Close Open Privacy Scan

bolt Snapshot: commit cf75036
science engine v3
schedule 2026-07-13T01:15:49.949833+00:00

verified_user Application data leak confirmed

High-confidence data exfiltration identified in application code.

Incomplete scan — only 118/198 dependencies were analyzed. Treat the score as provisional.

App Privacy Score

0 /100
High privacy risk — application leak confirmed

High risk · 1293 finding(s)

Dependency score: 27 (High risk)

bar_chart Score Breakdown

pii_flow −60
telemetry −25
egress −15
env_fs −3

list Scan Summary

54 high 58 medium 1181 low
First-party packages: 22
Dependency packages: 41
Ecosystem: npm

swap_horiz Confirmed data exfiltration in application code

External domains: ${process.env.PLAYWRIGHT_SERVER_HOSTapi.anthropic.comapi.emailoctopus.comapi.github.comapi.github.com${endpoint}`,api.github.com`;api.honeycomb.ioapi.opencode.aiapi.releases.hashicorp.comapp.opencode.aicommunity.chocolatey.orgformulae.brew.shgithub.comgithub.com`;gitlab.commcp.exa.aimodels.devoauth2.googleapis.comopencode.airaw.githubusercontent.comregistry.npmjs.orgus.i.posthog.comwww.google.com

high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/.opencode/tool/github-pr-search.ts:7 repo/.opencode/tool/github-pr-search.ts:4
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/.opencode/tool/github-triage.ts:26 repo/.opencode/tool/github-triage.ts:23
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/cli/script/generate.ts:1 repo/packages/cli/script/generate.ts:5
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/app/src/component/email-signup.tsx:13 repo/packages/console/app/src/component/email-signup.tsx:10
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/app/src/lib/salesforce.ts:63 repo/packages/console/app/src/lib/salesforce.ts:54
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/app/src/routes/api/enterprise.ts:42 repo/packages/console/app/src/routes/api/enterprise.ts:39
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/function/src/auth.ts:114 repo/packages/console/function/src/auth.ts:112
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/function/src/auth.ts:121 repo/packages/console/function/src/auth.ts:119
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/function/src/log-processor.ts:72 repo/packages/console/function/src/log-processor.ts:68
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/core/src/plugin/provider/openai.ts:125 repo/packages/core/src/plugin/provider/openai.ts:122
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/core/src/session/compaction.ts:176 repo/packages/core/src/session/compaction.ts:197
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/desktop/scripts/finalize-latest-json.ts:16 repo/packages/desktop/scripts/finalize-latest-json.ts:32
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/desktop/scripts/finalize-latest-json.ts:16 repo/packages/desktop/scripts/finalize-latest-json.ts:116
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/script/generate.ts:10 repo/packages/opencode/script/generate.ts:13
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/cli/cmd/github.handler.ts:471 repo/packages/opencode/src/cli/cmd/github.handler.ts:791
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/cli/cmd/github.handler.ts:471 repo/packages/opencode/src/cli/cmd/github.handler.ts:1583
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/openai/codex.ts:493 repo/packages/opencode/src/plugin/openai/codex.ts:485
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/openai/codex.ts:493 repo/packages/opencode/src/plugin/openai/codex.ts:503
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/xai.ts:149 repo/packages/opencode/src/plugin/xai.ts:149
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/xai.ts:168 repo/packages/opencode/src/plugin/xai.ts:168
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/xai.ts:251 repo/packages/opencode/src/plugin/xai.ts:251
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/session/llm/native-runtime.ts:92 repo/packages/opencode/src/session/llm/native-runtime.ts:90
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/stats/app/src/routes/api/newsletter.ts:20 repo/packages/stats/app/src/routes/api/newsletter.ts:17
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/ui/vite.config.ts:48 repo/packages/ui/vite.config.ts:49
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/ui/vite.config.ts:48 repo/packages/ui/vite.config.ts:54
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/script/github/close-issues.ts:7 repo/script/github/close-issues.ts:45
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/script/github/close-issues.ts:7 repo/script/github/close-issues.ts:52
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/script/github/close-issues.ts:7 repo/script/github/close-issues.ts:67
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/script/stats.ts:4 repo/script/stats.ts:11
high first-party (npm): packages/ui User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/ui/vite.config.ts:48 repo/packages/ui/vite.config.ts:49
high first-party (npm): packages/ui User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/ui/vite.config.ts:48 repo/packages/ui/vite.config.ts:54
high first-party (npm): packages/cli User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/cli/script/generate.ts:1 repo/packages/cli/script/generate.ts:5
high first-party (npm): packages/core User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/core/src/plugin/provider/openai.ts:125 repo/packages/core/src/plugin/provider/openai.ts:122
high first-party (npm): packages/core User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/core/src/session/compaction.ts:176 repo/packages/core/src/session/compaction.ts:197
high first-party (npm): packages/desktop User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/desktop/scripts/finalize-latest-json.ts:16 repo/packages/desktop/scripts/finalize-latest-json.ts:32
high first-party (npm): packages/desktop User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/desktop/scripts/finalize-latest-json.ts:16 repo/packages/desktop/scripts/finalize-latest-json.ts:116
high first-party (npm): packages/opencode User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/script/generate.ts:10 repo/packages/opencode/script/generate.ts:13
high first-party (npm): packages/opencode User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/cli/cmd/github.handler.ts:471 repo/packages/opencode/src/cli/cmd/github.handler.ts:791
high first-party (npm): packages/opencode User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/cli/cmd/github.handler.ts:471 repo/packages/opencode/src/cli/cmd/github.handler.ts:1583
high first-party (npm): packages/opencode User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/openai/codex.ts:493 repo/packages/opencode/src/plugin/openai/codex.ts:485
high first-party (npm): packages/opencode User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/openai/codex.ts:493 repo/packages/opencode/src/plugin/openai/codex.ts:503
high first-party (npm): packages/opencode User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/xai.ts:149 repo/packages/opencode/src/plugin/xai.ts:149
high first-party (npm): packages/opencode User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/xai.ts:168 repo/packages/opencode/src/plugin/xai.ts:168
high first-party (npm): packages/opencode User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/xai.ts:251 repo/packages/opencode/src/plugin/xai.ts:251
high first-party (npm): packages/opencode User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/session/llm/native-runtime.ts:92 repo/packages/opencode/src/session/llm/native-runtime.ts:90
high first-party (npm): packages/stats/app User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/stats/app/src/routes/api/newsletter.ts:20 repo/packages/stats/app/src/routes/api/newsletter.ts:17
high first-party (npm): packages/console/app User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/app/src/component/email-signup.tsx:13 repo/packages/console/app/src/component/email-signup.tsx:10
high first-party (npm): packages/console/app User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/app/src/lib/salesforce.ts:63 repo/packages/console/app/src/lib/salesforce.ts:54
high first-party (npm): packages/console/app User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/app/src/routes/api/enterprise.ts:42 repo/packages/console/app/src/routes/api/enterprise.ts:39
high first-party (npm): packages/console/function User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/function/src/auth.ts:114 repo/packages/console/function/src/auth.ts:112
high first-party (npm): packages/console/function User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/function/src/auth.ts:121 repo/packages/console/function/src/auth.ts:119
high first-party (npm): packages/console/function User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/function/src/log-processor.ts:72 repo/packages/console/function/src/log-processor.ts:68
medium first-party (npm) Credentials parsed from the request URL are applied as authorization on the same outbound HTTP request. This is intentional URL authentication, not unexpected data exfiltration.
repo/packages/console/app/src/lib/salesforce.ts:57 repo/packages/console/app/src/lib/salesforce.ts:54
medium first-party (npm): packages/console/app Credentials parsed from the request URL are applied as authorization on the same outbound HTTP request. This is intentional URL authentication, not unexpected data exfiltration.
repo/packages/console/app/src/lib/salesforce.ts:57 repo/packages/console/app/src/lib/salesforce.ts:54
hub Dependency data flows (2)
high ai dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]/src/realtime/realtime-session.ts:110 pkgs/npm/[email protected]/src/realtime/realtime-session.ts:110
high @openauthjs/openauth dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/@[email protected]/src/provider/oauth2.ts:193 pkgs/npm/@[email protected]/src/provider/oauth2.ts:193

</> First-Party Code

first-party (npm)

npm first-party
high pii_flow production #cdf1cda2720fd47b User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/.opencode/tool/github-pr-search.ts:4 · flow /tmp/closeopen-qjyvbc5c/repo/.opencode/tool/github-pr-search.ts:7 → /tmp/closeopen-qjyvbc5c/repo/.opencode/tool/github-pr-search.ts:4
  const response = await fetch(`https://api.github.com${endpoint}`, {
    ...options,
    headers: {
      Authorization: `Bearer ${process.env.GITHUB_TOKEN}`,
      Accept: "application/vnd.github+json",
      "Content-Type": "application/json",
      ...(options.headers instanceof Headers ? Object.fromEntries(options.headers.entries()) : options.headers),
    },
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #a910a3160cdb73df User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/.opencode/tool/github-triage.ts:23 · flow /tmp/closeopen-qjyvbc5c/repo/.opencode/tool/github-triage.ts:26 → /tmp/closeopen-qjyvbc5c/repo/.opencode/tool/github-triage.ts:23
  const response = await fetch(`https://api.github.com${endpoint}`, {
    ...options,
    headers: {
      Authorization: `Bearer ${process.env.GITHUB_TOKEN}`,
      Accept: "application/vnd.github+json",
      "Content-Type": "application/json",
      ...(options.headers instanceof Headers ? Object.fromEntries(options.headers.entries()) : options.headers),
    },
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #903da80f40fc096a User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/cli/script/generate.ts:5 · flow /tmp/closeopen-qjyvbc5c/repo/packages/cli/script/generate.ts:1 → /tmp/closeopen-qjyvbc5c/repo/packages/cli/script/generate.ts:5
  : await fetch(`${modelsUrl}/api.json`).then((response) => response.text())

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #03d81fb49b90d71d User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/app/src/component/email-signup.tsx:10 · flow /tmp/closeopen-qjyvbc5c/repo/packages/console/app/src/component/email-signup.tsx:13 → /tmp/closeopen-qjyvbc5c/repo/packages/console/app/src/component/email-signup.tsx:10
  const response = await fetch(`https://api.emailoctopus.com/lists/${listId}/contacts`, {
    method: "PUT",
    headers: {
      Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      email_address: emailAddress,
    }),
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #8da76f4a271cddaf User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/app/src/lib/salesforce.ts:54 · flow /tmp/closeopen-qjyvbc5c/repo/packages/console/app/src/lib/salesforce.ts:63 → /tmp/closeopen-qjyvbc5c/repo/packages/console/app/src/lib/salesforce.ts:54
  const res = await fetch(`${auth.url}/services/data/v59.0/sobjects/Lead`, {
    method: "POST",
    headers: {
      Authorization: `Bearer ${auth.token}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      LastName: input.name,
      Company: input.company?.trim() || "Website",
      Email: input.email,
      Phone: input.phone ?? null,
      Title: input.role,
      Description: input.message,
      LeadSource: "Website",
    }),
  }).catch((err) => {

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #72422f87ce0f9930 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/app/src/routes/api/enterprise.ts:39 · flow /tmp/closeopen-qjyvbc5c/repo/packages/console/app/src/routes/api/enterprise.ts:42 → /tmp/closeopen-qjyvbc5c/repo/packages/console/app/src/routes/api/enterprise.ts:39
  return fetch(`https://api.emailoctopus.com/lists/${EMAIL_OCTOPUS_LIST_ID}/contacts`, {
    method: "PUT",
    headers: {
      Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify(payload),
  }).then(

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #2e72c32b5c59757a User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/function/src/auth.ts:112 · flow /tmp/closeopen-qjyvbc5c/repo/packages/console/function/src/auth.ts:114 → /tmp/closeopen-qjyvbc5c/repo/packages/console/function/src/auth.ts:112
          const emails = (await fetch("https://api.github.com/user/emails", {
            headers: {
              Authorization: `Bearer ${response.tokenset.access}`,
              "User-Agent": "opencode",
              Accept: "application/vnd.github+json",
            },
          }).then((x) => x.json())) as any

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #992ba1e1caaebfb3 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/function/src/auth.ts:119 · flow /tmp/closeopen-qjyvbc5c/repo/packages/console/function/src/auth.ts:121 → /tmp/closeopen-qjyvbc5c/repo/packages/console/function/src/auth.ts:119
          const user = (await fetch("https://api.github.com/user", {
            headers: {
              Authorization: `Bearer ${response.tokenset.access}`,
              "User-Agent": "opencode",
              Accept: "application/vnd.github+json",
            },
          }).then((x) => x.json())) as any

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #43f3571c2a08aba2 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/function/src/log-processor.ts:68 · flow /tmp/closeopen-qjyvbc5c/repo/packages/console/function/src/log-processor.ts:72 → /tmp/closeopen-qjyvbc5c/repo/packages/console/function/src/log-processor.ts:68
              fetch(lakeIngest.url, {
                method: "POST",
                headers: {
                  "Content-Type": "application/json",
                  Authorization: `Bearer ${lakeIngest.secret}`,
                },
                body: JSON.stringify({ events: events.map((event) => toLakeEvent(event.time, event.data)) }),
              }),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #8ceaa4df0746e908 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/core/src/plugin/provider/openai.ts:122 · flow /tmp/closeopen-qjyvbc5c/repo/packages/core/src/plugin/provider/openai.ts:125 → /tmp/closeopen-qjyvbc5c/repo/packages/core/src/plugin/provider/openai.ts:122
                fetch(`${issuer}/api/accounts/deviceauth/token`, {
                  method: "POST",
                  headers: headers("application/json"),
                  body: JSON.stringify({ device_auth_id: device.device_auth_id, user_code: device.user_code }),
                  signal,
                }),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #48df41ccb260aa6f User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/core/src/session/compaction.ts:197 · flow /tmp/closeopen-qjyvbc5c/repo/packages/core/src/session/compaction.ts:176 → /tmp/closeopen-qjyvbc5c/repo/packages/core/src/session/compaction.ts:197
        LLM.request({
          model: input.model,
          messages: [Message.user(summaryPrompt)],
          tools: [],
          generation: { maxTokens: summaryOutput },
        }),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #11d429c27485ecc2 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/desktop/scripts/finalize-latest-json.ts:32 · flow /tmp/closeopen-qjyvbc5c/repo/packages/desktop/scripts/finalize-latest-json.ts:16 → /tmp/closeopen-qjyvbc5c/repo/packages/desktop/scripts/finalize-latest-json.ts:32
const rel = await fetch(`https://api.github.com/repos/${repo}/releases/${releaseId}`, {
  headers: {
    Authorization: `token ${token}`,
    Accept: "application/vnd.github+json",
  },
})

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #71af60cb1d7f1573 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/desktop/scripts/finalize-latest-json.ts:116 · flow /tmp/closeopen-qjyvbc5c/repo/packages/desktop/scripts/finalize-latest-json.ts:16 → /tmp/closeopen-qjyvbc5c/repo/packages/desktop/scripts/finalize-latest-json.ts:116
  const res = await fetch(asset?.url ?? url, {
    headers: {
      Authorization: `token ${token}`,
      ...(asset ? { Accept: "application/octet-stream" } : {}),
    },
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #6fc56dda8cccdd8a User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/script/generate.ts:13 · flow /tmp/closeopen-qjyvbc5c/repo/packages/opencode/script/generate.ts:10 → /tmp/closeopen-qjyvbc5c/repo/packages/opencode/script/generate.ts:13
  : await fetch(`${modelsUrl}/api.json`).then((x) => x.text())

