Close Open Privacy Scan

link https://github.com/tj/commander.js

bolt Snapshot: commit ba6d13d

science engine v1

schedule 2026-06-26T03:04:17.590875+00:00

App Privacy Score

97 /100

Low privacy risk

Low risk · 119 finding(s)

Dependency score: 97 (Low risk)

bar_chart Score Breakdown

env_fs −3

list Scan Summary

0 high 0 medium 119 low

First-party packages: 1

Dependency packages: 4

Ecosystem: npm

swap_horiz Application data flows

No high- or medium-confidence application data-flow findings in this scan.

</> First-Party Code

first-party (npm)

npm first-party

expand_more 7 low-confidence finding(s)

low env_fs production #1f8175c942ceafd4 — Environment-variable access.

repo/examples/hook.js:43

      process.env.PORT = 80;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f0fdf4fe86fa85f6 — Environment-variable access.

repo/lib/command.js:1992

            this.emit(`optionEnv:${option.name()}`, process.env[option.envVar]);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9c7ddb67e4a5cdfb — Environment-variable access.

repo/lib/command.js:2782

    process.env.NO_COLOR ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ee1229a9414213e — Environment-variable access.

repo/lib/command.js:2783

    process.env.FORCE_COLOR === '0' ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9d7a0ccf4122f23a — Environment-variable access.

repo/lib/command.js:2784

    process.env.FORCE_COLOR === 'false'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #61658a0286c3029b — Environment-variable access.

repo/lib/command.js:2787

  if (process.env.FORCE_COLOR || process.env.CLICOLOR_FORCE !== undefined)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #61658a0286c3029b — Environment-variable access.

repo/lib/command.js:2787

  if (process.env.FORCE_COLOR || process.env.CLICOLOR_FORCE !== undefined)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

</> Dependencies

eslint

npm dependency

expand_more 13 low-confidence finding(s)

low env_fs dependency Excluded from app score #dada349b5190b3c3 — Filesystem access.

pkgs/npm/[email protected]/lib/cli-engine/lint-result-cache.js:129

			results.source = fs.readFileSync(filePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #131a1a3535123d13 — Filesystem access.

pkgs/npm/[email protected]/lib/cli.js:133

			await writeFile(filePath, output);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2636f7021204930 — Filesystem access.

pkgs/npm/[email protected]/lib/eslint/eslint-helpers.js:1281

		const text = await fsp.readFile(filePath, {
			encoding: "utf8",
			signal: controller?.signal,
		});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8dfff36f6b5a7ad — Environment-variable access.

pkgs/npm/[email protected]/lib/eslint/eslint-helpers.js:1326

	if (!process.env.ESLINT_FLAGS) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c7f4d8340676899 — Environment-variable access.

pkgs/npm/[email protected]/lib/eslint/eslint-helpers.js:1330

	const envFlags = process.env.ESLINT_FLAGS.trim().split(/\s*,\s*/gu);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82b9c9f31afc0bcf — Filesystem access.

pkgs/npm/[email protected]/lib/eslint/eslint.js:825

					retrier.retry(() => fs.writeFile(r.filePath, r.output)),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #88046c98d7c05b3e — Environment-variable access.

pkgs/npm/[email protected]/lib/linter/timing.js:44

const enabled = !!process.env.TIMING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05d87e0625c883ea — Environment-variable access.

pkgs/npm/[email protected]/lib/linter/timing.js:56

	if (typeof process.env.TIMING !== "string") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #986f158cdb84705b — Environment-variable access.

pkgs/npm/[email protected]/lib/linter/timing.js:60

	if (process.env.TIMING.toLowerCase() === "all") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4eea997fecc9b0d6 — Environment-variable access.

pkgs/npm/[email protected]/lib/linter/timing.js:64

	const TIMING_ENV_VAR_AS_INTEGER = Number.parseInt(process.env.TIMING, 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5bda37c2d7dc20b6 — Filesystem access.

pkgs/npm/[email protected]/lib/rule-tester/rule-tester.js:697

				let content = readFileSync(sourceFile, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d658369085917770 — Filesystem access.

pkgs/npm/[email protected]/lib/services/suppressions-service.js:217

			const data = await fs.promises.readFile(this.filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34bd2a133409a0aa — Filesystem access.

