npm): playground/fs-serve

first-party (npm): playground/hmr

first-party (npm): playground/hmr-full-bundle-mode

first-party (npm): playground/hmr-ssr

first-party (npm): playground/js-sourcemap

first-party (npm): playground/json

first-party (npm): playground/legacy

first-party (npm): playground/minify

first-party (npm): playground/optimize-deps

first-party (npm): playground/optimize-deps-no-discovery

first-party (npm): playground/optimize-deps/dep-cjs-with-external-deps

first-party (npm): playground/optimize-deps/dep-linked-include

first-party (npm): playground/optimize-deps/dep-node-env

first-party (npm): playground/optimize-deps/dep-with-builtin-module-cjs

first-party (npm): playground/optimize-deps/dep-with-builtin-module-esm

first-party (npm): playground/optimize-missing-deps

first-party (npm): playground/ssr

first-party (npm): playground/ssr-alias

first-party (npm): playground/ssr-conditions

first-party (npm): playground/ssr-deps

first-party (npm): playground/ssr-deps/read-file-content

first-party (npm): playground/ssr-html

first-party (npm): playground/ssr-noexternal

first-party (npm): playground/ssr-pug

first-party (npm): playground/ssr-resolve

first-party (npm): playground/ssr-wasm

first-party (npm): playground/ssr-webworker

first-party (npm): playground/tsconfig-json

first-party (npm): playground/tsconfig-json-load-error

first-party (npm): playground/worker

Skipped dependencies