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #826192abe1ddf83a User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/cli/cmd/github.handler.ts:791 · flow /tmp/closeopen-qjyvbc5c/repo/packages/opencode/src/cli/cmd/github.handler.ts:471 → /tmp/closeopen-qjyvbc5c/repo/packages/opencode/src/cli/cmd/github.handler.ts:791
        const res = await fetch(url, {
          headers: {
            Authorization: `Bearer ${appToken}`,
            Accept: "application/vnd.github.v3+json",
          },
        })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #0f2b5e11af29e807 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/cli/cmd/github.handler.ts:1583 · flow /tmp/closeopen-qjyvbc5c/repo/packages/opencode/src/cli/cmd/github.handler.ts:471 → /tmp/closeopen-qjyvbc5c/repo/packages/opencode/src/cli/cmd/github.handler.ts:1583
      await fetch("https://api.github.com/installation/token", {
        method: "DELETE",
        headers: {
          Authorization: `Bearer ${appToken}`,
          Accept: "application/vnd.github+json",
          "X-GitHub-Api-Version": "2022-11-28",
        },
      })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #f44b67893e8ac991 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/openai/codex.ts:485 · flow /tmp/closeopen-qjyvbc5c/repo/packages/opencode/src/plugin/openai/codex.ts:493 → /tmp/closeopen-qjyvbc5c/repo/packages/opencode/src/plugin/openai/codex.ts:485
                  const response = await fetch(`${ISSUER}/api/accounts/deviceauth/token`, {
                    method: "POST",
                    headers: {
                      "Content-Type": "application/json",
                      "User-Agent": `opencode/${InstallationVersion}`,
                    },
                    body: JSON.stringify({
                      device_auth_id: deviceData.device_auth_id,
                      user_code: deviceData.user_code,
                    }),
                  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #ebde98d8e3df1ef5 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/openai/codex.ts:503 · flow /tmp/closeopen-qjyvbc5c/repo/packages/opencode/src/plugin/openai/codex.ts:493 → /tmp/closeopen-qjyvbc5c/repo/packages/opencode/src/plugin/openai/codex.ts:503
                    const tokenResponse = await fetch(`${ISSUER}/oauth/token`, {
                      method: "POST",
                      headers: { "Content-Type": "application/x-www-form-urlencoded" },
                      body: new URLSearchParams({
                        grant_type: "authorization_code",
                        code: data.authorization_code,
                        redirect_uri: `${ISSUER}/deviceauth/callback`,
                        client_id: CLIENT_ID,
                        code_verifier: data.code_verifier,
                      }).toString(),
                    })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #b4d52ff92cd2dccc User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/xai.ts:149 · flow /tmp/closeopen-qjyvbc5c/repo/packages/opencode/src/plugin/xai.ts:149 → /tmp/closeopen-qjyvbc5c/repo/packages/opencode/src/plugin/xai.ts:149
  const response = await fetch(options.tokenUrl ?? TOKEN_URL, {
    method: "POST",
    headers: authHeaders(),
    body: new URLSearchParams({
      grant_type: "authorization_code",
      code,
      redirect_uri: REDIRECT_URI,
      client_id: CLIENT_ID,
      code_verifier: pkce.verifier,
    }).toString(),
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #7fb1a30bb0f09e5a User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/xai.ts:168 · flow /tmp/closeopen-qjyvbc5c/repo/packages/opencode/src/plugin/xai.ts:168 → /tmp/closeopen-qjyvbc5c/repo/packages/opencode/src/plugin/xai.ts:168
  const response = await fetch(options.tokenUrl ?? TOKEN_URL, {
    method: "POST",
    headers: authHeaders(),
    body: new URLSearchParams({
      grant_type: "refresh_token",
      refresh_token: refreshToken,
      client_id: CLIENT_ID,
    }).toString(),
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #937c18fa83f25f10 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/xai.ts:251 · flow /tmp/closeopen-qjyvbc5c/repo/packages/opencode/src/plugin/xai.ts:251 → /tmp/closeopen-qjyvbc5c/repo/packages/opencode/src/plugin/xai.ts:251
    const response = await fetch(options.tokenUrl ?? TOKEN_URL, {
      method: "POST",
      headers: authHeaders(),
      body: new URLSearchParams({
        grant_type: DEVICE_CODE_GRANT_TYPE,
        client_id: CLIENT_ID,
        device_code: device.device_code,
      }).toString(),
    })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #7fbf9fc76a6bebec User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/session/llm/native-runtime.ts:90 · flow /tmp/closeopen-qjyvbc5c/repo/packages/opencode/src/session/llm/native-runtime.ts:92 → /tmp/closeopen-qjyvbc5c/repo/packages/opencode/src/session/llm/native-runtime.ts:90
  const request = LLMNative.request({
    model: input.model,
    apiKey: current.apiKey,
    baseURL: current.baseURL,
    messages: ProviderTransform.message(input.messages, input.model, input.providerOptions ?? {}),
    toolChoice: input.toolChoice,
    temperature: input.temperature,
    topP: input.topP,
    topK: input.topK,
    maxOutputTokens: input.maxOutputTokens,
    providerOptions: ProviderTransform.providerOptions(input.model, input.providerOptions ?? {}),
    headers: { ...providerHeaders(input.provider.options.headers), ...input.headers },
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #a338be4c7b7b8852 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/stats/app/src/routes/api/newsletter.ts:17 · flow /tmp/closeopen-qjyvbc5c/repo/packages/stats/app/src/routes/api/newsletter.ts:20 → /tmp/closeopen-qjyvbc5c/repo/packages/stats/app/src/routes/api/newsletter.ts:17
  const response = await fetch(`https://api.emailoctopus.com/lists/${listId}/contacts`, {
    method: "PUT",
    headers: {
      Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      email_address: emailAddress.trim(),
    }),
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #e10f4ef12dce0111 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/ui/vite.config.ts:49 · flow /tmp/closeopen-qjyvbc5c/repo/packages/ui/vite.config.ts:48 → /tmp/closeopen-qjyvbc5c/repo/packages/ui/vite.config.ts:49
  const providers = await fetch(`${url}/api.json`)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #486f95807f9e1ac5 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/ui/vite.config.ts:54 · flow /tmp/closeopen-qjyvbc5c/repo/packages/ui/vite.config.ts:48 → /tmp/closeopen-qjyvbc5c/repo/packages/ui/vite.config.ts:54
      fetch(`${url}/logos/${provider}.svg`)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #ebbb7370e63005e4 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/script/github/close-issues.ts:45 · flow /tmp/closeopen-qjyvbc5c/repo/script/github/close-issues.ts:7 → /tmp/closeopen-qjyvbc5c/repo/script/github/close-issues.ts:45
  const comment = await fetch(`${base}/comments`, {
    method: "POST",
    headers,
    body: JSON.stringify({ body: msg }),
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #53819c8060dd0b0c User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/script/github/close-issues.ts:52 · flow /tmp/closeopen-qjyvbc5c/repo/script/github/close-issues.ts:7 → /tmp/closeopen-qjyvbc5c/repo/script/github/close-issues.ts:52
  const patch = await fetch(base, {
    method: "PATCH",
    headers,
    body: JSON.stringify({ state: "closed", state_reason: "not_planned" }),
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #0a26ba97b9e62579 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/script/github/close-issues.ts:67 · flow /tmp/closeopen-qjyvbc5c/repo/script/github/close-issues.ts:7 → /tmp/closeopen-qjyvbc5c/repo/script/github/close-issues.ts:67
    const res = await fetch(
      `https://api.github.com/repos/${repo}/issues?state=open&sort=updated&direction=asc&per_page=100&page=${page}`,
      { headers },
    )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #8a0f392764162c70 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/script/stats.ts:11 · flow /tmp/closeopen-qjyvbc5c/repo/script/stats.ts:4 → /tmp/closeopen-qjyvbc5c/repo/script/stats.ts:11
  const response = await fetch("https://us.i.posthog.com/i/v0/e/", {
    method: "POST",
    headers: {
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      distinct_id: "download",
      api_key: key,
      event,
      properties: {
        ...properties,
      },
    }),
  }).catch(() => null)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium telemetry production #347b3d90cb969334 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/app/src/app.tsx:2
import * as Sentry from "@sentry/solid"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a50e14c8b5826789 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/app/src/entry.tsx:3
import * as Sentry from "@sentry/solid"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #66bae91c64170acd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/app/src/pages/error.tsx:2
import * as Sentry from "@sentry/solid"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #af45d7f671dd4740 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/app/vite.config.ts:1
import { sentryVitePlugin } from "@sentry/vite-plugin"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium pii_flow production #6df14ac484763811 Credentials parsed from the request URL are applied as authorization on the same outbound HTTP request. This is intentional URL authentication, not unexpected data exfiltration.
repo/packages/console/app/src/lib/salesforce.ts:54 · flow /tmp/closeopen-qjyvbc5c/repo/packages/console/app/src/lib/salesforce.ts:57 → /tmp/closeopen-qjyvbc5c/repo/packages/console/app/src/lib/salesforce.ts:54
  const res = await fetch(`${auth.url}/services/data/v59.0/sobjects/Lead`, {
    method: "POST",
    headers: {
      Authorization: `Bearer ${auth.token}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      LastName: input.name,
      Company: input.company?.trim() || "Website",
      Email: input.email,
      Phone: input.phone ?? null,
      Title: input.role,
      Description: input.message,
      LeadSource: "Website",
    }),
  }).catch((err) => {

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium telemetry production #28ded867bf3f317b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:312
      await rateLimiter?.track()

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #cc85834c6f6660ab Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:317
        await trialLimiter?.track(usageInfo)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #33f2290460e2e389 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:318
        await modelTpmLimiter?.track(providerInfo.id, providerInfo.model, usageInfo)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #57da8024f6c3c56d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:319
        await providerBudgetTracker?.track(providerInfo.id, providerInfo.budgetPriority, costInfo.totalCostInCent)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #593c16fc17ac03f1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:366
                await rateLimiter?.track()

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e37b13ef32422b45 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:371
                  await trialLimiter?.track(usageInfo)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #0c99b74a79c3a915 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:372
                  await modelTpmLimiter?.track(providerInfo.id, providerInfo.model, usageInfo)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #41c41b9194e609a0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:373
                  await modelTpsLimiter?.track(
                    providerInfo.id,
                    providerInfo.model,
                    providerInfo.tpsGoal,
                    timestampFirstByte,
                    timestampLastByte,
                    usageInfo,
                  )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #2dc434119230520a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:381
                  await providerBudgetTracker?.track(
                    providerInfo.id,
                    providerInfo.budgetPriority,
                    costInfo.totalCostInCent,
                  )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #68421558c57565be Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/desktop/electron.vite.config.ts:1
import { sentryVitePlugin } from "@sentry/vite-plugin"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #67eacceeee3470bd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/desktop/src/renderer/index.tsx:18
import * as Sentry from "@sentry/solid"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #1be26a0decada1f9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/cli/cmd/debug/snapshot.ts:17
    const out = yield* Snapshot.Service.use((svc) => svc.track())

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b23b8f1604617ed5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/plugin/tui/runtime.ts:153
            return scope.track(typeof dispose === "function" ? (dispose as () => void) : undefined)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #8fbbc613a8bcf06c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/plugin/tui/runtime.ts:173
        return scope.track(
          attention.soundboard.registerPack({
            ...pack,
            sounds: resolveHostAttentionSoundPaths(root, pack.sounds, { trim: true }),
          }),
        )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #647c50104a123ba2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/plugin/tui/runtime.ts:199
      return scope.track(mode.push(value))

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #cbbbc7ab93377178 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/plugin/tui/runtime.ts:579
      return scope.track(api.route.register(list))

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #4ac6db5b56074587 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/plugin/tui/runtime.ts:595
      return scope.track(api.event.on(type, handler))

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #2281b0a982afab7b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/plugin/tui/runtime.ts:607
      scope.track(host.register({ ...plugin, id }))

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a350196404576bed Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/session/processor.ts:102
      const initialSnapshot = yield* snapshot.track()

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d4cc255411fba064 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/session/processor.ts:425
            if (!ctx.snapshot) ctx.snapshot = yield* snapshot.track()

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #48d6739686c5ff36 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/session/processor.ts:436
            const completedSnapshot = yield* snapshot.track()

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #feaa2c055c7ba9f1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/session/revert.ts:70
      rev.snapshot = session.revert?.snapshot ?? (yield* snap.track())

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #59beb3b3d33d5f69 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/snapshot/index.ts:780
        return yield* InstanceState.useEffect(state, (s) => s.track())

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #cd44ec0c0c2e7047 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/session-ui/src/components/file.tsx:231
    if (bridge.track(event.buttons, hit.line)) return

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 480 low-confidence finding(s)
low env_fs production #8af359d23a36cb31 Environment-variable access.
repo/.opencode/tool/github-pr-search.ts:7
      Authorization: `Bearer ${process.env.GITHUB_TOKEN}`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e8157cb78311091d Environment-variable access.
repo/.opencode/tool/github-triage.ts:17
  const issue = parseInt(process.env.ISSUE_NUMBER ?? "", 10)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #340b4db28670fd4f Environment-variable access.
repo/.opencode/tool/github-triage.ts:26
      Authorization: `Bearer ${process.env.GITHUB_TOKEN}`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #807e983b2117f1b5 Environment-variable access.
repo/github/index.ts:302
  const value = process.env["MODEL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5e9a375ebb7ffc65 Environment-variable access.
repo/github/index.ts:316
  const runId = process.env["GITHUB_RUN_ID"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fc261cac35b5d78f Environment-variable access.
repo/github/index.ts:323
  return process.env["AGENT"] || undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c7103bfc00dd149b Environment-variable access.
repo/github/index.ts:327
  const value = process.env["SHARE"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f543d1ad2dee6b5f Environment-variable access.
repo/github/index.ts:336
    mockEvent: process.env["MOCK_EVENT"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #49f0f6f4315e4ac1 Environment-variable access.
repo/github/index.ts:337
    mockToken: process.env["MOCK_TOKEN"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #631ed5bb8cd5b69a Environment-variable access.
repo/github/index.ts:342
  return process.env["TOKEN"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #4e1c7e2c4ece67ce Hardcoded external endpoint. Review what data is sent to this destination.
repo/github/index.ts:377
    response = await fetch("https://api.opencode.ai/exchange_github_app_token_with_pat", {
      method: "POST",
      headers: {
        Authorization: `Bearer ${useEnvMock().mockToken}`,
      },
      body: JSON.stringify({ owner: repo.owner, repo: repo.repo }),
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #58ceacb64bc97633 Hardcoded external endpoint. Review what data is sent to this destination.
repo/github/index.ts:386
    response = await fetch("https://api.opencode.ai/exchange_github_app_token", {
      method: "POST",
      headers: {
        Authorization: `Bearer ${oidcToken}`,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #8fa57e9437619a8b Hardcoded external endpoint. Review what data is sent to this destination.
repo/github/index.ts:1064
  await fetch("https://api.github.com/installation/token", {
    method: "DELETE",
    headers: {
      Authorization: `Bearer ${accessToken}`,
      Accept: "application/vnd.github+json",
      "X-GitHub-Api-Version": "2022-11-28",
    },
  })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #dfbfd62d2427608a Environment-variable access.
repo/infra/console.ts:276
          new sst.Secret("CLOUDFLARE_DEFAULT_ACCOUNT_ID", process.env.CLOUDFLARE_DEFAULT_ACCOUNT_ID!),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8078249f2a5cb618 Environment-variable access.
repo/infra/console.ts:277
          new sst.Secret("CLOUDFLARE_API_TOKEN", process.env.CLOUDFLARE_API_TOKEN!),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #20b5b156195f231f Filesystem access.
repo/nix/scripts/canonicalize-node-modules.ts:1
import { lstat, mkdir, readdir, rm, symlink } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2d4ae72e122d9c9f Filesystem access.
repo/nix/scripts/normalize-bun-binaries.ts:1
import { lstat, mkdir, readdir, rm, symlink } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #80582e7019819320 Environment-variable access.
repo/packages/app/e2e/performance/benchmark.ts:32
          runID: process.env.OPENCODE_PERFORMANCE_RUN_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #de1b52c79219b51e Environment-variable access.
repo/packages/app/e2e/performance/benchmark.ts:125
      runID: process.env.OPENCODE_PERFORMANCE_RUN_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1b42ea2d1a3a951b Environment-variable access.
repo/packages/app/e2e/performance/benchmark.ts:133
        selectorTrace: process.env.OPENCODE_PERFORMANCE_SELECTOR_TRACE === "1",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2e262291f863406a Environment-variable access.
repo/packages/app/e2e/performance/chrome-trace.ts:22
  const directory = process.env.OPENCODE_PERFORMANCE_TRACE_DIR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a9508a58d271746b Environment-variable access.
repo/packages/app/e2e/performance/chrome-trace.ts:25
  const selectors = process.env.OPENCODE_PERFORMANCE_SELECTOR_TRACE === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #565c3f7cbc97c72a Environment-variable access.
repo/packages/app/e2e/performance/chrome-trace.ts:76
  const run = process.env.OPENCODE_PERFORMANCE_RUN_ID ?? "manual"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e615d934053eb1e9 Environment-variable access.
repo/packages/app/e2e/performance/playwright.config.ts:3
const port = Number(process.env.PLAYWRIGHT_PORT ?? 3000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5d22251665a3b0c6 Environment-variable access.
repo/packages/app/e2e/performance/playwright.config.ts:4
process.env.PLAYWRIGHT_SERVER_PORT = String(port)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #907e5c9152c23d99 Environment-variable access.
repo/packages/app/e2e/performance/playwright.config.ts:5
process.env.OPENCODE_PERFORMANCE_RUN_ID ??= `${new Date().toISOString().replace(/[:.]/g, "-")}-${process.pid}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d0ddb972860ce023 Environment-variable access.
repo/packages/app/e2e/performance/timeline-stability/fixture.ts:113
    server: `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #688b050b535cabdd Environment-variable access.
repo/packages/app/e2e/performance/timeline/review-pane-scaling-benchmark.spec.ts:10
const completionTimeoutMs = Number(process.env.REVIEW_PANE_COMPLETION_TIMEOUT_MS ?? 900_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #903aa8a19f5d46dd Environment-variable access.
repo/packages/app/e2e/performance/timeline/review-pane-scaling-benchmark.spec.ts:44
        const patchByteLimit = Number(process.env.REVIEW_PANE_PATCH_BYTE_LIMIT ?? Number.POSITIVE_INFINITY)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #51fef64110b72242 Environment-variable access.
repo/packages/app/e2e/performance/timeline/review-pane-scaling-benchmark.spec.ts:46
          throw new Error(`Invalid REVIEW_PANE_PATCH_BYTE_LIMIT: ${process.env.REVIEW_PANE_PATCH_BYTE_LIMIT}`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7f8816758325f7fb Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-parent-hydration-benchmark.spec.ts:11
const mode = process.env.SESSION_PARENT_HYDRATION_BENCHMARK_MODE ?? "natural"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a410600651eee24b Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-tab-switch-benchmark.spec.ts:33
    const runs = Number(process.env.SESSION_TAB_SWITCH_RUNS ?? 5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #244915e9311c43a2 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:43
    benchmark.setTimeout(Number(process.env.TIMELINE_COMPLETION_TIMEOUT_MS ?? 420_000) + 60_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b1ebd3dc3b359302 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:49
    benchmark.setTimeout(Number(process.env.TIMELINE_COMPLETION_TIMEOUT_MS ?? 420_000) + 60_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e764d920a6bad871 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:55
    benchmark.setTimeout(Number(process.env.TIMELINE_COMPLETION_TIMEOUT_MS ?? 420_000) + 60_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #78785107037697c2 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:61
    benchmark.setTimeout(Number(process.env.TIMELINE_COMPLETION_TIMEOUT_MS ?? 420_000) + 60_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e3a41890b12caab4 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:70
    const historyTurns = Number(process.env.REVIEW_PANE_HISTORY_TURNS ?? 72)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #840817f3c7239f2e Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:103
  const completionTimeoutMs = Number(process.env.TIMELINE_COMPLETION_TIMEOUT_MS ?? 420_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #44d6d37a681588ff Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:104
  const cpuThrottle = Number(process.env.TIMELINE_CPU_THROTTLE ?? 30)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d86a58e1c5c63313 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:105
  const deltaCount = Number(process.env.TIMELINE_DELTA_COUNT ?? 160)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ed3ff97049c2c763 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:106
  const historyTurns = Number(process.env.TIMELINE_HISTORY_TURNS ?? 320)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #75a2b46fb9db985e Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:107
  const eventBatch = Number(process.env.TIMELINE_EVENT_BATCH ?? 1)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5640b59926f67ec8 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:108
  const minimal = process.env.TIMELINE_MINIMAL === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #69803bc63235b134 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:109
  const profileCPU = process.env.TIMELINE_CPU_PROFILE === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #620e057df53c6c35 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:110
  const profileVisual = !minimal && profileCPU && process.env.TIMELINE_VISUAL_PROFILE !== "0"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9b806fca74b5e7d9 Environment-variable access.
repo/packages/app/e2e/performance/timeline/timeline-test-helpers.ts:83
  return `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #15c8fe7b7ef10fad Environment-variable access.
repo/packages/app/e2e/performance/timeline/timeline-test-helpers.ts:87
  return Array.from({ length: Number(process.env.REVIEW_PANE_DIFF_COUNT ?? 72) }, (_, index) => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7b6976ef15706bc4 Environment-variable access.
repo/packages/app/e2e/regression/legacy-new-session.spec.ts:7
const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6cca2aa043d07d69 Environment-variable access.
repo/packages/app/e2e/regression/new-session-panel-corner.spec.ts:7
const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a5a73e116ec0d6f3 Environment-variable access.
repo/packages/app/e2e/regression/review-open-file.spec.ts:10
const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cc7fabf6bc2d5afe Environment-variable access.
repo/packages/app/e2e/regression/review-state-persistence.spec.ts:12
const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ea16cd83a323896 Environment-variable access.
repo/packages/app/e2e/regression/review-tab-switch.spec.ts:12
const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0cf72b649f7f2b23 Environment-variable access.
repo/packages/app/e2e/regression/session-timeline-history-root.spec.ts:56
      server: `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #658e32952f3b99f1 Environment-variable access.
repo/packages/app/e2e/regression/session-todo-dock-navigation.spec.ts:136
  const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f7ea01e6aa346946 Environment-variable access.
repo/packages/app/e2e/regression/session-todo-dock-navigation.spec.ts:157
  const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2235b8433bc8b6c6 Environment-variable access.
repo/packages/app/e2e/regression/subagent-child-navigation.spec.ts:78
    (url) => url.pathname === "/session" && url.port === (process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #031a5fbce7b2bbc2 Environment-variable access.
repo/packages/app/e2e/regression/subagent-child-navigation.spec.ts:180
  const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ce96236159111bba Environment-variable access.
repo/packages/app/e2e/regression/subagent-child-navigation.spec.ts:198
  const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fe9a45d19b7f7932 Environment-variable access.
repo/packages/app/e2e/regression/terminal-tab-switch.spec.ts:13
const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd6957f7b583682d Environment-variable access.
repo/packages/app/e2e/utils/mock-server.ts:50
    const targetPort = process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4df76032b3289c67 Environment-variable access.
repo/packages/app/e2e/utils/mock-server.ts:52
      process.env.PLAYWRIGHT_BASE_URL ?? `http://127.0.0.1:${process.env.PLAYWRIGHT_PORT ?? "3000"}`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #57fd3c072e2804ba Environment-variable access.
repo/packages/app/e2e/utils/visual-stability/capture.ts:13
  if (process.env.OPENCODE_STABILITY_CAPTURE !== "1") return