pkgs/npm/[email protected]/lib/services/suppressions-service.js:240

		return fs.promises.writeFile(
			this.filePath,
			stringify(suppressions, { space: 2 }),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

eslint-config-prettier

npm dependency

expand_more 2 low-confidence finding(s)

low env_fs dependency Excluded from app score #8225748fd2d65537 — Environment-variable access.

pkgs/npm/[email protected]/bin/cli.js:45

      switch (process.env.ESLINT_USE_FLAT_CONFIG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44d26b7e09f3d6e3 — Environment-variable access.

pkgs/npm/[email protected]/index.js:3

const includeDeprecated = !process.env.ESLINT_CONFIG_PRETTIER_NO_DEPRECATED;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

prettier

npm dependency

expand_more 77 low-confidence finding(s)

low env_fs dependency Excluded from app score #8030480f3082aba3 — Environment-variable access.

pkgs/npm/[email protected]/bin/prettier.cjs:66

if (process.env.PRETTIER_EXPERIMENTAL_CLI || index !== -1) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e2fede41e5adc33 — Environment-variable access.

pkgs/npm/[email protected]/index.mjs:5609

    var debug = typeof process === "object" && process.env && process.env.NODE_DEBUG && /\bsemver\b/i.test(process.env.NODE_DEBUG) ? (...args) => console.error("SEMVER", ...args) : () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e2fede41e5adc33 — Environment-variable access.

pkgs/npm/[email protected]/index.mjs:5609

    var debug = typeof process === "object" && process.env && process.env.NODE_DEBUG && /\bsemver\b/i.test(process.env.NODE_DEBUG) ? (...args) => console.error("SEMVER", ...args) : () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a3f5238b85245cd4 — Environment-variable access.

pkgs/npm/[email protected]/index.mjs:6176

    if (process.env.npm_package_name === "pseudomap" && process.env.npm_lifecycle_script === "test")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a3f5238b85245cd4 — Environment-variable access.

pkgs/npm/[email protected]/index.mjs:6176

    if (process.env.npm_package_name === "pseudomap" && process.env.npm_lifecycle_script === "test")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0809422eedc0bf53 — Environment-variable access.

pkgs/npm/[email protected]/index.mjs:6177

      process.env.TEST_PSEUDOMAP = "true";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9cc891d19561333c — Environment-variable access.

pkgs/npm/[email protected]/index.mjs:6178

    if (typeof Map === "function" && !process.env.TEST_PSEUDOMAP) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db9c1d12e90aab5e — Environment-variable access.

pkgs/npm/[email protected]/index.mjs:6520

    var hasSymbol = typeof Symbol === "function" && process.env._nodeLRUCacheForceNoSymbol !== "1";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6fd067c990820f75 — Filesystem access.

pkgs/npm/[email protected]/index.mjs:7655

            fs4.readFile(file, "utf8", function(err, data) {
              if (err) {
                reject(err);
                return;
              }
              resolve3(parseString2(data));
            });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07d35b8fac3a36a0 — Filesystem access.

pkgs/npm/[email protected]/index.mjs:7668

      return parseString2(fs4.readFileSync(file, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d328401696bc62e0 — Filesystem access.

pkgs/npm/[email protected]/index.mjs:8004

              fs4.readFile(name, "utf8", function(err, data) {
                resolve3({
                  name,
                  contents: err ? "" : data
                });
              });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5859c45c56d8993e — Filesystem access.

pkgs/npm/[email protected]/index.mjs:8020

          file = fs4.readFileSync(filepath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5909f04da029f31 — Filesystem access.

pkgs/npm/[email protected]/index.mjs:10382

import * as fs from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #520da10f4e591c22 — Environment-variable access.

pkgs/npm/[email protected]/index.mjs:11485

  return typeof process === "object" && (process.env.FORCE_COLOR === "0" || process.env.FORCE_COLOR === "false") ? false : import_picocolors4.default.isColorSupported;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #520da10f4e591c22 — Environment-variable access.

pkgs/npm/[email protected]/index.mjs:11485

  return typeof process === "object" && (process.env.FORCE_COLOR === "0" || process.env.FORCE_COLOR === "false") ? false : import_picocolors4.default.isColorSupported;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1118a0320e63ef8a — Filesystem access.

