Close Open Privacy Scan

bolt Snapshot: commit ba00676
science engine v3
schedule 2026-07-08T07:06:28.277076+00:00

verified_user No application data leak found

No high-confidence exfiltration was found in application code.

App Privacy Score

97 /100
Low privacy risk

Low risk · 15 finding(s)

Dependency score: 97 (Low risk)

bar_chart Score Breakdown

env_fs −3

list Scan Summary

0 high 0 medium 15 low
First-party packages: 1
Dependency packages: 5
Ecosystem: npm

swap_horiz Application data flows

No high- or medium-confidence application data-flow findings in this scan.

</> First-Party Code

first-party (npm)

npm first-party
expand_more 5 low-confidence finding(s)
low env_fs production #e077bae264f92e1a Environment-variable access.
repo/examples/cookies/index.js:13
if (process.env.NODE_ENV !== 'test') app.use(logger(':method :url'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8d9ee038324b50d2 Environment-variable access.
repo/examples/error-pages/index.js:11
var silent = process.env.NODE_ENV === 'test'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6314024cdcc64536 Filesystem access.
repo/examples/markdown/index.js:18
  fs.readFile(path, 'utf8', function(err, str){
    if (err) return fn(err);
    var html = marked.parse(str).replace(/\{([^}]+)\}/g, function(_, name){
      return escapeHtml(options[name] || '');
    });
    fn(null, html);
  });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #51c25ebd27fb52ec Environment-variable access.
repo/examples/route-map/index.js:10
var verbose = process.env.NODE_ENV !== 'test'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #116a1ee45014f95c Environment-variable access.
repo/lib/application.js:91
  var env = process.env.NODE_ENV || 'development';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

</> Dependencies

debug

npm dependency
expand_more 5 low-confidence finding(s)
low env_fs dependency Excluded from app score #9073f0471f04b44b Environment-variable access.
pkgs/npm/[email protected]/src/browser.js:230
		r = process.env.DEBUG;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc14aef42285f696 Environment-variable access.
pkgs/npm/[email protected]/src/node.js:136
	let val = process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e6a2c6fbd402e4c Environment-variable access.
pkgs/npm/[email protected]/src/node.js:205
		process.env.DEBUG = namespaces;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #396cc8af6eece80a Environment-variable access.
pkgs/npm/[email protected]/src/node.js:209
		delete process.env.DEBUG;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37c7f6ed85d4aa63 Environment-variable access.
pkgs/npm/[email protected]/src/node.js:221
	return process.env.DEBUG;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

depd

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #c11fff29c3d963b2 Environment-variable access.
pkgs/npm/[email protected]/index.js:159
  var str = process.env.NO_DEPRECATION || ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91cb46b965a34bb6 Environment-variable access.
pkgs/npm/[email protected]/index.js:175
  var str = process.env.TRACE_DEPRECATION || ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

etag

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #1f572869b5efb462 Filesystem access.
pkgs/npm/[email protected]/index.js:22
var Stats = require('fs').Stats

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

finalhandler

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #39194a5e2e6b30fc Environment-variable access.
pkgs/npm/[email protected]/index.js:73
  var env = opts.env || process.env.NODE_ENV || 'development'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

send

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #c61870369aa2bdf6 Filesystem access.
pkgs/npm/[email protected]/index.js:21
var fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

Skipped dependencies

Production

  • content-disposition prod — dist-only: no readable source
  • content-type prod — dist-only: no readable source
  • cookie prod — dist-only: no readable source