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7e7f630a075e07ce Filesystem access.
repo/packages/app/e2e/utils/visual-stability/reporter.ts:19
  await writeFile(tracePath, JSON.stringify(trace, null, 2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #78559db079fbd7b6 Filesystem access.
repo/packages/app/e2e/utils/visual-stability/reporter.ts:20
  await writeFile(
    issuesPath,
    JSON.stringify({ issues, markers: result.markers, capturedFrameCount: result.frames.length }, null, 2),
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4bc545bbf8999874 Environment-variable access.
repo/packages/app/playwright.config.ts:3
const port = Number(process.env.PLAYWRIGHT_PORT ?? 3000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #83313e47dbf5c052 Environment-variable access.
repo/packages/app/playwright.config.ts:4
const baseURL = process.env.PLAYWRIGHT_BASE_URL ?? `http://127.0.0.1:${port}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #08707ebc6a8b324b Environment-variable access.
repo/packages/app/playwright.config.ts:5
const serverHost = process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c60862ff39372db9 Environment-variable access.
repo/packages/app/playwright.config.ts:6
const serverPort = process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0af30509adccab91 Environment-variable access.
repo/packages/app/playwright.config.ts:8
const reuse = !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #df008d7aedf6b04e Environment-variable access.
repo/packages/app/playwright.config.ts:9
const workers = Number(process.env.PLAYWRIGHT_WORKERS ?? (process.env.CI ? 5 : 0)) || undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e4d1feed14f059c9 Environment-variable access.
repo/packages/app/playwright.config.ts:12
  testIgnore: process.env.OPENCODE_PERFORMANCE === "1" ? "performance/**/*.test.ts" : "performance/**",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #29fd8272eb5739dc Environment-variable access.
repo/packages/app/playwright.config.ts:18
  fullyParallel: process.env.PLAYWRIGHT_FULLY_PARALLEL === "1",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a1416668291d1bb5 Environment-variable access.
repo/packages/app/playwright.config.ts:19
  forbidOnly: !!process.env.CI,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #62ee5bfd43ea635f Environment-variable access.
repo/packages/app/playwright.config.ts:20
  retries: process.env.CI ? 2 : 0,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #65a5e700f655442e Environment-variable access.
repo/packages/app/src/i18n/parity.test.ts:45
describe.skipIf(!!process.env.CI)("i18n parity", () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #47d463ede45344f7 Environment-variable access.
repo/packages/app/vite.config.ts:6
  process.env.SENTRY_AUTH_TOKEN && process.env.SENTRY_ORG && process.env.SENTRY_PROJECT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #987c82919f87c87d Environment-variable access.
repo/packages/app/vite.config.ts:8
        authToken: process.env.SENTRY_AUTH_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3ce1895a3cb0cf70 Environment-variable access.
repo/packages/app/vite.config.ts:9
        org: process.env.SENTRY_ORG,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f6fa7098287195a4 Environment-variable access.
repo/packages/app/vite.config.ts:10
        project: process.env.SENTRY_PROJECT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #35a5476d795bb252 Environment-variable access.
repo/packages/app/vite.config.ts:13
          name: process.env.SENTRY_RELEASE ?? process.env.VITE_SENTRY_RELEASE,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6c8c94135be47501 Environment-variable access.
repo/packages/app/vite.js:9
  const raw = process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5bd789a9421e0ec5 Environment-variable access.
repo/packages/app/vite.js:11
  if (process.env.OPENCODE_CHANNEL === "latest") return "prod"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3579a15f2b02f679 Filesystem access.
repo/packages/app/vite.js:42
        `<script id="oc-theme-preload-script">${readFileSync(theme, "utf8")}</script>`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b1ad42515bcb0d7e Filesystem access.
repo/packages/cli/bin/lildax.cjs:4
const fs = require("fs")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e9ddd5180ef5579f Environment-variable access.
repo/packages/cli/bin/lildax.cjs:32
const envPath = process.env.OPENCODE_BIN_PATH

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #177b76983ef2f33b Filesystem access.
repo/packages/cli/bin/lildax.cjs:44
      return /(^|\s)avx2(\s|$)/i.test(fs.readFileSync("/proc/cpuinfo", "utf8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52b62b1fcb15d769 Filesystem access.
repo/packages/cli/script/build.ts:4
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #18e579edea5a4d9c Filesystem access.
repo/packages/cli/script/build.ts:5
import { rm } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4411383a33b9a6d9 Environment-variable access.
repo/packages/cli/script/generate.ts:1
const modelsUrl = process.env.OPENCODE_MODELS_URL || "https://models.dev"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #69fe23c9003affef Environment-variable access.
repo/packages/cli/script/generate.ts:3
export const modelsData = process.env.MODELS_DEV_API_JSON

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd77141fe4595474 Environment-variable access.
repo/packages/cli/script/generate.ts:4
  ? await Bun.file(process.env.MODELS_DEV_API_JSON).text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #db47c521ce92e26d Filesystem access.
repo/packages/console/app/script/generate-sitemap.ts:2
import { readdir, writeFile } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f0817902df37a649 Filesystem access.
repo/packages/console/app/script/generate-sitemap.ts:103
  await writeFile(outputPath, xml, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #4b64c6d2854650ce Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/app/src/component/email-signup.tsx:10
  const response = await fetch(`https://api.emailoctopus.com/lists/${listId}/contacts`, {
    method: "PUT",
    headers: {
      Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      email_address: emailAddress,
    }),
  })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #413bbf3c0f0dddfa Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/app/src/lib/changelog.ts:42
  const response = await fetch("https://api.github.com/repos/anomalyco/opencode/releases?per_page=20", {
    headers: {
      Accept: "application/vnd.github.v3+json",
      "User-Agent": "OpenCode-Console",
    },
    cf: {
      // best-effort edge caching (ignored outside Cloudflare)
      cacheTtl: 60 * 5,
      cacheEverything: true,
    },
  } as RequestInit).catch(() => undefined)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #7b6a1217dbb87512 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/app/src/routes/api/enterprise.ts:39
  return fetch(`https://api.emailoctopus.com/lists/${EMAIL_OCTOPUS_LIST_ID}/contacts`, {
    method: "PUT",
    headers: {
      Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify(payload),
  }).then(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #2b78d3df3fcf6952 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/app/src/routes/openapi.json.ts:2
  const response = await fetch(
    "https://raw.githubusercontent.com/anomalyco/opencode/refs/heads/dev/packages/sdk/openapi.json",
  )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #4967e4ddc6600c41 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/function/src/auth.ts:112
          const emails = (await fetch("https://api.github.com/user/emails", {
            headers: {
              Authorization: `Bearer ${response.tokenset.access}`,
              "User-Agent": "opencode",
              Accept: "application/vnd.github+json",
            },
          }).then((x) => x.json())) as any

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #2767e3c27fa6d90c Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/function/src/auth.ts:119
          const user = (await fetch("https://api.github.com/user", {
            headers: {
              Authorization: `Bearer ${response.tokenset.access}`,
              "User-Agent": "opencode",
              Accept: "application/vnd.github+json",
            },
          }).then((x) => x.json())) as any

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #aa43acbee25a574b Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/function/src/log-processor.ts:58
        fetch("https://api.honeycomb.io/1/batch/zen", {
          method: "POST",
          headers: {
            "Content-Type": "application/json",
            "X-Honeycomb-Team": Resource.HONEYCOMB_API_KEY.value,
          },
          body: JSON.stringify(events),
        }),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #9536f14cc0673de3 Environment-variable access.
repo/packages/containers/script/build.ts:10
const reg = process.env.REGISTRY ?? "ghcr.io/anomalyco"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b2ebab4b5a7a3dbc Environment-variable access.
repo/packages/containers/script/build.ts:11
const tag = process.env.TAG ?? "24.04"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #27ac0d9ffdae4109 Environment-variable access.
repo/packages/containers/script/build.ts:12
const push = process.argv.includes("--push") || process.env.PUSH === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6455aa3d0787373d Filesystem access.
repo/packages/core/script/fix-node-pty.ts:3
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb3495ecbb52f493 Filesystem access.
repo/packages/core/script/migration.ts:4
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aca17494254b9e91 Environment-variable access.
repo/packages/core/src/database/database.ts:50
    process.env.OPENCODE_DISABLE_CHANNEL_DB === "1" ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #265763003cbe339f Environment-variable access.
repo/packages/core/src/database/database.ts:51
    process.env.OPENCODE_DISABLE_CHANNEL_DB === "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #07519b5ca48733a6 Filesystem access.
repo/packages/core/src/file-mutation.ts:112
          const current = yield* fs
            .readFile(input.target.canonical)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #33716a02d04efaed Filesystem access.
repo/packages/core/src/file-mutation.ts:130
              : fs.writeFile(input.target.canonical, input.content, { flag: "wx" })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4da2e2e952976827 Filesystem access.
repo/packages/core/src/file-mutation.ts:147
          const current = yield* fs.readFile(input.target.canonical)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #921984335c39ba9d Filesystem access.
repo/packages/core/src/file-mutation.ts:153
            : fs.writeFile(input.target.canonical, input.content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5ddd9759ae8c73a0 Filesystem access.
repo/packages/core/src/filesystem.ts:83
          content: yield* fs.readFile(target.real).pipe(Effect.orDie),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #24cb7eb57fb72ab3 Environment-variable access.
repo/packages/core/src/flag/flag.ts:4
  const value = process.env[key]?.toLowerCase()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #993b64d4e8b954fa Environment-variable access.
repo/packages/core/src/flag/flag.ts:8
const copy = process.env["OPENCODE_EXPERIMENTAL_DISABLE_COPY_ON_SELECT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ba1583e7a56d8fba Environment-variable access.
repo/packages/core/src/flag/flag.ts:9
const fff = process.env["OPENCODE_DISABLE_FFF"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7cf91d32ebf1ffd9 Environment-variable access.
repo/packages/core/src/flag/flag.ts:12
  return process.env[key] === undefined ? truthy("OPENCODE_EXPERIMENTAL") : truthy(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b8ce61fbf0d4c5a0 Environment-variable access.
repo/packages/core/src/flag/flag.ts:16
  OTEL_EXPORTER_OTLP_ENDPOINT: process.env["OTEL_EXPORTER_OTLP_ENDPOINT"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e287aad6a5386f95 Environment-variable access.
repo/packages/core/src/flag/flag.ts:17
  OTEL_EXPORTER_OTLP_HEADERS: process.env["OTEL_EXPORTER_OTLP_HEADERS"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6e98ec9dd3c6110a Environment-variable access.
repo/packages/core/src/flag/flag.ts:20
  OPENCODE_GIT_BASH_PATH: process.env["OPENCODE_GIT_BASH_PATH"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2fd2b8c75e06e84b Environment-variable access.
repo/packages/core/src/flag/flag.ts:21
  OPENCODE_CONFIG: process.env["OPENCODE_CONFIG"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #16046eea84a65050 Environment-variable access.
repo/packages/core/src/flag/flag.ts:22
  OPENCODE_CONFIG_CONTENT: process.env["OPENCODE_CONFIG_CONTENT"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #83543276630f9196 Environment-variable access.
repo/packages/core/src/flag/flag.ts:31
  OPENCODE_FAKE_VCS: process.env["OPENCODE_FAKE_VCS"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #62dc1dd2f38580cc Environment-variable access.
repo/packages/core/src/flag/flag.ts:32
  OPENCODE_SERVER_PASSWORD: process.env["OPENCODE_SERVER_PASSWORD"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #250be4fe7f55b87b Environment-variable access.
repo/packages/core/src/flag/flag.ts:33
  OPENCODE_SERVER_USERNAME: process.env["OPENCODE_SERVER_USERNAME"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1f899a4a7729f7af Environment-variable access.
repo/packages/core/src/flag/flag.ts:45
  OPENCODE_MODELS_URL: process.env["OPENCODE_MODELS_URL"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #33ffbce70358d1bc Environment-variable access.
repo/packages/core/src/flag/flag.ts:46
  OPENCODE_MODELS_PATH: process.env["OPENCODE_MODELS_PATH"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fb6140b73107dfc8 Environment-variable access.
repo/packages/core/src/flag/flag.ts:47
  OPENCODE_DB: process.env["OPENCODE_DB"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee2ba9fa91f5ccf5 Environment-variable access.
repo/packages/core/src/flag/flag.ts:49
  OPENCODE_WORKSPACE_ID: process.env["OPENCODE_WORKSPACE_ID"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cb50eddfd855e634 Environment-variable access.
repo/packages/core/src/flag/flag.ts:61
    return process.env["OPENCODE_TUI_CONFIG"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5159a20b6dfcb5e4 Environment-variable access.
repo/packages/core/src/flag/flag.ts:64
    return process.env["OPENCODE_CONFIG_DIR"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9d21112a06190b92 Environment-variable access.
repo/packages/core/src/flag/flag.ts:70
    return process.env["OPENCODE_PERMISSION"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1dd14b0e59a156d8 Environment-variable access.
repo/packages/core/src/flag/flag.ts:73
    return process.env["OPENCODE_PLUGIN_META_FILE"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7be36af69768c372 Environment-variable access.
repo/packages/core/src/flag/flag.ts:76
    return process.env["OPENCODE_CLIENT"] ?? "cli"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #54c82cf921a0d43c Filesystem access.
repo/packages/core/src/fs-util.ts:3
import { realpathSync } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #da8575061c815403 Filesystem access.
repo/packages/core/src/fs-util.ts:4
import * as NFS from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #224e28b09db0edb0 Filesystem access.
repo/packages/core/src/global.ts:2
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6934e1ef0fe2af88 Environment-variable access.
repo/packages/core/src/global.ts:19
    return process.env.OPENCODE_TEST_HOME ?? os.homedir()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6d550b1808ad0358 Environment-variable access.
repo/packages/core/src/integration.ts:298
        .flatMap((method) => method.names.filter((name) => process.env[name]))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e77cceadb98a911a Environment-variable access.
repo/packages/core/src/integration.ts:387
            const key = process.env[connection.name]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5003a161bf70b3ce Environment-variable access.
repo/packages/core/src/observability/logging.ts:57
  const value = process.env.OPENCODE_LOG_LEVEL?.toUpperCase()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a7ae8bf47c2ab4b3 Environment-variable access.
repo/packages/core/src/observability/logging.ts:68
  return process.env.OPENCODE_PRINT_LOGS === "1" ? [fileLogger(), stderrLogger] : [fileLogger()]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #48c2ef296dca2002 Environment-variable access.
repo/packages/core/src/observability/otlp.ts:21
  const value = process.env.OTEL_RESOURCE_ATTRIBUTES

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b1ff4d1342fc0cd6 Environment-variable access.
repo/packages/core/src/plugin/provider/amazon-bedrock.ts:85
        const profile = typeof options.profile === "string" ? options.profile : process.env.AWS_PROFILE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1a120b73e116c56c Environment-variable access.
repo/packages/core/src/plugin/provider/amazon-bedrock.ts:86
        const region = typeof options.region === "string" ? options.region : (process.env.AWS_REGION ?? "us-east-1")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6810081b0f63c67b Environment-variable access.
repo/packages/core/src/plugin/provider/amazon-bedrock.ts:88
          process.env.AWS_BEARER_TOKEN_BEDROCK ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f44d12d5b2b9a1b7 Environment-variable access.
repo/packages/core/src/plugin/provider/amazon-bedrock.ts:90
        if (bearerToken && !process.env.AWS_BEARER_TOKEN_BEDROCK) process.env.AWS_BEARER_TOKEN_BEDROCK = bearerToken

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #64a90b96e47982c4 Environment-variable access.
repo/packages/core/src/plugin/provider/amazon-bedrock.ts:92
          process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI || process.env.AWS_CONTAINER_CREDENTIALS_FULL_URI,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e4aa70092a4603c2 Environment-variable access.
repo/packages/core/src/plugin/provider/amazon-bedrock.ts:121
        const region = typeof evt.options.region === "string" ? evt.options.region : process.env.AWS_REGION

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7513e22efcdf5563 Environment-variable access.
repo/packages/core/src/plugin/provider/azure.ts:23
            typeof configured === "string" && configured.trim() !== "" ? configured : process.env.AZURE_RESOURCE_NAME

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ba34ef6cb34f110f Environment-variable access.
repo/packages/core/src/plugin/provider/azure.ts:63
        const resourceName = process.env.AZURE_COGNITIVE_SERVICES_RESOURCE_NAME

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d956628db25d20fc Environment-variable access.
repo/packages/core/src/plugin/provider/cloudflare-ai-gateway.ts:47
  const accountId = process.env.CLOUDFLARE_ACCOUNT_ID ?? stringOption(options, "accountId")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cd0119087f739842 Environment-variable access.
repo/packages/core/src/plugin/provider/cloudflare-ai-gateway.ts:51
    process.env.CLOUDFLARE_GATEWAY_ID ?? stringOption(options, "gatewayId") ?? stringOption(options, "gateway")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9e3b331df9a10a59 Environment-variable access.
repo/packages/core/src/plugin/provider/cloudflare-ai-gateway.ts:52
  const apiKey = process.env.CLOUDFLARE_API_TOKEN ?? process.env.CF_AIG_TOKEN ?? stringOption(options, "apiKey")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3832c56cba9988f9 Environment-variable access.
repo/packages/core/src/plugin/provider/cloudflare-workers-ai.ts:50
  return process.env.CLOUDFLARE_ACCOUNT_ID ?? stringOption(options, "accountId")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0b498cbd51c9bcf2 Environment-variable access.
repo/packages/core/src/plugin/provider/cloudflare-workers-ai.ts:65
    apiKey: process.env.CLOUDFLARE_API_KEY ?? options.apiKey,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5d34a41f1a039022 Environment-variable access.
repo/packages/core/src/plugin/provider/cloudflare-workers-ai.ts:76
  return baseURL.replaceAll("${CLOUDFLARE_ACCOUNT_ID}", process.env.CLOUDFLARE_ACCOUNT_ID ?? "${CLOUDFLARE_ACCOUNT_ID}")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f0a3ac8e2465d3d9 Environment-variable access.
repo/packages/core/src/plugin/provider/gitlab.ts:19
              : (process.env.GITLAB_INSTANCE_URL ?? "https://gitlab.com"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #89997e423331cab2 Environment-variable access.
repo/packages/core/src/plugin/provider/gitlab.ts:20
          apiKey: typeof evt.options.apiKey === "string" ? evt.options.apiKey : process.env.GITLAB_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d23285160e369a82 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:10
    process.env.GOOGLE_VERTEX_PROJECT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #359a50b4b1127c9e Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:11
    process.env.GOOGLE_CLOUD_PROJECT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #78e4f9481f06cd0c Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:12
    process.env.GCP_PROJECT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cbbfe8ea0ae66b0b Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:13
    process.env.GCLOUD_PROJECT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #67985073a79ce3a1 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:20
    process.env.GOOGLE_VERTEX_LOCATION ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5fa97b933a61cba0 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:21
    process.env.GOOGLE_CLOUD_LOCATION ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cac274a660a03274 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:22
    process.env.VERTEX_LOCATION ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7f639fe73b5ff168 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:125
            process.env.GOOGLE_CLOUD_PROJECT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #391c6612d9fe6fda Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:126
            process.env.GCP_PROJECT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a503cc74cd775dc4 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:127
            process.env.GCLOUD_PROJECT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a66db00249f8b4d4 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:130
            process.env.GOOGLE_CLOUD_LOCATION ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #036b4de7c560c5c7 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:131
            process.env.VERTEX_LOCATION ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #99eb761fd24bcf1c Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:147
            : (process.env.GOOGLE_CLOUD_PROJECT ?? process.env.GCP_PROJECT ?? process.env.GCLOUD_PROJECT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8738b076f3ca123e Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:151
            : (process.env.GOOGLE_CLOUD_LOCATION ?? process.env.VERTEX_LOCATION ?? "global")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #833ec9ca9dbb5e22 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/core/src/plugin/provider/openai.ts:122
                fetch(`${issuer}/api/accounts/deviceauth/token`, {
                  method: "POST",
                  headers: headers("application/json"),
                  body: JSON.stringify({ device_auth_id: device.device_auth_id, user_code: device.user_code }),
                  signal,
                }),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #b1b10d12e7422ce8 Environment-variable access.
repo/packages/core/src/plugin/provider/opencode.ts:167
      const hasKey = Boolean(process.env.OPENCODE_API_KEY || connected || item.provider.request.body.apiKey)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7aa8274b89b62adb Environment-variable access.
repo/packages/core/src/plugin/provider/sap-ai-core.ts:15
          process.env.AICORE_SERVICE_KEY ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d29788fbfb3dbdf7 Environment-variable access.
repo/packages/core/src/plugin/provider/sap-ai-core.ts:17
        if (serviceKey && !process.env.AICORE_SERVICE_KEY) process.env.AICORE_SERVICE_KEY = serviceKey