pkgs/npm/[email protected]/index.mjs:12540

import fs2 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5072b9500713ab99 — Filesystem access.

pkgs/npm/[email protected]/index.mjs:12546

    return await fs2.readFile(file, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9f773e5d8346628 — Filesystem access.

pkgs/npm/[email protected]/index.mjs:12697

import { statSync, realpathSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9fcc6dd5e93563a1 — Filesystem access.

pkgs/npm/[email protected]/index.mjs:12707

import fs3 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5ab8278829b0acf — Filesystem access.

pkgs/npm/[email protected]/index.mjs:13059

    string = fs3.readFileSync(path6.toNamespacedPath(jsonPath), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #06faa906c03b1f42 — Environment-variable access.

pkgs/npm/[email protected]/index.mjs:16485

      if (process.env.PRETTIER_DEBUG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #426b0ce9ddce5ef2 — Filesystem access.

pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:10

import { createWriteStream } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38a0aa07ba5ad88a — Filesystem access.

pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:15

import fs from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd8e26da8b7c332f — Filesystem access.

pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:371

  return dist_default.retry.readFile(retryOptions)(filePath, options);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #52cbb6588f681824 — Filesystem access.

pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:516

import { statSync, realpathSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2780d69affc0d92 — Filesystem access.

pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:526

import fs2 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd943f6092ac25b9 — Filesystem access.

pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:878

    string2 = fs2.readFileSync(path3.toNamespacedPath(jsonPath), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f9703a620ae3eee — Filesystem access.

pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:1878

import fs3 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d6594d53364afa1 — Filesystem access.

pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:1955

          const content = fs3.readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #06b79f075ea975e7 — Filesystem access.

pkgs/npm/[email protected]/internal/experimental-cli-worker.mjs:1961

          return fs3.writeFileSync(filePath, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a46235f0981ee172 — Filesystem access.

pkgs/npm/[email protected]/internal/experimental-cli.mjs:54

import fs from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #36b670017a8e8df6 — Filesystem access.

pkgs/npm/[email protected]/internal/experimental-cli.mjs:96

import fs2 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f16a15172dc176c7 — Filesystem access.

pkgs/npm/[email protected]/internal/experimental-cli.mjs:107

      const buffer2 = attempt(() => fs2.readFileSync(path18), Buffer2.alloc(0));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c0059bb4b715019c — Filesystem access.

pkgs/npm/[email protected]/internal/experimental-cli.mjs:116

import fs3 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aaa199a68cdfaf23 — Filesystem access.

pkgs/npm/[email protected]/internal/experimental-cli.mjs:612

import fs4 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d5fa4cdeeff03d68 — Filesystem access.

pkgs/npm/[email protected]/internal/experimental-cli.mjs:627

              const content = fs4.readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d1026ece7b64175 — Filesystem access.

pkgs/npm/[email protected]/internal/experimental-cli.mjs:633

              return fs4.writeFileSync(filePath, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4210c4672b437c71 — Filesystem access.

pkgs/npm/[email protected]/internal/experimental-cli.mjs:2515

import fs5 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60c308e50653f228 — Filesystem access.

pkgs/npm/[email protected]/internal/experimental-cli.mjs:2525

    string2 = fs5.readFileSync(path4.toNamespacedPath(jsonPath), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #beb249a6a1e14db1 — Filesystem access.

pkgs/npm/[email protected]/internal/experimental-cli.mjs:2743

import { statSync, realpathSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e278c9fedac63d94 — Filesystem access.

pkgs/npm/[email protected]/internal/experimental-cli.mjs:3607

import fs6 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0aabf1fdf78bb56 — Filesystem access.

pkgs/npm/[email protected]/internal/experimental-cli.mjs:4855

import fs7 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #acc5308875526329 — Filesystem access.

pkgs/npm/[email protected]/internal/experimental-cli.mjs:5794

import fs8 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d67b1b5e02fb550 — Filesystem access.

pkgs/npm/[email protected]/internal/experimental-cli.mjs:5820

          const store = JSON.parse(fs8.readFileSync(this.storePath, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05b13de7ab5cc13c — Filesystem access.

