Close Open Privacy Scan

bolt Snapshot: commit 186d2e6
science engine v3
schedule 2026-07-07T16:05:55.336634+00:00

verified_user No application data leak found

No high-confidence exfiltration was found in application code.

App Privacy Score

97 /100
Low privacy risk

Low risk · 5 finding(s)

Dependency score: 97 (Low risk)

bar_chart Score Breakdown

env_fs −3

list Scan Summary

0 high 0 medium 5 low
First-party packages: 1
Dependency packages: 1
Ecosystem: npm

swap_horiz Application data flows

No high- or medium-confidence application data-flow findings in this scan.

</> First-Party Code

first-party (npm)

npm first-party
expand_more 3 low-confidence finding(s)
low env_fs production #1d7bc215888bd39c Environment-variable access.
repo/lib/platform-shims/esm.mjs:29
    return process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c5aac5c3c0d50b33 Filesystem access.
repo/lib/utils/apply-extends.ts:36
      ? JSON.parse(shim.readFileSync(pathToDefault, 'utf8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d6f7b15a667fdbdb Filesystem access.
repo/lib/yargs-factory.ts:1643
      obj = JSON.parse(this.#shim.readFileSync(pkgJsonPath, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

</> Dependencies

escalade

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #41c8b8d657d8763b Filesystem access.
pkgs/npm/[email protected]/sync/index.js:2
const { readdirSync, statSync } = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c19622b1d1171e2 Filesystem access.
pkgs/npm/[email protected]/sync/index.mjs:2
import { readdirSync, statSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.