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a4619cc4543e04e2 Environment-variable access.
repo/packages/core/src/plugin/provider/sap-ai-core.ts:34
            ? { deploymentId: process.env.AICORE_DEPLOYMENT_ID, resourceGroup: process.env.AICORE_RESOURCE_GROUP }

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1b6ebae0bdfc2b3c Environment-variable access.
repo/packages/core/src/plugin/provider/snowflake-cortex.ts:74
          process.env.SNOWFLAKE_CORTEX_TOKEN ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9739b28bc7635f6e Environment-variable access.
repo/packages/core/src/plugin/provider/snowflake-cortex.ts:75
          process.env.SNOWFLAKE_CORTEX_PAT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #985122e31a37d851 Environment-variable access.
repo/packages/core/src/repository.ts:169
  const base = process.env.OPENCODE_REPO_CLONE_GITHUB_BASE_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #de8fa13f9e8538d8 Filesystem access.
repo/packages/core/src/shell.ts:5
import { readFile } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d9002171cdc2831f Filesystem access.
repo/packages/core/src/shell.ts:6
import { statSync } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #38eab68bdbb23167 Environment-variable access.
repo/packages/core/src/shell.ts:101
      [which("pwsh"), which("powershell"), gitbash(), process.env.COMSPEC || "cmd.exe"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8cf8973f1552df48 Filesystem access.
repo/packages/core/src/shell.ts:109
  const text = await readFile("/etc/shells", "utf8").catch(() => "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8bfe535cfad0e86d Environment-variable access.
repo/packages/core/src/shell.ts:207
  defaultPreferred ??= select(process.env.SHELL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2502ed3075a5d2da Environment-variable access.
repo/packages/core/src/shell.ts:216
  defaultAcceptable ??= select(process.env.SHELL, { acceptable: true })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f2dce7065f1cc9b9 Filesystem access.
repo/packages/core/src/tool/apply-patch.ts:139
                    const source = yield* fs.readFile(target.canonical)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7e9791fa234a4358 Environment-variable access.
repo/packages/core/src/tool/bash.ts:49
const defaultShell = () => (process.platform === "win32" ? (process.env.COMSPEC ?? "cmd.exe") : "/bin/sh")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd53e6a1a4316805 Filesystem access.
repo/packages/core/src/tool/edit.ts:161
                const source = decodeUtf8(yield* unableToEdit(fs.readFile(target.canonical)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e213f0695e0f269a Environment-variable access.
repo/packages/core/src/tool/websearch.ts:76
      process.env.OPENCODE_WEBSEARCH_PROVIDER === "exa" || process.env.OPENCODE_WEBSEARCH_PROVIDER === "parallel"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8deb770086be51d0 Environment-variable access.
repo/packages/core/src/tool/websearch.ts:77
        ? process.env.OPENCODE_WEBSEARCH_PROVIDER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #40922e362b8c3200 Environment-variable access.
repo/packages/core/src/tool/websearch.ts:81
    exaApiKey: process.env.EXA_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #94f61655de105c85 Environment-variable access.
repo/packages/core/src/tool/websearch.ts:82
    parallelApiKey: process.env.PARALLEL_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #0227f3f4768ce896 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/core/src/tool/websearch.ts:147
  const url = new URL(EXA_URL)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #afb66c135a06e9d2 Filesystem access.
repo/packages/core/src/util/flock.ts:4
import { mkdir, readFile, rm, stat, utimes, writeFile } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f213615e5d67bd3d Environment-variable access.
repo/packages/core/src/util/which.ts:6
  const base = env?.PATH ?? env?.Path ?? process.env.PATH ?? process.env.Path ?? ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e39083a22e047e47 Environment-variable access.
repo/packages/core/src/util/which.ts:11
    pathExt: env?.PATHEXT ?? env?.PathExt ?? process.env.PATHEXT ?? process.env.PathExt,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9409175fbd662066 Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:14
    const previous = process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #978512f271249b7a Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:15
    process.env.OPENCODE_CHANNEL = channel.channel

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #17f12a0159be81d8 Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:20
    if (previous === undefined) delete process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8b8a869e74fafac4 Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:21
    else process.env.OPENCODE_CHANNEL = previous

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a7ef1f38562e555b Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:31
  const previous = process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2aff69ce4de68a1a Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:32
  process.env.OPENCODE_CHANNEL = "prod"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0eadb55531d18481 Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:37
  if (previous === undefined) delete process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a01c4525955b85b0 Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:38
  else process.env.OPENCODE_CHANNEL = previous

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f7b1a826cd9b9393 Environment-variable access.
repo/packages/desktop/electron-builder.config.ts:20
  if (process.env.GITHUB_ACTIONS !== "true") return

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b2a92059952f341f Environment-variable access.
repo/packages/desktop/electron-builder.config.ts:30
  const raw = process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #be70c9c683223584 Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:9
  const raw = process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #abd08588b65d0997 Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:11
  if (process.env.OPENCODE_CHANNEL === "latest") return "prod"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ced4484317933b13 Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:18
  process.env.SENTRY_AUTH_TOKEN && process.env.SENTRY_ORG && process.env.SENTRY_PROJECT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4be128aa9b590bbd Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:20
        authToken: process.env.SENTRY_AUTH_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #243755a74bd33e8c Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:21
        org: process.env.SENTRY_ORG,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e4c72c3a713e871c Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:22
        project: process.env.SENTRY_PROJECT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9bab8236a76998b9 Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:25
          name: process.env.SENTRY_RELEASE ?? process.env.VITE_SENTRY_RELEASE,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c7be819d7c4a2aa2 Filesystem access.
repo/packages/desktop/electron.vite.config.ts:76
            await fs.writeFile(`./out/main/chunks/${l}`, await fs.readFile(`${OPENCODE_SERVER_DIST}/${l}`))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c2fab034b304bf78 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:16
const repo = process.env.GH_REPO

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e6dfe3c90788b8cd Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:19
const releaseId = process.env.OPENCODE_RELEASE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8c29a419fc8b7b17 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:22
const version = process.env.OPENCODE_VERSION

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #59291c0d61b599f6 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:25
const dir = process.env.LATEST_YML_DIR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a5dea2fc7af44055 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:29
const token = process.env.GH_TOKEN ?? process.env.GITHUB_TOKEN

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #af20b2dfc559e1ca Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:126
  const tmp = process.env.RUNNER_TEMP ?? "/tmp"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2bf61f4b150b083b Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:207
const tmp = process.env.RUNNER_TEMP ?? "/tmp"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8e60b0e12f90ce61 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-yml.ts:6
const dir = process.env.LATEST_YML_DIR!

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #92158474cce6f439 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-yml.ts:9
const repo = process.env.GH_REPO

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2a80c16bc120c4a3 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-yml.ts:12
const version = process.env.OPENCODE_VERSION

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fa1beb47213ae49f Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-yml.ts:115
const tmp = process.env.RUNNER_TEMP ?? "/tmp"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3717376f4b5d53d7 Environment-variable access.
repo/packages/desktop/scripts/predev.ts:3
await $`bun ./scripts/copy-icons.ts ${process.env.OPENCODE_CHANNEL ?? "dev"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #752d6b518db22f20 Environment-variable access.
repo/packages/desktop/scripts/utils.ts:66
  if (process.platform === "win32" && process.env.GITHUB_ACTIONS === "true") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2230a835ca7bfa32 Environment-variable access.
repo/packages/desktop/src/main/apps.ts:27
  const home = process.env.HOME

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #feba3c524bfb707e Filesystem access.
repo/packages/desktop/src/main/apps.ts:58
    const content = await readFile(path, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #232eddb7eeb5f3d5 Filesystem access.
repo/packages/desktop/src/main/attachment-picker.test.ts:27
      await writeFile(file, "lorem ipsum")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5474da14b2d92a1a Filesystem access.
repo/packages/desktop/src/main/attachment-picker.test.ts:38
      await writeFile(file, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0958b1a358e015d9 Environment-variable access.
repo/packages/desktop/src/main/index.ts:56
const TEST_ONBOARDING = process.env.OPENCODE_TEST_ONBOARDING === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3c04c51cba921b15 Environment-variable access.
repo/packages/desktop/src/main/index.ts:90
    const items = (process.env[key] ?? "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #edcdfad8f6d1c40d Environment-variable access.
repo/packages/desktop/src/main/index.ts:100
    process.env[key] = items.join(",")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cb87430f7a791ac1 Environment-variable access.
repo/packages/desktop/src/main/index.ts:115
  process.env.OPENCODE_DISABLE_EMBEDDED_WEB_UI = "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9c1ba700c54a152c Environment-variable access.
repo/packages/desktop/src/main/index.ts:126
    process.env.OPENCODE_DB = ":memory:"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e58757fdc8396356 Environment-variable access.
repo/packages/desktop/src/main/index.ts:127
    process.env.XDG_DATA_HOME = join(root, "data")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f35ece5f6749b9e4 Environment-variable access.
repo/packages/desktop/src/main/index.ts:128
    process.env.XDG_CONFIG_HOME = join(root, "config")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0ec428cc07b7e343 Environment-variable access.
repo/packages/desktop/src/main/index.ts:129
    process.env.XDG_CACHE_HOME = join(root, "cache")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #967cb25708f33dbb Environment-variable access.
repo/packages/desktop/src/main/index.ts:130
    process.env.XDG_STATE_HOME = join(root, "state")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f97d1435caf40952 Environment-variable access.
repo/packages/desktop/src/main/index.ts:308
    const fromEnv = process.env.OPENCODE_PORT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #95267cd8d2d85ce6 Filesystem access.
repo/packages/desktop/src/main/logging.ts:93
    const contents = readFileSync(path, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b572c4c0421b6e55 Environment-variable access.
repo/packages/desktop/src/main/logging.ts:153
  const xdgData = process.env.XDG_DATA_HOME || join(homedir(), ".local", "share")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #37fbba6f0f2acdf1 Filesystem access.
repo/packages/desktop/src/main/logging.ts:184
    const data = entry.data ?? readFileSync(entry.path!)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #101aa3f9421a21f8 Filesystem access.
repo/packages/desktop/src/main/logging.ts:188
  writeFileSync(output, Buffer.from(await zip.arrayBuffer()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74ff99777f1fe53d Environment-variable access.
repo/packages/desktop/src/main/migrate.ts:18
      return join(process.env.APPDATA ?? join(homedir(), "AppData", "Roaming"), id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #55fc76f5cba22da9 Environment-variable access.
repo/packages/desktop/src/main/migrate.ts:20
      return join(process.env.XDG_DATA_HOME ?? join(homedir(), ".local", "share"), id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a17609cf23a619c7 Filesystem access.
repo/packages/desktop/src/main/migrate.ts:42
    data = JSON.parse(readFileSync(datPath, "utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e4f94977f13d755c Environment-variable access.
repo/packages/desktop/src/main/server.ts:51
    XDG_STATE_HOME: process.env.XDG_STATE_HOME ?? userDataPath,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eaa4f2f04be40d90 Environment-variable access.
repo/packages/desktop/src/main/shell-env.ts:19
    return resolveUserShell(process.env.SHELL, userInfo().shell)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6d341c5a9b61c5b8 Environment-variable access.
repo/packages/desktop/src/main/shell-env.ts:21
    return resolveUserShell(process.env.SHELL, undefined)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #605e797b734459cd Environment-variable access.
repo/packages/desktop/src/main/sidecar.ts:87
    XDG_STATE_HOME: process.env.XDG_STATE_HOME ?? userDataPath,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dffaa29f1817d83a Environment-variable access.
repo/packages/desktop/src/main/sidecar.ts:94
    const items = (process.env[key] ?? "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9e28e83f33bfa5a4 Environment-variable access.
repo/packages/desktop/src/main/sidecar.ts:104
    process.env[key] = items.join(",")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a63fde35c48d7096 Filesystem access.
repo/packages/desktop/src/main/store-cleanup.test.ts:16
  await writeFile(join(root, name), value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dca8b457bfd9ae8e Filesystem access.
repo/packages/desktop/src/main/store-cleanup.ts:84
  const raw = await readFile(file, "utf8").catch(() => undefined)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cc339ea0518d51c4 Environment-variable access.
repo/packages/desktop/src/main/windows.ts:292
  const devUrl = process.env.ELECTRON_RENDERER_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ec84231a60253688 Environment-variable access.
repo/packages/desktop/src/main/windows.ts:455
  const devUrl = process.env.ELECTRON_RENDERER_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #43455d4067f5e8c4 Environment-variable access.
repo/packages/desktop/src/main/wsl/runtime.ts:389
  const root = process.env.SystemRoot ?? process.env.windir

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3f28ae89ed9a78ba Environment-variable access.
repo/packages/enterprise/vite.config.ts:7
  const target = process.env.OPENCODE_DEPLOYMENT_TARGET

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #621de505a13f41b3 Environment-variable access.
repo/packages/enterprise/vite.config.ts:26
      baseURL: process.env.OPENCODE_BASE_URL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #cb472f3d233e82d1 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/function/src/api.ts:271
    const JWKS = createRemoteJWKSet(new URL(JWKS_URL))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #244ed005c76946a5 Filesystem access.
repo/packages/http-recorder/script/verify-package.ts:16
    await writeFile(
      path.join(directory, "package.json"),
      JSON.stringify({ name: "http-recorder-consumer", private: true, type: "module" }),
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b46924b988a8a083 Filesystem access.
repo/packages/http-recorder/script/verify-package.ts:20
    await writeFile(
      path.join(directory, "consumer.ts"),
      `import { HttpRecorder } from "@opencode-ai/http-recorder"
import { NodeSocket } from "@effect/platform-node"
import { Layer } from "effect"
import { HttpClient } from "effect/unstable/http"
import { Socket } from "effect/unstable/socket"

const options: HttpRecorder.RecorderOptions = { redact: { jsonFields: ["access_token"] } }
HttpRecorder.http("consumer", options) satisfies Layer.Layer<HttpClient.HttpClient>
HttpRecorder.socket("consumer/socket", options).pipe(
  Layer.provide(NodeSocket.layerWebSocket("wss://example.test")),
) satisfies Layer.Layer<Socket.Socket>
`,
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ea25b29a14a189d Filesystem access.
repo/packages/http-recorder/script/verify-package.ts:35
    await writeFile(
      path.join(directory, "tsconfig.json"),
      JSON.stringify({
        compilerOptions: {
          target: "ES2022",
          module: "NodeNext",
          moduleResolution: "NodeNext",
          strict: true,
          noEmit: true,
          // Required by [email protected]: its schema.d.ts references an undeclared SchemaErrorTypeId.
          skipLibCheck: true,
          lib: ["ES2022", "DOM", "ESNext.Disposable"],
        },
        include: ["consumer.ts"],
      }),
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a51b10b71af59eb Environment-variable access.
repo/packages/http-recorder/src/recorder.ts:7
  const value = process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #120da168f8eb05f3 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/llm/script/recording-cost-report.ts:219
const models = (await (await fetch(MODELS_DEV_URL)).json()) as JsonRecord

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #a795052e8ceae4d3 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/llm/script/setup-recording-env.ts:44
      HttpClientRequest.get("https://api.anthropic.com/v1/models").pipe(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #1d162b980430437d Environment-variable access.
repo/packages/llm/script/setup-recording-env.ts:290
  if (process.env[name]) return "shell"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4a984bfca0c1be00 Filesystem access.
repo/packages/opencode/bin/opencode:4
const fs = require("fs")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d3eb0bae163b0591 Environment-variable access.
repo/packages/opencode/bin/opencode:46
const envPath = process.env.OPENCODE_BIN_PATH

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aafa1fa74b77144e Filesystem access.
repo/packages/opencode/bin/opencode:81
      return /(^|\s)avx2(\s|$)/i.test(fs.readFileSync("/proc/cpuinfo", "utf8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #89520fa09c3451c7 Filesystem access.
repo/packages/opencode/script/build.ts:4
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b34e62ea0d8939e6 Environment-variable access.
repo/packages/opencode/script/build.ts:240
  await $`gh release upload v${Script.version} ./dist/*.zip ./dist/*.tar.gz --clobber --repo ${process.env.GH_REPO}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1607897b361317db Environment-variable access.
repo/packages/opencode/script/generate.ts:10
const modelsUrl = process.env.OPENCODE_MODELS_URL || "https://models.dev"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e66e537ac08e2225 Environment-variable access.
repo/packages/opencode/script/generate.ts:11
export const modelsData = process.env.MODELS_DEV_API_JSON

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8757fd08e54777b0 Environment-variable access.
repo/packages/opencode/script/generate.ts:12
  ? await Bun.file(process.env.MODELS_DEV_API_JSON).text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #698e9a380fc01fd3 Filesystem access.
repo/packages/opencode/script/postinstall.mjs:4
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3a698a4226af037e Filesystem access.
repo/packages/opencode/script/postinstall.mjs:12
const packageJson = JSON.parse(fs.readFileSync(path.join(__dirname, "package.json"), "utf8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7673b6a5e3557d77 Filesystem access.
repo/packages/opencode/script/postinstall.mjs:36
      return /(^|\s)avx2(\s|$)/i.test(fs.readFileSync("/proc/cpuinfo", "utf8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb397cd2c47bbc89 Environment-variable access.
repo/packages/opencode/script/publish.ts:199
  const token = process.env.GITHUB_TOKEN

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #08afb1fa8920510a Environment-variable access.
repo/packages/opencode/specs/v2/api.ts:28
  value: process.env.OPENAI_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #07e6821453d26272 Environment-variable access.
repo/packages/opencode/src/acp/profile.ts:1
const enabled = process.env.OPENCODE_ACP_PROFILE === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f77d9ab07773e0ad Environment-variable access.
repo/packages/opencode/src/auth/index.ts:59
      if (process.env.OPENCODE_AUTH_CONTENT) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c9b0a858b44ba151 Environment-variable access.
repo/packages/opencode/src/auth/index.ts:61
          return JSON.parse(process.env.OPENCODE_AUTH_CONTENT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #221cf6750807ab17 Environment-variable access.
repo/packages/opencode/src/cli/cmd/acp.ts:23
    process.env.OPENCODE_CLIENT = "acp"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1bdad7d094d0252e Filesystem access.
repo/packages/opencode/src/cli/cmd/agent.ts:6
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f63a87568c9d6a9e Environment-variable access.
repo/packages/opencode/src/cli/cmd/debug/index.ts:56
    const termProgram = process.env.TERM_PROGRAM