pkgs/npm/[email protected]/internal/experimental-cli.mjs:5835

          fs8.writeFileSync(this.storePath, store);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #089e69c9d520760e — Filesystem access.

pkgs/npm/[email protected]/internal/experimental-cli.mjs:5850

          const content = fs8.readFileSync(filePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f66e80eabeda1ca — Filesystem access.

pkgs/npm/[email protected]/internal/experimental-cli.mjs:6238

import fs9 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10fea8023b7aa569 — Filesystem access.

pkgs/npm/[email protected]/internal/experimental-cli.mjs:6252

        return fs9.readFile(filePath, "utf8").then(parse_default2).catch(noop2);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a81169adbf768a41 — Filesystem access.

pkgs/npm/[email protected]/internal/experimental-cli.mjs:6582

import fs10 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64ea70e5904f13ad — Filesystem access.

pkgs/npm/[email protected]/internal/experimental-cli.mjs:6594

      return fs10.readFile(filePath, "utf8").catch(noop2);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e8f5872984b8099 — Filesystem access.

pkgs/npm/[email protected]/internal/experimental-cli.mjs:10466

import fs11 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #735efa193e75409c — Filesystem access.

pkgs/npm/[email protected]/internal/experimental-cli.mjs:10488

        const fileContent = fs11.readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec2950b4a38b4779 — Filesystem access.

pkgs/npm/[email protected]/internal/experimental-cli.mjs:10493

        const fileContent = fs11.readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c0b1d3e23a8b846 — Filesystem access.

pkgs/npm/[email protected]/internal/experimental-cli.mjs:10499

        const fileBuffer = fs11.readFileSync(filePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf826ae58a365a9f — Filesystem access.

pkgs/npm/[email protected]/internal/experimental-cli.mjs:10515

        const fileContent = fs11.readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55647855807328fd — Filesystem access.

pkgs/npm/[email protected]/internal/experimental-cli.mjs:10521

        const fileContent = fs11.readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2855b821aac58e51 — Filesystem access.

pkgs/npm/[email protected]/internal/experimental-cli.mjs:11366

import fs12 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a668538fdbf59fa6 — Filesystem access.

pkgs/npm/[email protected]/internal/experimental-cli.mjs:11559

import { createWriteStream } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73eb7c79fab11fed — Filesystem access.

pkgs/npm/[email protected]/internal/experimental-cli.mjs:11567

  return dist_default36.retry.readFile(retryOptions)(filePath, options);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96a2c454c4cd2246 — Filesystem access.

pkgs/npm/[email protected]/internal/experimental-cli.mjs:12330

import fs13 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d2932c97d6894f90 — Filesystem access.

pkgs/npm/[email protected]/internal/experimental-cli.mjs:12395

  const ignoreManualFilesContents = await Promise.all(ignoreManualFilesPaths.map((filePath) => fs13.readFile(filePath, "utf8").catch(() => "")));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e5a9ded67d4a38e — Filesystem access.

pkgs/npm/[email protected]/internal/experimental-cli.mjs:12400

  const prettierManualFilesContents = await Promise.all(prettierManualFilesPaths.map((filePath) => fs13.readFile(filePath, "utf8")));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6caf20df5535e67a — Filesystem access.

pkgs/npm/[email protected]/internal/legacy-cli.mjs:1233

import fs from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68208836f9c8389c — Filesystem access.

pkgs/npm/[email protected]/internal/legacy-cli.mjs:1554

import fs9 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f41a80a7d661a1a — Filesystem access.

pkgs/npm/[email protected]/internal/legacy-cli.mjs:1778

import fs4 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #340ec72ac2bc12c2 — Filesystem access.

pkgs/npm/[email protected]/internal/legacy-cli.mjs:1786

import fs3 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b4f8e12ce9083a04 — Filesystem access.

pkgs/npm/[email protected]/internal/legacy-cli.mjs:1794

import fs2 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9630cac7706a5b63 — Filesystem access.

pkgs/npm/[email protected]/internal/legacy-cli.mjs:1888

    const data = await fs4.readFile(cacheFile, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c7b4576418701ec — Filesystem access.

