Close Open Privacy Scan
App Privacy Score
Low risk · 8 finding(s)
Dependency score: 98 (Low risk)
bar_chart Score Breakdown
list Scan Summary
swap_horiz External domains
bigfile.combyjka.comgithub.comhttpbin.org
</> First-Party Code
first-party (npm)
npm first-partyexpand_more 7 low-confidence finding(s)
const getResponse = await fetch('https://bigfile.com/test.zip');
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
await fetch(new URL('https://bigfile.com/test.zip'));
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
new Request(new URL('http://byjka.com/buka'));
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
const response = await fetch('https://github.com/');
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
const response = await fetch('https://github.com/');
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
const response = await fetch('https://httpbin.org/post', {method: 'POST', body: 'a=1'});
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
const response = await fetch('https://httpbin.org/post', {
method: 'post',
body: JSON.stringify(body),
headers: {'Content-Type': 'application/json'}
});
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
</> Dependencies
fetch-blob
npm dependencyexpand_more 1 low-confidence finding(s)
await fs.writeFile(destination, data, { signal })
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
Skipped dependencies
Production
- data-uri-to-buffer prod — dist-only: no readable source