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a82a06c800da13a4 Environment-variable access.
repo/packages/opencode/src/cli/cmd/debug/index.ts:57
      ? `${process.env.TERM_PROGRAM}${process.env.TERM_PROGRAM_VERSION ? ` ${process.env.TERM_PROGRAM_VERSION}` : ""}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #69ee2be2bc82fb35 Environment-variable access.
repo/packages/opencode/src/cli/cmd/debug/index.ts:59
    const terminal = [termProgram, process.env.TERM].filter((item): item is string => Boolean(item)).join(" / ")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #61f33b334e16db16 Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:406
    const variant = process.env["VARIANT"] || undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3608cb463a1b4747 Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:471
        const githubToken = process.env["GITHUB_TOKEN"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dcf4c03668834560 Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:656
      const value = process.env["MODEL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e78d5cb4140fb2ef Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:667
      const value = process.env["GITHUB_RUN_ID"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cb0e0cc145a27314 Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:673
      const value = process.env["SHARE"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #83d5534671266a95 Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:681
      const value = process.env["USE_GITHUB_TOKEN"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b49c953924820ec0 Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:689
      const value = process.env["OIDC_BASE_URL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #39c4784451f664b3 Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:724
      const customPrompt = process.env["PROMPT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c846c56104396dea Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:739
      const mentions = (process.env["MENTIONS"] || "/opencode,/oc")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #dabc5ab7151ba134 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/cli/cmd/github.handler.ts:1583
      await fetch("https://api.github.com/installation/token", {
        method: "DELETE",
        headers: {
          Authorization: `Bearer ${appToken}`,
          Accept: "application/vnd.github+json",
          "X-GitHub-Api-Version": "2022-11-28",
        },
      })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #fdd74d61e413a6fb Environment-variable access.
repo/packages/opencode/src/cli/cmd/providers.ts:277
        if (process.env[envVar]) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #23f2d69805136372 Environment-variable access.
repo/packages/opencode/src/cli/cmd/run.ts:333
      const root = Filesystem.resolve(process.env.PWD ?? process.cwd())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eedcafd8e90194e5 Filesystem access.
repo/packages/opencode/src/cli/cmd/run/runtime.stdin.ts:1
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c627c972b8b74983 Filesystem access.
repo/packages/opencode/src/cli/cmd/run/trace.ts:14
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c3077538177f3220 Environment-variable access.
repo/packages/opencode/src/cli/cmd/run/trace.ts:58
  if (!process.env.OPENCODE_DIRECT_TRACE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d884aef0b749d13a Filesystem access.
repo/packages/opencode/src/cli/cmd/run/trace.ts:65
  fs.writeFileSync(
    latest(),
    text({
      time: new Date().toISOString(),
      pid: process.pid,
      cwd: process.cwd(),
      argv: process.argv.slice(2),
      path: target,
    }) + "\n",
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #23a786debc299f6d Environment-variable access.
repo/packages/opencode/src/cli/cmd/tui.ts:66
export function resolveThreadDirectory(project?: string, envPWD = process.env.PWD, cwd = process.cwd()) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9b1a60c27de662ec Filesystem access.
repo/packages/opencode/src/cli/cmd/uninstall.ts:6
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d980a3956626287d Environment-variable access.
repo/packages/opencode/src/cli/cmd/uninstall.ts:236
  const shell = path.basename(process.env.SHELL || "bash")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8dd20824e02bc8fb Environment-variable access.
repo/packages/opencode/src/cli/cmd/uninstall.ts:238
  const xdgConfig = process.env.XDG_CONFIG_HOME || path.join(home, ".config")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c3d5882ed608235d Filesystem access.
repo/packages/opencode/src/config/config.ts:9
import fsNode from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7317e6d29ac20352 Filesystem access.
repo/packages/opencode/src/config/config.ts:15
import { existsSync } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8b5562ea90520d4b Filesystem access.
repo/packages/opencode/src/config/config.ts:271
              await fsNode.writeFile(path.join(Global.Path.config, "config.json"), JSON.stringify(result, null, 2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1ac7141634df80bd Environment-variable access.
repo/packages/opencode/src/config/config.ts:468
        if (process.env.OPENCODE_CONFIG_CONTENT) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #19be18034df9e3e1 Environment-variable access.
repo/packages/opencode/src/config/config.ts:470
          const next = yield* loadConfig(process.env.OPENCODE_CONFIG_CONTENT, {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1a31b1d8f4e6cfd5 Environment-variable access.
repo/packages/opencode/src/config/config.ts:491
              process.env["OPENCODE_CONSOLE_TOKEN"] = tokenOpt.value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #492fa4495191f006 Filesystem access.
repo/packages/opencode/src/config/managed.ts:3
import { existsSync } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5268d3ee14676204 Environment-variable access.
repo/packages/opencode/src/config/managed.ts:25
      return path.join(process.env.ProgramData || "C:\\ProgramData", "opencode")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5fc381b7481b30a8 Environment-variable access.
repo/packages/opencode/src/config/managed.ts:32
  return process.env.OPENCODE_TEST_MANAGED_CONFIG_DIR || systemManagedConfigDir()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #07bed68753ed9aec Environment-variable access.
repo/packages/opencode/src/config/variable.ts:37
    return (input.env?.[varName] ?? process.env[varName]) || ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2bd8b3f457d8a2d1 Filesystem access.
repo/packages/opencode/src/control-plane/dev/debug-workspace-plugin.ts:30
  await writeFile(
    DEV_DATA_TEMP_FILE,
    JSON.stringify(
      {
        port,
        id,
        env,
      },
      null,
      2,
    ),
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b8777ebea8cd43ce Environment-variable access.
repo/packages/opencode/src/control-plane/workspace.ts:533
        OTEL_EXPORTER_OTLP_HEADERS: process.env.OTEL_EXPORTER_OTLP_HEADERS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9256b98188b7249b Environment-variable access.
repo/packages/opencode/src/control-plane/workspace.ts:534
        OTEL_EXPORTER_OTLP_ENDPOINT: process.env.OTEL_EXPORTER_OTLP_ENDPOINT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e41a62ce61209053 Environment-variable access.
repo/packages/opencode/src/control-plane/workspace.ts:535
        OTEL_RESOURCE_ATTRIBUTES: process.env.OTEL_RESOURCE_ATTRIBUTES,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d716614498f2524d Environment-variable access.
repo/packages/opencode/src/ide/index.ts:23
  if (process.env["TERM_PROGRAM"] === "vscode") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a72ff3c31d5d6de6 Environment-variable access.
repo/packages/opencode/src/ide/index.ts:24
    const v = process.env["GIT_ASKPASS"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9ec567e8eff87c5f Environment-variable access.
repo/packages/opencode/src/ide/index.ts:33
  return process.env["OPENCODE_CALLER"] === "vscode" || process.env["OPENCODE_CALLER"] === "vscode-insiders"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d4876e8ed4d8fa26 Environment-variable access.
repo/packages/opencode/src/index.ts:67
    if (opts.printLogs) process.env.OPENCODE_PRINT_LOGS = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0833f5e4b7b99067 Environment-variable access.
repo/packages/opencode/src/index.ts:68
    if (opts.logLevel) process.env.OPENCODE_LOG_LEVEL = opts.logLevel

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0d39b899664241aa Environment-variable access.
repo/packages/opencode/src/index.ts:70
      process.env.OPENCODE_PURE = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ab36b7cb43be3f19 Environment-variable access.
repo/packages/opencode/src/index.ts:75
    process.env.AGENT = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8674c5be9b4ac139 Environment-variable access.
repo/packages/opencode/src/index.ts:76
    process.env.OPENCODE = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #28b333a4953c5f58 Environment-variable access.
repo/packages/opencode/src/index.ts:77
    process.env.OPENCODE_PID = String(process.pid)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #fd2f2b8b0eca6c43 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/installation/index.ts:147
        const response = yield* httpOk.execute(HttpClientRequest.get("https://opencode.ai/install"))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #a286589d8c0c29f6 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/installation/index.ts:219
            HttpClientRequest.get("https://formulae.brew.sh/api/formula/opencode.json").pipe(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #e6b720da9f30abc3 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/installation/index.ts:239
            HttpClientRequest.get(
              "https://community.chocolatey.org/api/v2/Packages?$filter=Id%20eq%20%27opencode%27%20and%20IsLatestVersion&$select=Version",
            ).pipe(HttpClientRequest.setHeaders({ Accept: "application/json;odata=verbose" })),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #c99460d242817a71 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/installation/index.ts:249
            HttpClientRequest.get(
              "https://raw.githubusercontent.com/ScoopInstaller/Main/master/bucket/opencode.json",
            ).pipe(HttpClientRequest.setHeaders({ Accept: "application/json" })),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #ae42b6e47090b5bd Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/installation/index.ts:258
          HttpClientRequest.get("https://api.github.com/repos/anomalyco/opencode/releases/latest").pipe(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #262f86216bad807d Filesystem access.
repo/packages/opencode/src/lsp/server.ts:6
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #e6e81a5a39489d36 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:183
      const response = await fetch("https://github.com/microsoft/vscode-eslint/archive/refs/heads/main.zip")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #14c8e0739280f89f Environment-variable access.
repo/packages/opencode/src/lsp/server.ts:445
    const potentialVenvPaths = [process.env["VIRTUAL_ENV"], path.join(root, ".venv"), path.join(root, "venv")].filter(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ba3468db394cada7 Environment-variable access.
repo/packages/opencode/src/lsp/server.ts:502
    const potentialVenvPaths = [process.env["VIRTUAL_ENV"], path.join(root, ".venv"), path.join(root, "venv")].filter(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #5cb10298f1f9dc72 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:552
        const response = await fetch("https://github.com/elixir-lsp/elixir-ls/archive/refs/heads/master.zip")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #ea99119a421013e4 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:600
      const releaseResponse = await fetch("https://api.github.com/repos/zigtools/zls/releases/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #5bbec497239694f0 Environment-variable access.
repo/packages/opencode/src/lsp/server.ts:779
    process.env.DOTNET_CLI_HOME ?? os.homedir(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ae56dd902932811f Environment-variable access.
repo/packages/opencode/src/lsp/server.ts:789
    process.env.VSCODE_EXTENSIONS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #31d6705e2d2d3510 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:976
    const releaseResponse = await fetch("https://api.github.com/repos/clangd/clangd/releases/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #5ae95885ab089066 Filesystem access.
repo/packages/opencode/src/lsp/server.ts:1171
        const content = await fs.readFile(pomFiles[i], "utf-8").catch(() => null)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #4b47015d342ce4b7 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:1210
      const download = await fetch(releaseURL)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #bde96200b7ff33c1 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:1297
      const releaseResponse = await fetch("https://api.github.com/repos/Kotlin/kotlin-lsp/releases/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #55f5482e4aa0b809 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:1405
      const releaseResponse = await fetch("https://api.github.com/repos/LuaLS/lua-language-server/releases/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #050e20a759d6ae5d Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:1632
      const releaseResponse = await fetch("https://api.releases.hashicorp.com/v1/releases/terraform-ls/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #52105172d7eef202 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:1705
      const response = await fetch("https://api.github.com/repos/latex-lsp/texlab/releases/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #9c80e840e517967d Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:1877
      const response = await fetch("https://api.github.com/repos/Myriad-Dreamin/tinymist/releases/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #c4a1720c0c0e20d7 Environment-variable access.
repo/packages/opencode/src/plugin/azure.ts:5
  if (!process.env.AZURE_RESOURCE_NAME) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f490f881e6879e1 Environment-variable access.
repo/packages/opencode/src/plugin/cloudflare.ts:4
  const prompts = !process.env.CLOUDFLARE_ACCOUNT_ID

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f9e5d621c7bb8100 Environment-variable access.
repo/packages/opencode/src/plugin/cloudflare.ts:31
    ...(!process.env.CLOUDFLARE_ACCOUNT_ID

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9964537d932e373a Environment-variable access.
repo/packages/opencode/src/plugin/cloudflare.ts:41
    ...(!process.env.CLOUDFLARE_GATEWAY_ID

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #87fb74b567ceeb83 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/plugin/digitalocean.ts:170
  const res = await fetch(`${DO_GENAI_API}/models/routers`, {
    headers: {
      Authorization: `Bearer ${bearer}`,
      Accept: "application/json",
      "User-Agent": `opencode/${InstallationVersion}`,
    },
    signal: AbortSignal.timeout(10_000),
  }).catch(() => undefined)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #cee384790e581a6d Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/plugin/openai/codex.ts:108
  const response = await fetch(`${ISSUER}/oauth/token`, {
    method: "POST",
    headers: { "Content-Type": "application/x-www-form-urlencoded" },
    body: new URLSearchParams({
      grant_type: "authorization_code",
      code,
      redirect_uri: redirectUri,
      client_id: CLIENT_ID,
      code_verifier: pkce.verifier,
    }).toString(),
  })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #7b983261060bdf67 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/plugin/openai/codex.ts:461
            const deviceResponse = await fetch(`${ISSUER}/api/accounts/deviceauth/usercode`, {
              method: "POST",
              headers: {
                "Content-Type": "application/json",
                "User-Agent": `opencode/${InstallationVersion}`,
              },
              body: JSON.stringify({ client_id: CLIENT_ID }),
            })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #b44d6c8a432b7e8d Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/plugin/openai/codex.ts:485
                  const response = await fetch(`${ISSUER}/api/accounts/deviceauth/token`, {
                    method: "POST",
                    headers: {
                      "Content-Type": "application/json",
                      "User-Agent": `opencode/${InstallationVersion}`,
                    },
                    body: JSON.stringify({
                      device_auth_id: deviceData.device_auth_id,
                      user_code: deviceData.user_code,
                    }),
                  })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #a0261a4e90f0eacd Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/plugin/openai/codex.ts:503
                    const tokenResponse = await fetch(`${ISSUER}/oauth/token`, {
                      method: "POST",
                      headers: { "Content-Type": "application/x-www-form-urlencoded" },
                      body: new URLSearchParams({
                        grant_type: "authorization_code",
                        code: data.authorization_code,
                        redirect_uri: `${ISSUER}/deviceauth/callback`,
                        client_id: CLIENT_ID,
                        code_verifier: data.code_verifier,
                      }).toString(),
                    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #b87fa1a33e093eba Filesystem access.
repo/packages/opencode/src/project/project.ts:327
      const buffer = yield* fs.readFile(shortest).pipe(Effect.orDie)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9e40b8369834c1f2 Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:313
        const envToken = process.env.AWS_BEARER_TOKEN_BEDROCK

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c7300c96fd6d2a0b Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:316
          process.env.AWS_BEARER_TOKEN_BEDROCK = auth.key

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #30b18623843ae2de Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:325
        process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI || process.env.AWS_CONTAINER_CREDENTIALS_FULL_URI,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f6485060bfa376eb Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:573
        const envAICoreServiceKey = process.env.AICORE_SERVICE_KEY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1c4d6b31a6d6c5a3 Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:576
          process.env.AICORE_SERVICE_KEY = auth.key

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f56d7a8945bfd205 Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:581
      const deploymentId = process.env.AICORE_DEPLOYMENT_ID

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9bc8fffe8d59c061 Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:582
      const resourceGroup = process.env.AICORE_RESOURCE_GROUP

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #42fca234ccda3dcc Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/server/shared/ui.ts:9
export const UI_UPSTREAM = new URL("https://app.opencode.ai")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #8ef763e530f29989 Filesystem access.
repo/packages/opencode/src/server/shared/ui.ts:72
  return fs.readFile(file).pipe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4559d0a1db2af05f Filesystem access.
repo/packages/opencode/src/session/prompt.ts:964
                    Buffer.from(yield* fsys.readFile(filepath).pipe(Effect.catch(Effect.die))).toString("base64"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #21423243a1be3d2e Environment-variable access.
repo/packages/opencode/src/share/share-next.ts:23
const disabled = process.env["OPENCODE_DISABLE_SHARE"] === "true" || process.env["OPENCODE_DISABLE_SHARE"] === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #53caa4cafe35b540 Environment-variable access.
repo/packages/opencode/src/temporary.ts:27
    if (opts.printLogs) process.env.OPENCODE_PRINT_LOGS = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d251d5d97b598211 Environment-variable access.
repo/packages/opencode/src/temporary.ts:28
    if (opts.logLevel) process.env.OPENCODE_LOG_LEVEL = opts.logLevel

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #af3065f2d601ad51 Filesystem access.
repo/packages/opencode/src/tool/apply_patch.ts:115
            const source = yield* Bom.readFile(afs, filePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #012cd7e52ff9fc17 Filesystem access.
repo/packages/opencode/src/tool/apply_patch.ts:162
            const source = yield* Bom.readFile(afs, filePath).pipe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #13dace94d8ccb9c5 Filesystem access.
repo/packages/opencode/src/tool/edit.ts:126
              const source = yield* Bom.readFile(afs, filePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4533ec1cd72c4cd9 Environment-variable access.
repo/packages/opencode/src/tool/mcp-websearch.ts:4
export const EXA_URL = process.env.EXA_API_KEY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ea1c0331ed77f0ee Environment-variable access.
repo/packages/opencode/src/tool/mcp-websearch.ts:5
  ? `https://mcp.exa.ai/mcp?exaApiKey=${encodeURIComponent(process.env.EXA_API_KEY)}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4a20a9a4ba2a4d55 Filesystem access.
repo/packages/opencode/src/tool/read.ts:307
        const bytes = yield* fs.readFile(filepath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8d6dc4d954acd71a Environment-variable access.
repo/packages/opencode/src/tool/shell.ts:142
  if (process.platform !== "win32") return process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7212c7db94b5d8d8 Environment-variable access.
repo/packages/opencode/src/tool/shell.ts:144
  return name ? process.env[name] : undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e6777252878fe529 Environment-variable access.
repo/packages/opencode/src/tool/websearch.ts:31
  const override = process.env.OPENCODE_WEBSEARCH_PROVIDER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c2b34d173889d769 Environment-variable access.
repo/packages/opencode/src/tool/websearch.ts:56
  if (!process.env.PARALLEL_API_KEY) return headers

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #733e23e41f8ea431 Environment-variable access.
repo/packages/opencode/src/tool/websearch.ts:57
  return { ...headers, Authorization: `Bearer ${process.env.PARALLEL_API_KEY}` }

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #746c9a8f495c7b48 Filesystem access.
repo/packages/opencode/src/tool/write.ts:47
          const source = exists ? yield* Bom.readFile(fs, filepath) : { bom: false, text: "" }

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #800b15c83d6ac72e Filesystem access.
repo/packages/opencode/src/util/bom.ts:19
  return split(new TextDecoder("utf-8", { ignoreBOM: true }).decode(yield* fs.readFile(filePath)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f5d8bea36be843b3 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:1
import { chmod, mkdir, readFile, stat as statFile, writeFile } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #41f7b79ed66a6361 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:2
import { createWriteStream, existsSync, statSync } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #23b3a74daa00a2aa Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:3
import { realpathSync } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #162651a2928685b8 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:41
  return readFile(p, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #80fb7aae9dc3e805 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:45
  return JSON.parse(await readFile(p, "utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #274f7f05880c9bc8 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:49
  return readFile(p)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #780f893b7b7a354a Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:53
  const buf = await readFile(p)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d67838da0ca33f64 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:64
      await writeFile(p, content, { mode })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #06dd016984ccec6c Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:66
      await writeFile(p, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a1a4b6f9141744a5 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:72
        await writeFile(p, content, { mode })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #447cb363fcfb4701 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:74
        await writeFile(p, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6e7991f687874df7 Environment-variable access.
repo/packages/opencode/src/util/proxy-env.ts:69
  return process.env[key.toLowerCase()] || process.env[key.toUpperCase()] || ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c9c9f02ad4a92ce3 Environment-variable access.
repo/packages/opencode/src/util/repository.ts:100
  const base = process.env.OPENCODE_REPO_CLONE_GITHUB_BASE_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9298a43af6cc2113 Environment-variable access.
repo/packages/script/src/index.ts:21
  OPENCODE_CHANNEL: process.env["OPENCODE_CHANNEL"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e459ef079e077b1 Environment-variable access.
repo/packages/script/src/index.ts:22
  OPENCODE_BUMP: process.env["OPENCODE_BUMP"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #442650696bdd6523 Environment-variable access.
repo/packages/script/src/index.ts:23
  OPENCODE_VERSION: process.env["OPENCODE_VERSION"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b203938b1a651acc Environment-variable access.
repo/packages/script/src/index.ts:24
  OPENCODE_RELEASE: process.env["OPENCODE_RELEASE"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #d8a01cd8aaeb5b3b Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/script/src/index.ts:37
  const version = await fetch("https://registry.npmjs.org/opencode-ai/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #c3cf3ac5a7b56f12 Environment-variable access.
repo/packages/server/src/auth.ts:53
  const password = credentials?.password ?? process.env.OPENCODE_SERVER_PASSWORD