pkgs/npm/[email protected]/internal/legacy-cli.mjs:1906

import fs7 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bba61506327d5c4e — Filesystem access.

pkgs/npm/[email protected]/internal/legacy-cli.mjs:1910

import fs6 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d28d84a35f40a75 — Filesystem access.

pkgs/npm/[email protected]/internal/legacy-cli.mjs:1914

import fs5 from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #daea01e560de9b08 — Filesystem access.

pkgs/npm/[email protected]/internal/legacy-cli.mjs:4302

      const data = fs5.readFileSync(pathToFile, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7aa8de2aa37b8c7 — Filesystem access.

pkgs/npm/[email protected]/internal/legacy-cli.mjs:4506

        fs5.writeFileSync(filePath, data);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #27d493308a6e15a0 — Filesystem access.

pkgs/npm/[email protected]/internal/legacy-cli.mjs:4894

        const buffer = fs6.readFileSync(absolutePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f69dd94dc2198dfe — Filesystem access.

pkgs/npm/[email protected]/internal/legacy-cli.mjs:5188

import fs8 from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #050ac873edc7e953 — Filesystem access.

pkgs/npm/[email protected]/internal/legacy-cli.mjs:5449

  writeFormattedFile: (file, data) => fs8.writeFile(file, data)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #041cce63f630ac20 — Filesystem access.

pkgs/npm/[email protected]/internal/legacy-cli.mjs:5805

      input = await fs9.readFile(filename, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

typescript

npm dependency

expand_more 20 low-confidence finding(s)

low env_fs dependency Excluded from app score #1d0b07e43d528dd8 — Filesystem access.

pkgs/npm/[email protected]/lib/_tsserver.js:51

var import_fs = __toESM(require("fs"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #658e8a172359d5c7 — Environment-variable access.

pkgs/npm/[email protected]/lib/_tsserver.js:309

    const envLogOptions = parseLoggingEnvironmentString(process.env.TSS_LOG);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd4501f09156bb93 — Environment-variable access.

pkgs/npm/[email protected]/lib/_tsserver.js:535

  const traceDir = commandLineTraceDir ? (0, typescript_exports.stripQuotes)(commandLineTraceDir) : process.env.TSS_TRACE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5735e3e2ea67d362 — Environment-variable access.

pkgs/npm/[email protected]/lib/_tsserver.js:548

        const basePath = process.env.LOCALAPPDATA || process.env.APPDATA || import_os.default.homedir && import_os.default.homedir() || process.env.USERPROFILE || process.env.HOMEDRIVE && process.env.HOMEPATH && (0, typescript_exports.normalizeSlashes)(process.env.HOMEDRIVE + process.env.HOMEPATH) || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5735e3e2ea67d362 — Environment-variable access.

pkgs/npm/[email protected]/lib/_tsserver.js:548

        const basePath = process.env.LOCALAPPDATA || process.env.APPDATA || import_os.default.homedir && import_os.default.homedir() || process.env.USERPROFILE || process.env.HOMEDRIVE && process.env.HOMEPATH && (0, typescript_exports.normalizeSlashes)(process.env.HOMEDRIVE + process.env.HOMEPATH) || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5735e3e2ea67d362 — Environment-variable access.

pkgs/npm/[email protected]/lib/_tsserver.js:548

        const basePath = process.env.LOCALAPPDATA || process.env.APPDATA || import_os.default.homedir && import_os.default.homedir() || process.env.USERPROFILE || process.env.HOMEDRIVE && process.env.HOMEPATH && (0, typescript_exports.normalizeSlashes)(process.env.HOMEDRIVE + process.env.HOMEPATH) || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5735e3e2ea67d362 — Environment-variable access.

pkgs/npm/[email protected]/lib/_tsserver.js:548

        const basePath = process.env.LOCALAPPDATA || process.env.APPDATA || import_os.default.homedir && import_os.default.homedir() || process.env.USERPROFILE || process.env.HOMEDRIVE && process.env.HOMEPATH && (0, typescript_exports.normalizeSlashes)(process.env.HOMEDRIVE + process.env.HOMEPATH) || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5735e3e2ea67d362 — Environment-variable access.

