Close Open Privacy Scan

bolt Snapshot: commit 8b3320d
science engine v3
schedule 2026-07-08T03:05:44.687707+00:00

verified_user No application data leak found

No high-confidence exfiltration was found in application code.

App Privacy Score

85 /100
Low privacy risk

Low risk · 8 finding(s)

Dependency score: 98 (Low risk)

bar_chart Score Breakdown

egress −15

list Scan Summary

0 high 0 medium 8 low
First-party packages: 1
Dependency packages: 1
Ecosystem: npm

swap_horiz External domains

bigfile.combyjka.comgithub.comhttpbin.org

</> First-Party Code

first-party (npm)

npm first-party
expand_more 7 low-confidence finding(s)
low egress production #020cbf478112465a Hardcoded external endpoint. Review what data is sent to this destination.
repo/@types/index.test-d.ts:9
	const getResponse = await fetch('https://bigfile.com/test.zip');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #c31c1744358bb7d3 Hardcoded external endpoint. Review what data is sent to this destination.
repo/@types/index.test-d.ts:10
	await fetch(new URL('https://bigfile.com/test.zip'));

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #bc2486d1793f034f Hardcoded external endpoint. Review what data is sent to this destination.
repo/@types/index.test-d.ts:40
		new Request(new URL('http://byjka.com/buka'));

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #6df1dc3a531bd639 Hardcoded external endpoint. Review what data is sent to this destination.
repo/example.js:10
const response = await fetch('https://github.com/');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #4b81366c5077fec3 Hardcoded external endpoint. Review what data is sent to this destination.
repo/example.js:16
const response = await fetch('https://github.com/');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #a71d6c771d418dc7 Hardcoded external endpoint. Review what data is sent to this destination.
repo/example.js:22
const response = await fetch('https://httpbin.org/post', {method: 'POST', body: 'a=1'});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #90e16aeb88faf93c Hardcoded external endpoint. Review what data is sent to this destination.
repo/example.js:30
const response = await fetch('https://httpbin.org/post', {
	method: 'post',
	body: JSON.stringify(body),
	headers: {'Content-Type': 'application/json'}
});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

</> Dependencies

fetch-blob

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #29d15c86af82f8d4 Filesystem access.
pkgs/npm/[email protected]/from.js:76
  await fs.writeFile(destination, data, { signal })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

Skipped dependencies

Production

  • data-uri-to-buffer prod — dist-only: no readable source