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3f6091fbfab9ec04 Environment-variable access.
repo/packages/server/src/auth.ts:56
  return `Basic ${Buffer.from(`${credentials?.username ?? process.env.OPENCODE_SERVER_USERNAME ?? "opencode"}:${password}`).toString("base64")}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ba53f7c30b5d9b0b Filesystem access.
repo/packages/session-ui/src/components/file-media.tsx:104
    void input.readFile(input.path).then(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #07699a87b7c53702 Environment-variable access.
repo/packages/slack/src/index.ts:5
  token: process.env.SLACK_BOT_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #99a9c53af65df014 Environment-variable access.
repo/packages/slack/src/index.ts:6
  signingSecret: process.env.SLACK_SIGNING_SECRET,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #65e37d0ca1f08167 Environment-variable access.
repo/packages/slack/src/index.ts:8
  appToken: process.env.SLACK_APP_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b263501230a0377d Environment-variable access.
repo/packages/slack/src/index.ts:12
console.log("- Bot token present:", !!process.env.SLACK_BOT_TOKEN)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d9e0e9c8a0e21529 Environment-variable access.
repo/packages/slack/src/index.ts:13
console.log("- Signing secret present:", !!process.env.SLACK_SIGNING_SECRET)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a5eebf8c8643fb58 Environment-variable access.
repo/packages/slack/src/index.ts:14
console.log("- App token present:", !!process.env.SLACK_APP_TOKEN)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #4229e7ff95f57201 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/stats/app/src/routes/api/newsletter.ts:17
  const response = await fetch(`https://api.emailoctopus.com/lists/${listId}/contacts`, {
    method: "PUT",
    headers: {
      Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      email_address: emailAddress.trim(),
    }),
  })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #744e15df0ceb228c Environment-variable access.
repo/packages/stats/core/src/domain/home.ts:282
  return process.env.DATABASE_URL ?? Resource.StatsDatabase.url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #db2bfb0220e5e2b2 Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:32
    process.env.PLANETSCALE_HOST &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c1139378b57e9b4c Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:33
    process.env.PLANETSCALE_USERNAME &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #22b6211c08c3ed1f Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:34
    process.env.PLANETSCALE_PASSWORD &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4dc6d243d327f330 Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:35
    process.env.PLANETSCALE_DATABASE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #82f718effd8be938 Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:37
    return `mysql://${encodeURIComponent(process.env.PLANETSCALE_USERNAME)}:${encodeURIComponent(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5ad80cfc86d4eca9 Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:38
      process.env.PLANETSCALE_PASSWORD,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3ab0c63c1954756d Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:39
    )}@${process.env.PLANETSCALE_HOST}/${process.env.PLANETSCALE_DATABASE}?ssl=${encodeURIComponent(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0b31a0992d14430d Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:43
  return process.env.DATABASE_URL ?? Resource.StatsDatabase.url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6b165991c4cf91d1 Environment-variable access.
repo/packages/stats/core/src/honeycomb-backfill.ts:944
    databaseUrl: flags.get("database-url")?.[0] ?? process.env.DATABASE_URL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #93c259de3e616ffc Filesystem access.
repo/packages/storybook/.storybook/playground-css-plugin.ts:117
              const content = fs.readFileSync(abs, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6c0d8aff9c8a3316 Filesystem access.
repo/packages/storybook/.storybook/playground-css-plugin.ts:122
                fs.writeFileSync(abs, applied.content, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #77f17e09430d7359 Environment-variable access.
repo/packages/tui/src/app.tsx:267
                        multiplexer: process.env.TMUX ? "tmux" : process.env.STY ? "screen" : undefined,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #50772e5d20fbe892 Environment-variable access.
repo/packages/tui/src/app.tsx:268
                        displayServer: process.env.WAYLAND_DISPLAY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3582a8d579ab3d8d Environment-variable access.
repo/packages/tui/src/app.tsx:270
                          : process.env.DISPLAY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6c4b3259f8acb508 Environment-variable access.
repo/packages/tui/src/app.tsx:277
                          initialRoute: process.env.OPENCODE_ROUTE ? JSON.parse(process.env.OPENCODE_ROUTE) : undefined,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b7f265cc16d7b0e3 Environment-variable access.
repo/packages/tui/src/app.tsx:278
                          skipInitialLoading: Boolean(process.env.OPENCODE_FAST_BOOT),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #655ecd4882d847df Filesystem access.
repo/packages/tui/src/audio.ts:28
  const task = readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #93d8dd9268a19b93 Environment-variable access.
repo/packages/tui/src/clipboard.ts:26
  process.stdout.write(process.env.TMUX || process.env.STY ? `\x1bPtmux;\x1b${sequence}\x1b\\` : sequence)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #41d6b8b85c321d34 Filesystem access.
repo/packages/tui/src/clipboard.ts:45
      return { data: (await readFile(file)).toString("base64"), mime: "image/png" }

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3cc40f92528347dd Environment-variable access.
repo/packages/tui/src/clipboard.ts:101
    const native = copyCommand(platform(), Boolean(process.env.WAYLAND_DISPLAY), (name) => Boolean(which(name)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #f52f73e4b24be4dd Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/tui/src/component/error-component.tsx:207
  const url = new URL("https://github.com/anomalyco/opencode/issues/new?template=bug-report.yml")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #c4a02d1d60b3c4d6 Filesystem access.
repo/packages/tui/src/component/prompt/local-attachment.ts:17
      readText: (value) => readFile(value, "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a630f75ac0aee11c Filesystem access.
repo/packages/tui/src/component/prompt/local-attachment.ts:18
      readBytes: (value) => readFile(value),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eb075cf1b5d28fde Environment-variable access.
repo/packages/tui/src/context/editor.ts:117
    const value = process.env.CLAUDE_CODE_SSE_PORT || process.env.OPENCODE_EDITOR_SSE_PORT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6a514cd91610d4b4 Environment-variable access.
repo/packages/tui/src/context/editor.ts:121
    const zedTerminal = process.env.ZED_TERM === "true" || process.env.TERM_PROGRAM?.toLowerCase() === "zed"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #25282f9d740341f6 Filesystem access.
repo/packages/tui/src/context/theme.tsx:57
      result[path.basename(file, ".json")] = JSON.parse(await readFile(file, "utf8")) as unknown

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e7d5705eb547e46a Filesystem access.
repo/packages/tui/src/editor-zed.ts:67
      : await readFileAsync(row.buffer_path, "utf8").catch(() => undefined)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #19d4c77edea5f942 Environment-variable access.
repo/packages/tui/src/editor-zed.ts:189
    process.env.OPENCODE_ZED_DB,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9e779721b0c754e8 Environment-variable access.
repo/packages/tui/src/editor-zed.ts:198
  return process.env.ZED_TERM === "true" || process.env.TERM_PROGRAM?.toLowerCase() === "zed"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c8b9de63582c4d8f Environment-variable access.
repo/packages/tui/src/editor.ts:27
  const editor = process.env.VISUAL || process.env.EDITOR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b018e18906cfc4d6 Filesystem access.
repo/packages/tui/src/editor.ts:30
  await writeFile(file, input.value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ed0f3ade77887624 Filesystem access.
repo/packages/tui/src/editor.ts:47
    return (await readFile(file, "utf8")) || undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #03f091d7afde409b Filesystem access.
repo/packages/tui/src/editor.ts:71
          const value = JSON.parse(readFileSync(file, "utf8")) as Record<string, unknown>

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6e628f8430fc7270 Filesystem access.
repo/packages/tui/src/routes/session/index.tsx:183
    await writeFile(file, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #67775475526bbc96 Filesystem access.
repo/packages/tui/src/util/persistence.ts:2
import { appendFile, mkdir, rename, rm } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #70ef55139201f010 Environment-variable access.
repo/packages/tui/src/util/system.ts:16
  const program = process.env.TERM_PROGRAM || process.env.TERM || "unknown"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5713e98a0c885864 Environment-variable access.
repo/packages/tui/src/util/system.ts:17
  const version = process.env.TERM_PROGRAM_VERSION ? ` ${process.env.TERM_PROGRAM_VERSION}` : ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1da317649512d06d Environment-variable access.
repo/packages/tui/src/util/system.ts:18
  const multiplexer = process.env.TMUX ? " in tmux" : process.env.STY ? " in screen" : ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5f4ccf33521f7a86 Filesystem access.
repo/packages/ui/vite.config.ts:4
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7fca1c6a91c664d5 Environment-variable access.
repo/packages/ui/vite.config.ts:48
  const url = process.env.OPENCODE_MODELS_URL || "https://models.dev"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #56ef3c6c5937f600 Filesystem access.
repo/packages/ui/vite.config.ts:56
        .then((svg) => fs.writeFileSync(`./src/assets/icons/provider/${provider}.svg`, svg)),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e2ea5a886876c8cd Environment-variable access.
repo/packages/web/config.mjs:1
const stage = process.env.SST_STAGE || "dev"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8fd1b60a9c038b69 Filesystem access.
repo/script/beta.ts:4
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #25a525309ca2ba82 Environment-variable access.
repo/script/beta.ts:61
  if (process.env.GITHUB_ACTIONS !== "true") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8f4df3af9a6e72d6 Filesystem access.
repo/script/changelog.ts:3
import { rm } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b011ef4c923b0738 Environment-variable access.
repo/script/github/close-issues.ts:7
const token = process.env.GITHUB_TOKEN

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ce1ad2a6cbb72a63 Environment-variable access.
repo/script/github/close-prs.ts:346
  const envToken = process.env.GITHUB_TOKEN ?? process.env.GH_TOKEN

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2f7c591d3040127c Environment-variable access.
repo/script/publish.ts:72
  await $`gh release edit ${tag} --draft=false --repo ${process.env.GH_REPO}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8c51dc8a994c108e Environment-variable access.
repo/script/raw-changelog.ts:25
const repo = process.env.GH_REPO ?? "anomalyco/opencode"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #70a31f2eed3a4cf0 Environment-variable access.
repo/script/stats.ts:4
  const key = process.env["POSTHOG_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #1e4c4896e9cc89cd Hardcoded external endpoint. Review what data is sent to this destination.
repo/script/stats.ts:11
  const response = await fetch("https://us.i.posthog.com/i/v0/e/", {
    method: "POST",
    headers: {
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      distinct_id: "download",
      api_key: key,
      event,
      properties: {
        ...properties,
      },
    }),
  }).catch(() => null)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #2d51a2c7331b37ef Environment-variable access.
repo/script/version.ts:7
const sha = process.env.GITHUB_SHA ?? (await $`git rev-parse HEAD`.text()).trim()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c615539e828fd2eb Environment-variable access.
repo/script/version.ts:15
  const dir = process.env.RUNNER_TEMP ?? "/tmp"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ff06a3cd90ca961 Environment-variable access.
repo/script/version.ts:23
  await $`gh release create v${Script.version} -d --title "v${Script.version}" --repo ${process.env.GH_REPO}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4f3bdfc30de2b84b Environment-variable access.
repo/script/version.ts:25
    await $`gh release view v${Script.version} --json tagName,databaseId --repo ${process.env.GH_REPO}`.json()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d6b11fa546e61a02 Environment-variable access.
repo/script/version.ts:30
output.push(`repo=${process.env.GH_REPO}`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #21a6f52aafabd9e0 Environment-variable access.
repo/script/version.ts:32
if (process.env.GITHUB_OUTPUT) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #76f2ea42192d5efe Environment-variable access.
repo/script/version.ts:33
  await Bun.write(process.env.GITHUB_OUTPUT, output.join("\n"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #61c2459020da3886 Environment-variable access.
repo/sst.config.ts:14
          profile: process.env.GITHUB_ACTIONS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #10467a15ea057995 Environment-variable access.
repo/sst.config.ts:22
          apiKey: process.env.STRIPE_SECRET_KEY!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/opencode

npm first-party
high pii_flow production #6fc56dda8cccdd8a User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/script/generate.ts:13 · flow /tmp/closeopen-qjyvbc5c/repo/packages/opencode/script/generate.ts:10 → /tmp/closeopen-qjyvbc5c/repo/packages/opencode/script/generate.ts:13
  : await fetch(`${modelsUrl}/api.json`).then((x) => x.text())

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #826192abe1ddf83a User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/cli/cmd/github.handler.ts:791 · flow /tmp/closeopen-qjyvbc5c/repo/packages/opencode/src/cli/cmd/github.handler.ts:471 → /tmp/closeopen-qjyvbc5c/repo/packages/opencode/src/cli/cmd/github.handler.ts:791
        const res = await fetch(url, {
          headers: {
            Authorization: `Bearer ${appToken}`,
            Accept: "application/vnd.github.v3+json",
          },
        })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #0f2b5e11af29e807 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/cli/cmd/github.handler.ts:1583 · flow /tmp/closeopen-qjyvbc5c/repo/packages/opencode/src/cli/cmd/github.handler.ts:471 → /tmp/closeopen-qjyvbc5c/repo/packages/opencode/src/cli/cmd/github.handler.ts:1583
      await fetch("https://api.github.com/installation/token", {
        method: "DELETE",
        headers: {
          Authorization: `Bearer ${appToken}`,
          Accept: "application/vnd.github+json",
          "X-GitHub-Api-Version": "2022-11-28",
        },
      })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #f44b67893e8ac991 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/openai/codex.ts:485 · flow /tmp/closeopen-qjyvbc5c/repo/packages/opencode/src/plugin/openai/codex.ts:493 → /tmp/closeopen-qjyvbc5c/repo/packages/opencode/src/plugin/openai/codex.ts:485
                  const response = await fetch(`${ISSUER}/api/accounts/deviceauth/token`, {
                    method: "POST",
                    headers: {
                      "Content-Type": "application/json",
                      "User-Agent": `opencode/${InstallationVersion}`,
                    },
                    body: JSON.stringify({
                      device_auth_id: deviceData.device_auth_id,
                      user_code: deviceData.user_code,
                    }),
                  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #ebde98d8e3df1ef5 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/openai/codex.ts:503 · flow /tmp/closeopen-qjyvbc5c/repo/packages/opencode/src/plugin/openai/codex.ts:493 → /tmp/closeopen-qjyvbc5c/repo/packages/opencode/src/plugin/openai/codex.ts:503
                    const tokenResponse = await fetch(`${ISSUER}/oauth/token`, {
                      method: "POST",
                      headers: { "Content-Type": "application/x-www-form-urlencoded" },
                      body: new URLSearchParams({
                        grant_type: "authorization_code",
                        code: data.authorization_code,
                        redirect_uri: `${ISSUER}/deviceauth/callback`,
                        client_id: CLIENT_ID,
                        code_verifier: data.code_verifier,
                      }).toString(),
                    })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #b4d52ff92cd2dccc User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/xai.ts:149 · flow /tmp/closeopen-qjyvbc5c/repo/packages/opencode/src/plugin/xai.ts:149 → /tmp/closeopen-qjyvbc5c/repo/packages/opencode/src/plugin/xai.ts:149
  const response = await fetch(options.tokenUrl ?? TOKEN_URL, {
    method: "POST",
    headers: authHeaders(),
    body: new URLSearchParams({
      grant_type: "authorization_code",
      code,
      redirect_uri: REDIRECT_URI,
      client_id: CLIENT_ID,
      code_verifier: pkce.verifier,
    }).toString(),
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #7fb1a30bb0f09e5a User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/xai.ts:168 · flow /tmp/closeopen-qjyvbc5c/repo/packages/opencode/src/plugin/xai.ts:168 → /tmp/closeopen-qjyvbc5c/repo/packages/opencode/src/plugin/xai.ts:168
  const response = await fetch(options.tokenUrl ?? TOKEN_URL, {
    method: "POST",
    headers: authHeaders(),
    body: new URLSearchParams({
      grant_type: "refresh_token",
      refresh_token: refreshToken,
      client_id: CLIENT_ID,
    }).toString(),
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #937c18fa83f25f10 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/xai.ts:251 · flow /tmp/closeopen-qjyvbc5c/repo/packages/opencode/src/plugin/xai.ts:251 → /tmp/closeopen-qjyvbc5c/repo/packages/opencode/src/plugin/xai.ts:251
    const response = await fetch(options.tokenUrl ?? TOKEN_URL, {
      method: "POST",
      headers: authHeaders(),
      body: new URLSearchParams({
        grant_type: DEVICE_CODE_GRANT_TYPE,
        client_id: CLIENT_ID,
        device_code: device.device_code,
      }).toString(),
    })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #7fbf9fc76a6bebec User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/session/llm/native-runtime.ts:90 · flow /tmp/closeopen-qjyvbc5c/repo/packages/opencode/src/session/llm/native-runtime.ts:92 → /tmp/closeopen-qjyvbc5c/repo/packages/opencode/src/session/llm/native-runtime.ts:90
  const request = LLMNative.request({
    model: input.model,
    apiKey: current.apiKey,
    baseURL: current.baseURL,
    messages: ProviderTransform.message(input.messages, input.model, input.providerOptions ?? {}),
    toolChoice: input.toolChoice,
    temperature: input.temperature,
    topP: input.topP,
    topK: input.topK,
    maxOutputTokens: input.maxOutputTokens,
    providerOptions: ProviderTransform.providerOptions(input.model, input.providerOptions ?? {}),
    headers: { ...providerHeaders(input.provider.options.headers), ...input.headers },
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium telemetry production #1be26a0decada1f9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/cli/cmd/debug/snapshot.ts:17
    const out = yield* Snapshot.Service.use((svc) => svc.track())

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b23b8f1604617ed5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/plugin/tui/runtime.ts:153
            return scope.track(typeof dispose === "function" ? (dispose as () => void) : undefined)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #8fbbc613a8bcf06c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/plugin/tui/runtime.ts:173
        return scope.track(
          attention.soundboard.registerPack({
            ...pack,
            sounds: resolveHostAttentionSoundPaths(root, pack.sounds, { trim: true }),
          }),
        )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #647c50104a123ba2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/plugin/tui/runtime.ts:199
      return scope.track(mode.push(value))

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #cbbbc7ab93377178 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/plugin/tui/runtime.ts:579
      return scope.track(api.route.register(list))

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #4ac6db5b56074587 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/plugin/tui/runtime.ts:595
      return scope.track(api.event.on(type, handler))

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #2281b0a982afab7b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/plugin/tui/runtime.ts:607
      scope.track(host.register({ ...plugin, id }))

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a350196404576bed Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/session/processor.ts:102
      const initialSnapshot = yield* snapshot.track()

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d4cc255411fba064 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/session/processor.ts:425
            if (!ctx.snapshot) ctx.snapshot = yield* snapshot.track()

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #48d6739686c5ff36 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/session/processor.ts:436
            const completedSnapshot = yield* snapshot.track()

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #feaa2c055c7ba9f1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/session/revert.ts:70
      rev.snapshot = session.revert?.snapshot ?? (yield* snap.track())

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #59beb3b3d33d5f69 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/snapshot/index.ts:780
        return yield* InstanceState.useEffect(state, (s) => s.track())

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 134 low-confidence finding(s)
low env_fs production #4a984bfca0c1be00 Filesystem access.
repo/packages/opencode/bin/opencode:4
const fs = require("fs")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d3eb0bae163b0591 Environment-variable access.
repo/packages/opencode/bin/opencode:46
const envPath = process.env.OPENCODE_BIN_PATH

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aafa1fa74b77144e Filesystem access.
repo/packages/opencode/bin/opencode:81
      return /(^|\s)avx2(\s|$)/i.test(fs.readFileSync("/proc/cpuinfo", "utf8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #89520fa09c3451c7 Filesystem access.
repo/packages/opencode/script/build.ts:4
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b34e62ea0d8939e6 Environment-variable access.
repo/packages/opencode/script/build.ts:240
  await $`gh release upload v${Script.version} ./dist/*.zip ./dist/*.tar.gz --clobber --repo ${process.env.GH_REPO}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1607897b361317db Environment-variable access.
repo/packages/opencode/script/generate.ts:10
const modelsUrl = process.env.OPENCODE_MODELS_URL || "https://models.dev"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e66e537ac08e2225 Environment-variable access.
repo/packages/opencode/script/generate.ts:11
export const modelsData = process.env.MODELS_DEV_API_JSON

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8757fd08e54777b0 Environment-variable access.
repo/packages/opencode/script/generate.ts:12
  ? await Bun.file(process.env.MODELS_DEV_API_JSON).text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #698e9a380fc01fd3 Filesystem access.
repo/packages/opencode/script/postinstall.mjs:4
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3a698a4226af037e Filesystem access.
repo/packages/opencode/script/postinstall.mjs:12
const packageJson = JSON.parse(fs.readFileSync(path.join(__dirname, "package.json"), "utf8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7673b6a5e3557d77 Filesystem access.
repo/packages/opencode/script/postinstall.mjs:36
      return /(^|\s)avx2(\s|$)/i.test(fs.readFileSync("/proc/cpuinfo", "utf8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb397cd2c47bbc89 Environment-variable access.
repo/packages/opencode/script/publish.ts:199
  const token = process.env.GITHUB_TOKEN