pkgs/npm/[email protected]/lib/_tsserver.js:548

        const basePath = process.env.LOCALAPPDATA || process.env.APPDATA || import_os.default.homedir && import_os.default.homedir() || process.env.USERPROFILE || process.env.HOMEDRIVE && process.env.HOMEPATH && (0, typescript_exports.normalizeSlashes)(process.env.HOMEDRIVE + process.env.HOMEPATH) || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5735e3e2ea67d362 — Environment-variable access.

pkgs/npm/[email protected]/lib/_tsserver.js:548

        const basePath = process.env.LOCALAPPDATA || process.env.APPDATA || import_os.default.homedir && import_os.default.homedir() || process.env.USERPROFILE || process.env.HOMEDRIVE && process.env.HOMEPATH && (0, typescript_exports.normalizeSlashes)(process.env.HOMEDRIVE + process.env.HOMEPATH) || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5735e3e2ea67d362 — Environment-variable access.

pkgs/npm/[email protected]/lib/_tsserver.js:548

        const basePath = process.env.LOCALAPPDATA || process.env.APPDATA || import_os.default.homedir && import_os.default.homedir() || process.env.USERPROFILE || process.env.HOMEDRIVE && process.env.HOMEPATH && (0, typescript_exports.normalizeSlashes)(process.env.HOMEDRIVE + process.env.HOMEPATH) || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9abb23ef58d54af6 — Environment-variable access.

pkgs/npm/[email protected]/lib/_tsserver.js:565

    if (process.env.XDG_CACHE_HOME) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9b19f01b4236ce4 — Environment-variable access.

pkgs/npm/[email protected]/lib/_tsserver.js:566

      return process.env.XDG_CACHE_HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76992665fb471283 — Environment-variable access.

pkgs/npm/[email protected]/lib/_tsserver.js:569

    const homePath = import_os.default.homedir && import_os.default.homedir() || process.env.HOME || (process.env.LOGNAME || process.env.USER) && `/${usersDir}/${process.env.LOGNAME || process.env.USER}` || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76992665fb471283 — Environment-variable access.

pkgs/npm/[email protected]/lib/_tsserver.js:569

    const homePath = import_os.default.homedir && import_os.default.homedir() || process.env.HOME || (process.env.LOGNAME || process.env.USER) && `/${usersDir}/${process.env.LOGNAME || process.env.USER}` || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76992665fb471283 — Environment-variable access.

pkgs/npm/[email protected]/lib/_tsserver.js:569

    const homePath = import_os.default.homedir && import_os.default.homedir() || process.env.HOME || (process.env.LOGNAME || process.env.USER) && `/${usersDir}/${process.env.LOGNAME || process.env.USER}` || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76992665fb471283 — Environment-variable access.

pkgs/npm/[email protected]/lib/_tsserver.js:569

    const homePath = import_os.default.homedir && import_os.default.homedir() || process.env.HOME || (process.env.LOGNAME || process.env.USER) && `/${usersDir}/${process.env.LOGNAME || process.env.USER}` || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76992665fb471283 — Environment-variable access.

pkgs/npm/[email protected]/lib/_tsserver.js:569

    const homePath = import_os.default.homedir && import_os.default.homedir() || process.env.HOME || (process.env.LOGNAME || process.env.USER) && `/${usersDir}/${process.env.LOGNAME || process.env.USER}` || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c876daeada379ad — Filesystem access.

pkgs/npm/[email protected]/lib/_typingsInstaller.js:44

var fs = __toESM(require("fs"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #990fbb13a2d3cfb7 — Filesystem access.

pkgs/npm/[email protected]/lib/_typingsInstaller.js:88

    const content = JSON.parse(host.readFile(typesRegistryFilePath));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dadf4e7eda37c635 — Filesystem access.

pkgs/npm/[email protected]/lib/watchGuard.js:42

var fs = __toESM(require("fs"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

Skipped dependencies

Development

tsd dev — dist-only: no readable source
typescript-eslint dev — dist-only: no readable source

verified_user No application data leak found

App Privacy Score

bar_chart Score Breakdown

list Scan Summary

swap_horiz Application data flows

</> First-Party Code

first-party (npm)

</> Dependencies

eslint

eslint-config-prettier

prettier

typescript

Skipped dependencies