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #08afb1fa8920510a Environment-variable access.
repo/packages/opencode/specs/v2/api.ts:28
  value: process.env.OPENAI_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #07e6821453d26272 Environment-variable access.
repo/packages/opencode/src/acp/profile.ts:1
const enabled = process.env.OPENCODE_ACP_PROFILE === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f77d9ab07773e0ad Environment-variable access.
repo/packages/opencode/src/auth/index.ts:59
      if (process.env.OPENCODE_AUTH_CONTENT) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c9b0a858b44ba151 Environment-variable access.
repo/packages/opencode/src/auth/index.ts:61
          return JSON.parse(process.env.OPENCODE_AUTH_CONTENT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #221cf6750807ab17 Environment-variable access.
repo/packages/opencode/src/cli/cmd/acp.ts:23
    process.env.OPENCODE_CLIENT = "acp"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1bdad7d094d0252e Filesystem access.
repo/packages/opencode/src/cli/cmd/agent.ts:6
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f63a87568c9d6a9e Environment-variable access.
repo/packages/opencode/src/cli/cmd/debug/index.ts:56
    const termProgram = process.env.TERM_PROGRAM

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a82a06c800da13a4 Environment-variable access.
repo/packages/opencode/src/cli/cmd/debug/index.ts:57
      ? `${process.env.TERM_PROGRAM}${process.env.TERM_PROGRAM_VERSION ? ` ${process.env.TERM_PROGRAM_VERSION}` : ""}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #69ee2be2bc82fb35 Environment-variable access.
repo/packages/opencode/src/cli/cmd/debug/index.ts:59
    const terminal = [termProgram, process.env.TERM].filter((item): item is string => Boolean(item)).join(" / ")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #61f33b334e16db16 Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:406
    const variant = process.env["VARIANT"] || undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3608cb463a1b4747 Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:471
        const githubToken = process.env["GITHUB_TOKEN"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dcf4c03668834560 Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:656
      const value = process.env["MODEL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e78d5cb4140fb2ef Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:667
      const value = process.env["GITHUB_RUN_ID"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cb0e0cc145a27314 Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:673
      const value = process.env["SHARE"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #83d5534671266a95 Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:681
      const value = process.env["USE_GITHUB_TOKEN"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b49c953924820ec0 Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:689
      const value = process.env["OIDC_BASE_URL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #39c4784451f664b3 Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:724
      const customPrompt = process.env["PROMPT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c846c56104396dea Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:739
      const mentions = (process.env["MENTIONS"] || "/opencode,/oc")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #dabc5ab7151ba134 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/cli/cmd/github.handler.ts:1583
      await fetch("https://api.github.com/installation/token", {
        method: "DELETE",
        headers: {
          Authorization: `Bearer ${appToken}`,
          Accept: "application/vnd.github+json",
          "X-GitHub-Api-Version": "2022-11-28",
        },
      })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #fdd74d61e413a6fb Environment-variable access.
repo/packages/opencode/src/cli/cmd/providers.ts:277
        if (process.env[envVar]) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #23f2d69805136372 Environment-variable access.
repo/packages/opencode/src/cli/cmd/run.ts:333
      const root = Filesystem.resolve(process.env.PWD ?? process.cwd())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eedcafd8e90194e5 Filesystem access.
repo/packages/opencode/src/cli/cmd/run/runtime.stdin.ts:1
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c627c972b8b74983 Filesystem access.
repo/packages/opencode/src/cli/cmd/run/trace.ts:14
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c3077538177f3220 Environment-variable access.
repo/packages/opencode/src/cli/cmd/run/trace.ts:58
  if (!process.env.OPENCODE_DIRECT_TRACE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d884aef0b749d13a Filesystem access.
repo/packages/opencode/src/cli/cmd/run/trace.ts:65
  fs.writeFileSync(
    latest(),
    text({
      time: new Date().toISOString(),
      pid: process.pid,
      cwd: process.cwd(),
      argv: process.argv.slice(2),
      path: target,
    }) + "\n",
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #23a786debc299f6d Environment-variable access.
repo/packages/opencode/src/cli/cmd/tui.ts:66
export function resolveThreadDirectory(project?: string, envPWD = process.env.PWD, cwd = process.cwd()) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9b1a60c27de662ec Filesystem access.
repo/packages/opencode/src/cli/cmd/uninstall.ts:6
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d980a3956626287d Environment-variable access.
repo/packages/opencode/src/cli/cmd/uninstall.ts:236
  const shell = path.basename(process.env.SHELL || "bash")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8dd20824e02bc8fb Environment-variable access.
repo/packages/opencode/src/cli/cmd/uninstall.ts:238
  const xdgConfig = process.env.XDG_CONFIG_HOME || path.join(home, ".config")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c3d5882ed608235d Filesystem access.
repo/packages/opencode/src/config/config.ts:9
import fsNode from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7317e6d29ac20352 Filesystem access.
repo/packages/opencode/src/config/config.ts:15
import { existsSync } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8b5562ea90520d4b Filesystem access.
repo/packages/opencode/src/config/config.ts:271
              await fsNode.writeFile(path.join(Global.Path.config, "config.json"), JSON.stringify(result, null, 2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1ac7141634df80bd Environment-variable access.
repo/packages/opencode/src/config/config.ts:468
        if (process.env.OPENCODE_CONFIG_CONTENT) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #19be18034df9e3e1 Environment-variable access.
repo/packages/opencode/src/config/config.ts:470
          const next = yield* loadConfig(process.env.OPENCODE_CONFIG_CONTENT, {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1a31b1d8f4e6cfd5 Environment-variable access.
repo/packages/opencode/src/config/config.ts:491
              process.env["OPENCODE_CONSOLE_TOKEN"] = tokenOpt.value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #492fa4495191f006 Filesystem access.
repo/packages/opencode/src/config/managed.ts:3
import { existsSync } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5268d3ee14676204 Environment-variable access.
repo/packages/opencode/src/config/managed.ts:25
      return path.join(process.env.ProgramData || "C:\\ProgramData", "opencode")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5fc381b7481b30a8 Environment-variable access.
repo/packages/opencode/src/config/managed.ts:32
  return process.env.OPENCODE_TEST_MANAGED_CONFIG_DIR || systemManagedConfigDir()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #07bed68753ed9aec Environment-variable access.
repo/packages/opencode/src/config/variable.ts:37
    return (input.env?.[varName] ?? process.env[varName]) || ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2bd8b3f457d8a2d1 Filesystem access.
repo/packages/opencode/src/control-plane/dev/debug-workspace-plugin.ts:30
  await writeFile(
    DEV_DATA_TEMP_FILE,
    JSON.stringify(
      {
        port,
        id,
        env,
      },
      null,
      2,
    ),
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b8777ebea8cd43ce Environment-variable access.
repo/packages/opencode/src/control-plane/workspace.ts:533
        OTEL_EXPORTER_OTLP_HEADERS: process.env.OTEL_EXPORTER_OTLP_HEADERS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9256b98188b7249b Environment-variable access.
repo/packages/opencode/src/control-plane/workspace.ts:534
        OTEL_EXPORTER_OTLP_ENDPOINT: process.env.OTEL_EXPORTER_OTLP_ENDPOINT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e41a62ce61209053 Environment-variable access.
repo/packages/opencode/src/control-plane/workspace.ts:535
        OTEL_RESOURCE_ATTRIBUTES: process.env.OTEL_RESOURCE_ATTRIBUTES,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d716614498f2524d Environment-variable access.
repo/packages/opencode/src/ide/index.ts:23
  if (process.env["TERM_PROGRAM"] === "vscode") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a72ff3c31d5d6de6 Environment-variable access.
repo/packages/opencode/src/ide/index.ts:24
    const v = process.env["GIT_ASKPASS"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9ec567e8eff87c5f Environment-variable access.
repo/packages/opencode/src/ide/index.ts:33
  return process.env["OPENCODE_CALLER"] === "vscode" || process.env["OPENCODE_CALLER"] === "vscode-insiders"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d4876e8ed4d8fa26 Environment-variable access.
repo/packages/opencode/src/index.ts:67
    if (opts.printLogs) process.env.OPENCODE_PRINT_LOGS = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0833f5e4b7b99067 Environment-variable access.
repo/packages/opencode/src/index.ts:68
    if (opts.logLevel) process.env.OPENCODE_LOG_LEVEL = opts.logLevel

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0d39b899664241aa Environment-variable access.
repo/packages/opencode/src/index.ts:70
      process.env.OPENCODE_PURE = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ab36b7cb43be3f19 Environment-variable access.
repo/packages/opencode/src/index.ts:75
    process.env.AGENT = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8674c5be9b4ac139 Environment-variable access.
repo/packages/opencode/src/index.ts:76
    process.env.OPENCODE = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #28b333a4953c5f58 Environment-variable access.
repo/packages/opencode/src/index.ts:77
    process.env.OPENCODE_PID = String(process.pid)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #fd2f2b8b0eca6c43 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/installation/index.ts:147
        const response = yield* httpOk.execute(HttpClientRequest.get("https://opencode.ai/install"))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #a286589d8c0c29f6 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/installation/index.ts:219
            HttpClientRequest.get("https://formulae.brew.sh/api/formula/opencode.json").pipe(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #e6b720da9f30abc3 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/installation/index.ts:239
            HttpClientRequest.get(
              "https://community.chocolatey.org/api/v2/Packages?$filter=Id%20eq%20%27opencode%27%20and%20IsLatestVersion&$select=Version",
            ).pipe(HttpClientRequest.setHeaders({ Accept: "application/json;odata=verbose" })),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #c99460d242817a71 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/installation/index.ts:249
            HttpClientRequest.get(
              "https://raw.githubusercontent.com/ScoopInstaller/Main/master/bucket/opencode.json",
            ).pipe(HttpClientRequest.setHeaders({ Accept: "application/json" })),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #ae42b6e47090b5bd Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/installation/index.ts:258
          HttpClientRequest.get("https://api.github.com/repos/anomalyco/opencode/releases/latest").pipe(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #262f86216bad807d Filesystem access.
repo/packages/opencode/src/lsp/server.ts:6
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #e6e81a5a39489d36 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:183
      const response = await fetch("https://github.com/microsoft/vscode-eslint/archive/refs/heads/main.zip")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #14c8e0739280f89f Environment-variable access.
repo/packages/opencode/src/lsp/server.ts:445
    const potentialVenvPaths = [process.env["VIRTUAL_ENV"], path.join(root, ".venv"), path.join(root, "venv")].filter(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ba3468db394cada7 Environment-variable access.
repo/packages/opencode/src/lsp/server.ts:502
    const potentialVenvPaths = [process.env["VIRTUAL_ENV"], path.join(root, ".venv"), path.join(root, "venv")].filter(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #5cb10298f1f9dc72 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:552
        const response = await fetch("https://github.com/elixir-lsp/elixir-ls/archive/refs/heads/master.zip")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #ea99119a421013e4 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:600
      const releaseResponse = await fetch("https://api.github.com/repos/zigtools/zls/releases/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #5bbec497239694f0 Environment-variable access.
repo/packages/opencode/src/lsp/server.ts:779
    process.env.DOTNET_CLI_HOME ?? os.homedir(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ae56dd902932811f Environment-variable access.
repo/packages/opencode/src/lsp/server.ts:789
    process.env.VSCODE_EXTENSIONS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #31d6705e2d2d3510 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:976
    const releaseResponse = await fetch("https://api.github.com/repos/clangd/clangd/releases/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #5ae95885ab089066 Filesystem access.
repo/packages/opencode/src/lsp/server.ts:1171
        const content = await fs.readFile(pomFiles[i], "utf-8").catch(() => null)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #4b47015d342ce4b7 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:1210
      const download = await fetch(releaseURL)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #bde96200b7ff33c1 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:1297
      const releaseResponse = await fetch("https://api.github.com/repos/Kotlin/kotlin-lsp/releases/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #55f5482e4aa0b809 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:1405
      const releaseResponse = await fetch("https://api.github.com/repos/LuaLS/lua-language-server/releases/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #050e20a759d6ae5d Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:1632
      const releaseResponse = await fetch("https://api.releases.hashicorp.com/v1/releases/terraform-ls/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #52105172d7eef202 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:1705
      const response = await fetch("https://api.github.com/repos/latex-lsp/texlab/releases/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #9c80e840e517967d Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:1877
      const response = await fetch("https://api.github.com/repos/Myriad-Dreamin/tinymist/releases/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #c4a1720c0c0e20d7 Environment-variable access.
repo/packages/opencode/src/plugin/azure.ts:5
  if (!process.env.AZURE_RESOURCE_NAME) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f490f881e6879e1 Environment-variable access.
repo/packages/opencode/src/plugin/cloudflare.ts:4
  const prompts = !process.env.CLOUDFLARE_ACCOUNT_ID

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f9e5d621c7bb8100 Environment-variable access.
repo/packages/opencode/src/plugin/cloudflare.ts:31
    ...(!process.env.CLOUDFLARE_ACCOUNT_ID

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9964537d932e373a Environment-variable access.
repo/packages/opencode/src/plugin/cloudflare.ts:41
    ...(!process.env.CLOUDFLARE_GATEWAY_ID

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #87fb74b567ceeb83 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/plugin/digitalocean.ts:170
  const res = await fetch(`${DO_GENAI_API}/models/routers`, {
    headers: {
      Authorization: `Bearer ${bearer}`,
      Accept: "application/json",
      "User-Agent": `opencode/${InstallationVersion}`,
    },
    signal: AbortSignal.timeout(10_000),
  }).catch(() => undefined)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #cee384790e581a6d Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/plugin/openai/codex.ts:108
  const response = await fetch(`${ISSUER}/oauth/token`, {
    method: "POST",
    headers: { "Content-Type": "application/x-www-form-urlencoded" },
    body: new URLSearchParams({
      grant_type: "authorization_code",
      code,
      redirect_uri: redirectUri,
      client_id: CLIENT_ID,
      code_verifier: pkce.verifier,
    }).toString(),
  })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #7b983261060bdf67 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/plugin/openai/codex.ts:461
            const deviceResponse = await fetch(`${ISSUER}/api/accounts/deviceauth/usercode`, {
              method: "POST",
              headers: {
                "Content-Type": "application/json",
                "User-Agent": `opencode/${InstallationVersion}`,
              },
              body: JSON.stringify({ client_id: CLIENT_ID }),
            })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #b44d6c8a432b7e8d Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/plugin/openai/codex.ts:485
                  const response = await fetch(`${ISSUER}/api/accounts/deviceauth/token`, {
                    method: "POST",
                    headers: {
                      "Content-Type": "application/json",
                      "User-Agent": `opencode/${InstallationVersion}`,
                    },
                    body: JSON.stringify({
                      device_auth_id: deviceData.device_auth_id,
                      user_code: deviceData.user_code,
                    }),
                  })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #a0261a4e90f0eacd Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/plugin/openai/codex.ts:503
                    const tokenResponse = await fetch(`${ISSUER}/oauth/token`, {
                      method: "POST",
                      headers: { "Content-Type": "application/x-www-form-urlencoded" },
                      body: new URLSearchParams({
                        grant_type: "authorization_code",
                        code: data.authorization_code,
                        redirect_uri: `${ISSUER}/deviceauth/callback`,
                        client_id: CLIENT_ID,
                        code_verifier: data.code_verifier,
                      }).toString(),
                    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #b87fa1a33e093eba Filesystem access.
repo/packages/opencode/src/project/project.ts:327
      const buffer = yield* fs.readFile(shortest).pipe(Effect.orDie)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9e40b8369834c1f2 Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:313
        const envToken = process.env.AWS_BEARER_TOKEN_BEDROCK

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c7300c96fd6d2a0b Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:316
          process.env.AWS_BEARER_TOKEN_BEDROCK = auth.key

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #30b18623843ae2de Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:325
        process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI || process.env.AWS_CONTAINER_CREDENTIALS_FULL_URI,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f6485060bfa376eb Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:573
        const envAICoreServiceKey = process.env.AICORE_SERVICE_KEY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1c4d6b31a6d6c5a3 Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:576
          process.env.AICORE_SERVICE_KEY = auth.key

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f56d7a8945bfd205 Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:581
      const deploymentId = process.env.AICORE_DEPLOYMENT_ID

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9bc8fffe8d59c061 Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:582
      const resourceGroup = process.env.AICORE_RESOURCE_GROUP

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #42fca234ccda3dcc Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/server/shared/ui.ts:9
export const UI_UPSTREAM = new URL("https://app.opencode.ai")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #8ef763e530f29989 Filesystem access.
repo/packages/opencode/src/server/shared/ui.ts:72
  return fs.readFile(file).pipe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4559d0a1db2af05f Filesystem access.
repo/packages/opencode/src/session/prompt.ts:964
                    Buffer.from(yield* fsys.readFile(filepath).pipe(Effect.catch(Effect.die))).toString("base64"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #21423243a1be3d2e Environment-variable access.
repo/packages/opencode/src/share/share-next.ts:23
const disabled = process.env["OPENCODE_DISABLE_SHARE"] === "true" || process.env["OPENCODE_DISABLE_SHARE"] === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #53caa4cafe35b540 Environment-variable access.
repo/packages/opencode/src/temporary.ts:27
    if (opts.printLogs) process.env.OPENCODE_PRINT_LOGS = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d251d5d97b598211 Environment-variable access.
repo/packages/opencode/src/temporary.ts:28
    if (opts.logLevel) process.env.OPENCODE_LOG_LEVEL = opts.logLevel

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #af3065f2d601ad51 Filesystem access.
repo/packages/opencode/src/tool/apply_patch.ts:115
            const source = yield* Bom.readFile(afs, filePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #012cd7e52ff9fc17 Filesystem access.
repo/packages/opencode/src/tool/apply_patch.ts:162
            const source = yield* Bom.readFile(afs, filePath).pipe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #13dace94d8ccb9c5 Filesystem access.
repo/packages/opencode/src/tool/edit.ts:126
              const source = yield* Bom.readFile(afs, filePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4533ec1cd72c4cd9 Environment-variable access.
repo/packages/opencode/src/tool/mcp-websearch.ts:4
export const EXA_URL = process.env.EXA_API_KEY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ea1c0331ed77f0ee Environment-variable access.
repo/packages/opencode/src/tool/mcp-websearch.ts:5
  ? `https://mcp.exa.ai/mcp?exaApiKey=${encodeURIComponent(process.env.EXA_API_KEY)}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4a20a9a4ba2a4d55 Filesystem access.
repo/packages/opencode/src/tool/read.ts:307
        const bytes = yield* fs.readFile(filepath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8d6dc4d954acd71a Environment-variable access.
repo/packages/opencode/src/tool/shell.ts:142
  if (process.platform !== "win32") return process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7212c7db94b5d8d8 Environment-variable access.
repo/packages/opencode/src/tool/shell.ts:144
  return name ? process.env[name] : undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e6777252878fe529 Environment-variable access.
repo/packages/opencode/src/tool/websearch.ts:31
  const override = process.env.OPENCODE_WEBSEARCH_PROVIDER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c2b34d173889d769 Environment-variable access.
repo/packages/opencode/src/tool/websearch.ts:56
  if (!process.env.PARALLEL_API_KEY) return headers

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #733e23e41f8ea431 Environment-variable access.
repo/packages/opencode/src/tool/websearch.ts:57
  return { ...headers, Authorization: `Bearer ${process.env.PARALLEL_API_KEY}` }

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #746c9a8f495c7b48 Filesystem access.
repo/packages/opencode/src/tool/write.ts:47
          const source = exists ? yield* Bom.readFile(fs, filepath) : { bom: false, text: "" }

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #800b15c83d6ac72e Filesystem access.
repo/packages/opencode/src/util/bom.ts:19
  return split(new TextDecoder("utf-8", { ignoreBOM: true }).decode(yield* fs.readFile(filePath)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f5d8bea36be843b3 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:1
import { chmod, mkdir, readFile, stat as statFile, writeFile } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #41f7b79ed66a6361 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:2
import { createWriteStream, existsSync, statSync } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #23b3a74daa00a2aa Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:3
import { realpathSync } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #162651a2928685b8 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:41
  return readFile(p, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #80fb7aae9dc3e805 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:45
  return JSON.parse(await readFile(p, "utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #274f7f05880c9bc8 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:49
  return readFile(p)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #780f893b7b7a354a Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:53
  const buf = await readFile(p)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d67838da0ca33f64 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:64
      await writeFile(p, content, { mode })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #06dd016984ccec6c Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:66
      await writeFile(p, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a1a4b6f9141744a5 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:72
        await writeFile(p, content, { mode })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #447cb363fcfb4701 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:74
        await writeFile(p, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6e7991f687874df7 Environment-variable access.
repo/packages/opencode/src/util/proxy-env.ts:69
  return process.env[key.toLowerCase()] || process.env[key.toUpperCase()] || ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c9c9f02ad4a92ce3 Environment-variable access.
repo/packages/opencode/src/util/repository.ts:100
  const base = process.env.OPENCODE_REPO_CLONE_GITHUB_BASE_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/console/app

npm first-party
high pii_flow production #03d81fb49b90d71d User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/app/src/component/email-signup.tsx:10 · flow /tmp/closeopen-qjyvbc5c/repo/packages/console/app/src/component/email-signup.tsx:13 → /tmp/closeopen-qjyvbc5c/repo/packages/console/app/src/component/email-signup.tsx:10
  const response = await fetch(`https://api.emailoctopus.com/lists/${listId}/contacts`, {
    method: "PUT",
    headers: {
      Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      email_address: emailAddress,
    }),
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #8da76f4a271cddaf User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/app/src/lib/salesforce.ts:54 · flow /tmp/closeopen-qjyvbc5c/repo/packages/console/app/src/lib/salesforce.ts:63 → /tmp/closeopen-qjyvbc5c/repo/packages/console/app/src/lib/salesforce.ts:54
  const res = await fetch(`${auth.url}/services/data/v59.0/sobjects/Lead`, {
    method: "POST",
    headers: {
      Authorization: `Bearer ${auth.token}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      LastName: input.name,
      Company: input.company?.trim() || "Website",
      Email: input.email,
      Phone: input.phone ?? null,
      Title: input.role,
      Description: input.message,
      LeadSource: "Website",
    }),
  }).catch((err) => {

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #72422f87ce0f9930 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/app/src/routes/api/enterprise.ts:39 · flow /tmp/closeopen-qjyvbc5c/repo/packages/console/app/src/routes/api/enterprise.ts:42 → /tmp/closeopen-qjyvbc5c/repo/packages/console/app/src/routes/api/enterprise.ts:39
  return fetch(`https://api.emailoctopus.com/lists/${EMAIL_OCTOPUS_LIST_ID}/contacts`, {
    method: "PUT",
    headers: {
      Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify(payload),
  }).then(

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium pii_flow production #6df14ac484763811 Credentials parsed from the request URL are applied as authorization on the same outbound HTTP request. This is intentional URL authentication, not unexpected data exfiltration.
repo/packages/console/app/src/lib/salesforce.ts:54 · flow /tmp/closeopen-qjyvbc5c/repo/packages/console/app/src/lib/salesforce.ts:57 → /tmp/closeopen-qjyvbc5c/repo/packages/console/app/src/lib/salesforce.ts:54
  const res = await fetch(`${auth.url}/services/data/v59.0/sobjects/Lead`, {
    method: "POST",
    headers: {
      Authorization: `Bearer ${auth.token}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      LastName: input.name,
      Company: input.company?.trim() || "Website",
      Email: input.email,
      Phone: input.phone ?? null,
      Title: input.role,
      Description: input.message,
      LeadSource: "Website",
    }),
  }).catch((err) => {

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium telemetry production #28ded867bf3f317b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:312
      await rateLimiter?.track()

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #cc85834c6f6660ab Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:317
        await trialLimiter?.track(usageInfo)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #33f2290460e2e389 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:318
        await modelTpmLimiter?.track(providerInfo.id, providerInfo.model, usageInfo)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #57da8024f6c3c56d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:319
        await providerBudgetTracker?.track(providerInfo.id, providerInfo.budgetPriority, costInfo.totalCostInCent)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #593c16fc17ac03f1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:366
                await rateLimiter?.track()

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e37b13ef32422b45 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:371
                  await trialLimiter?.track(usageInfo)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #0c99b74a79c3a915 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:372
                  await modelTpmLimiter?.track(providerInfo.id, providerInfo.model, usageInfo)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #41c41b9194e609a0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:373
                  await modelTpsLimiter?.track(
                    providerInfo.id,
                    providerInfo.model,
                    providerInfo.tpsGoal,
                    timestampFirstByte,
                    timestampLastByte,
                    usageInfo,
                  )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #2dc434119230520a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:381
                  await providerBudgetTracker?.track(
                    providerInfo.id,
                    providerInfo.budgetPriority,
                    costInfo.totalCostInCent,
                  )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 6 low-confidence finding(s)
low env_fs production #db47c521ce92e26d Filesystem access.
repo/packages/console/app/script/generate-sitemap.ts:2
import { readdir, writeFile } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f0817902df37a649 Filesystem access.
repo/packages/console/app/script/generate-sitemap.ts:103
  await writeFile(outputPath, xml, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #4b64c6d2854650ce Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/app/src/component/email-signup.tsx:10
  const response = await fetch(`https://api.emailoctopus.com/lists/${listId}/contacts`, {
    method: "PUT",
    headers: {
      Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      email_address: emailAddress,
    }),
  })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #413bbf3c0f0dddfa Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/app/src/lib/changelog.ts:42
  const response = await fetch("https://api.github.com/repos/anomalyco/opencode/releases?per_page=20", {
    headers: {
      Accept: "application/vnd.github.v3+json",
      "User-Agent": "OpenCode-Console",
    },
    cf: {
      // best-effort edge caching (ignored outside Cloudflare)
      cacheTtl: 60 * 5,
      cacheEverything: true,
    },
  } as RequestInit).catch(() => undefined)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #7b6a1217dbb87512 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/app/src/routes/api/enterprise.ts:39
  return fetch(`https://api.emailoctopus.com/lists/${EMAIL_OCTOPUS_LIST_ID}/contacts`, {
    method: "PUT",
    headers: {
      Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify(payload),
  }).then(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #2b78d3df3fcf6952 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/app/src/routes/openapi.json.ts:2
  const response = await fetch(
    "https://raw.githubusercontent.com/anomalyco/opencode/refs/heads/dev/packages/sdk/openapi.json",
  )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

first-party (npm): packages/desktop

npm first-party
high pii_flow production #11d429c27485ecc2 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/desktop/scripts/finalize-latest-json.ts:32 · flow /tmp/closeopen-qjyvbc5c/repo/packages/desktop/scripts/finalize-latest-json.ts:16 → /tmp/closeopen-qjyvbc5c/repo/packages/desktop/scripts/finalize-latest-json.ts:32
const rel = await fetch(`https://api.github.com/repos/${repo}/releases/${releaseId}`, {
  headers: {
    Authorization: `token ${token}`,
    Accept: "application/vnd.github+json",
  },
})

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #71af60cb1d7f1573 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/desktop/scripts/finalize-latest-json.ts:116 · flow /tmp/closeopen-qjyvbc5c/repo/packages/desktop/scripts/finalize-latest-json.ts:16 → /tmp/closeopen-qjyvbc5c/repo/packages/desktop/scripts/finalize-latest-json.ts:116
  const res = await fetch(asset?.url ?? url, {
    headers: {
      Authorization: `token ${token}`,
      ...(asset ? { Accept: "application/octet-stream" } : {}),
    },
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium telemetry production #68421558c57565be Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/desktop/electron.vite.config.ts:1
import { sentryVitePlugin } from "@sentry/vite-plugin"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #67eacceeee3470bd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/desktop/src/renderer/index.tsx:18
import * as Sentry from "@sentry/solid"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 63 low-confidence finding(s)
low env_fs production #9409175fbd662066 Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:14
    const previous = process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #978512f271249b7a Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:15
    process.env.OPENCODE_CHANNEL = channel.channel

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #17f12a0159be81d8 Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:20
    if (previous === undefined) delete process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8b8a869e74fafac4 Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:21
    else process.env.OPENCODE_CHANNEL = previous

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a7ef1f38562e555b Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:31
  const previous = process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2aff69ce4de68a1a Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:32
  process.env.OPENCODE_CHANNEL = "prod"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0eadb55531d18481 Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:37
  if (previous === undefined) delete process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a01c4525955b85b0 Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:38
  else process.env.OPENCODE_CHANNEL = previous

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f7b1a826cd9b9393 Environment-variable access.
repo/packages/desktop/electron-builder.config.ts:20
  if (process.env.GITHUB_ACTIONS !== "true") return

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b2a92059952f341f Environment-variable access.
repo/packages/desktop/electron-builder.config.ts:30
  const raw = process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #be70c9c683223584 Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:9
  const raw = process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #abd08588b65d0997 Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:11
  if (process.env.OPENCODE_CHANNEL === "latest") return "prod"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ced4484317933b13 Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:18
  process.env.SENTRY_AUTH_TOKEN && process.env.SENTRY_ORG && process.env.SENTRY_PROJECT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4be128aa9b590bbd Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:20
        authToken: process.env.SENTRY_AUTH_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #243755a74bd33e8c Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:21
        org: process.env.SENTRY_ORG,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e4c72c3a713e871c Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:22
        project: process.env.SENTRY_PROJECT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9bab8236a76998b9 Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:25
          name: process.env.SENTRY_RELEASE ?? process.env.VITE_SENTRY_RELEASE,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c7be819d7c4a2aa2 Filesystem access.
repo/packages/desktop/electron.vite.config.ts:76
            await fs.writeFile(`./out/main/chunks/${l}`, await fs.readFile(`${OPENCODE_SERVER_DIST}/${l}`))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c2fab034b304bf78 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:16
const repo = process.env.GH_REPO

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e6dfe3c90788b8cd Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:19
const releaseId = process.env.OPENCODE_RELEASE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8c29a419fc8b7b17 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:22
const version = process.env.OPENCODE_VERSION

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #59291c0d61b599f6 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:25
const dir = process.env.LATEST_YML_DIR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a5dea2fc7af44055 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:29
const token = process.env.GH_TOKEN ?? process.env.GITHUB_TOKEN

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #af20b2dfc559e1ca Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:126
  const tmp = process.env.RUNNER_TEMP ?? "/tmp"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2bf61f4b150b083b Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:207
const tmp = process.env.RUNNER_TEMP ?? "/tmp"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8e60b0e12f90ce61 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-yml.ts:6
const dir = process.env.LATEST_YML_DIR!

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #92158474cce6f439 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-yml.ts:9
const repo = process.env.GH_REPO

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2a80c16bc120c4a3 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-yml.ts:12
const version = process.env.OPENCODE_VERSION

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fa1beb47213ae49f Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-yml.ts:115
const tmp = process.env.RUNNER_TEMP ?? "/tmp"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3717376f4b5d53d7 Environment-variable access.
repo/packages/desktop/scripts/predev.ts:3
await $`bun ./scripts/copy-icons.ts ${process.env.OPENCODE_CHANNEL ?? "dev"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #752d6b518db22f20 Environment-variable access.
repo/packages/desktop/scripts/utils.ts:66
  if (process.platform === "win32" && process.env.GITHUB_ACTIONS === "true") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2230a835ca7bfa32 Environment-variable access.
repo/packages/desktop/src/main/apps.ts:27
  const home = process.env.HOME

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #feba3c524bfb707e Filesystem access.
repo/packages/desktop/src/main/apps.ts:58
    const content = await readFile(path, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #232eddb7eeb5f3d5 Filesystem access.
repo/packages/desktop/src/main/attachment-picker.test.ts:27
      await writeFile(file, "lorem ipsum")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5474da14b2d92a1a Filesystem access.
repo/packages/desktop/src/main/attachment-picker.test.ts:38
      await writeFile(file, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0958b1a358e015d9 Environment-variable access.
repo/packages/desktop/src/main/index.ts:56
const TEST_ONBOARDING = process.env.OPENCODE_TEST_ONBOARDING === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3c04c51cba921b15 Environment-variable access.
repo/packages/desktop/src/main/index.ts:90
    const items = (process.env[key] ?? "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #edcdfad8f6d1c40d Environment-variable access.
repo/packages/desktop/src/main/index.ts:100
    process.env[key] = items.join(",")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cb87430f7a791ac1 Environment-variable access.
repo/packages/desktop/src/main/index.ts:115
  process.env.OPENCODE_DISABLE_EMBEDDED_WEB_UI = "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9c1ba700c54a152c Environment-variable access.
repo/packages/desktop/src/main/index.ts:126
    process.env.OPENCODE_DB = ":memory:"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e58757fdc8396356 Environment-variable access.
repo/packages/desktop/src/main/index.ts:127
    process.env.XDG_DATA_HOME = join(root, "data")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f35ece5f6749b9e4 Environment-variable access.
repo/packages/desktop/src/main/index.ts:128
    process.env.XDG_CONFIG_HOME = join(root, "config")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0ec428cc07b7e343 Environment-variable access.
repo/packages/desktop/src/main/index.ts:129
    process.env.XDG_CACHE_HOME = join(root, "cache")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #967cb25708f33dbb Environment-variable access.
repo/packages/desktop/src/main/index.ts:130
    process.env.XDG_STATE_HOME = join(root, "state")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f97d1435caf40952 Environment-variable access.
repo/packages/desktop/src/main/index.ts:308
    const fromEnv = process.env.OPENCODE_PORT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #95267cd8d2d85ce6 Filesystem access.
repo/packages/desktop/src/main/logging.ts:93
    const contents = readFileSync(path, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b572c4c0421b6e55 Environment-variable access.
repo/packages/desktop/src/main/logging.ts:153
  const xdgData = process.env.XDG_DATA_HOME || join(homedir(), ".local", "share")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #37fbba6f0f2acdf1 Filesystem access.
repo/packages/desktop/src/main/logging.ts:184
    const data = entry.data ?? readFileSync(entry.path!)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #101aa3f9421a21f8 Filesystem access.
repo/packages/desktop/src/main/logging.ts:188
  writeFileSync(output, Buffer.from(await zip.arrayBuffer()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74ff99777f1fe53d Environment-variable access.
repo/packages/desktop/src/main/migrate.ts:18
      return join(process.env.APPDATA ?? join(homedir(), "AppData", "Roaming"), id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #55fc76f5cba22da9 Environment-variable access.
repo/packages/desktop/src/main/migrate.ts:20
      return join(process.env.XDG_DATA_HOME ?? join(homedir(), ".local", "share"), id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a17609cf23a619c7 Filesystem access.
repo/packages/desktop/src/main/migrate.ts:42
    data = JSON.parse(readFileSync(datPath, "utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e4f94977f13d755c Environment-variable access.
repo/packages/desktop/src/main/server.ts:51
    XDG_STATE_HOME: process.env.XDG_STATE_HOME ?? userDataPath,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eaa4f2f04be40d90 Environment-variable access.
repo/packages/desktop/src/main/shell-env.ts:19
    return resolveUserShell(process.env.SHELL, userInfo().shell)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6d341c5a9b61c5b8 Environment-variable access.
repo/packages/desktop/src/main/shell-env.ts:21
    return resolveUserShell(process.env.SHELL, undefined)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #605e797b734459cd Environment-variable access.
repo/packages/desktop/src/main/sidecar.ts:87
    XDG_STATE_HOME: process.env.XDG_STATE_HOME ?? userDataPath,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dffaa29f1817d83a Environment-variable access.
repo/packages/desktop/src/main/sidecar.ts:94
    const items = (process.env[key] ?? "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9e28e83f33bfa5a4 Environment-variable access.
repo/packages/desktop/src/main/sidecar.ts:104
    process.env[key] = items.join(",")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a63fde35c48d7096 Filesystem access.
repo/packages/desktop/src/main/store-cleanup.test.ts:16
  await writeFile(join(root, name), value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dca8b457bfd9ae8e Filesystem access.
repo/packages/desktop/src/main/store-cleanup.ts:84
  const raw = await readFile(file, "utf8").catch(() => undefined)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cc339ea0518d51c4 Environment-variable access.
repo/packages/desktop/src/main/windows.ts:292
  const devUrl = process.env.ELECTRON_RENDERER_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ec84231a60253688 Environment-variable access.
repo/packages/desktop/src/main/windows.ts:455
  const devUrl = process.env.ELECTRON_RENDERER_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #43455d4067f5e8c4 Environment-variable access.
repo/packages/desktop/src/main/wsl/runtime.ts:389
  const root = process.env.SystemRoot ?? process.env.windir

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/console/function

npm first-party
high pii_flow production #2e72c32b5c59757a User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/function/src/auth.ts:112 · flow /tmp/closeopen-qjyvbc5c/repo/packages/console/function/src/auth.ts:114 → /tmp/closeopen-qjyvbc5c/repo/packages/console/function/src/auth.ts:112
          const emails = (await fetch("https://api.github.com/user/emails", {
            headers: {
              Authorization: `Bearer ${response.tokenset.access}`,
              "User-Agent": "opencode",
              Accept: "application/vnd.github+json",
            },
          }).then((x) => x.json())) as any

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #992ba1e1caaebfb3 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/function/src/auth.ts:119 · flow /tmp/closeopen-qjyvbc5c/repo/packages/console/function/src/auth.ts:121 → /tmp/closeopen-qjyvbc5c/repo/packages/console/function/src/auth.ts:119
          const user = (await fetch("https://api.github.com/user", {
            headers: {
              Authorization: `Bearer ${response.tokenset.access}`,
              "User-Agent": "opencode",
              Accept: "application/vnd.github+json",
            },
          }).then((x) => x.json())) as any

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #43f3571c2a08aba2 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/function/src/log-processor.ts:68 · flow /tmp/closeopen-qjyvbc5c/repo/packages/console/function/src/log-processor.ts:72 → /tmp/closeopen-qjyvbc5c/repo/packages/console/function/src/log-processor.ts:68
              fetch(lakeIngest.url, {
                method: "POST",
                headers: {
                  "Content-Type": "application/json",
                  Authorization: `Bearer ${lakeIngest.secret}`,
                },
                body: JSON.stringify({ events: events.map((event) => toLakeEvent(event.time, event.data)) }),
              }),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 3 low-confidence finding(s)
low egress production #4967e4ddc6600c41 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/function/src/auth.ts:112
          const emails = (await fetch("https://api.github.com/user/emails", {
            headers: {
              Authorization: `Bearer ${response.tokenset.access}`,
              "User-Agent": "opencode",
              Accept: "application/vnd.github+json",
            },
          }).then((x) => x.json())) as any

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #2767e3c27fa6d90c Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/function/src/auth.ts:119
          const user = (await fetch("https://api.github.com/user", {
            headers: {
              Authorization: `Bearer ${response.tokenset.access}`,
              "User-Agent": "opencode",
              Accept: "application/vnd.github+json",
            },
          }).then((x) => x.json())) as any

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #aa43acbee25a574b Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/function/src/log-processor.ts:58
        fetch("https://api.honeycomb.io/1/batch/zen", {
          method: "POST",
          headers: {
            "Content-Type": "application/json",
            "X-Honeycomb-Team": Resource.HONEYCOMB_API_KEY.value,
          },
          body: JSON.stringify(events),
        }),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

first-party (npm): packages/core

npm first-party
high pii_flow production #8ceaa4df0746e908 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/core/src/plugin/provider/openai.ts:122 · flow /tmp/closeopen-qjyvbc5c/repo/packages/core/src/plugin/provider/openai.ts:125 → /tmp/closeopen-qjyvbc5c/repo/packages/core/src/plugin/provider/openai.ts:122
                fetch(`${issuer}/api/accounts/deviceauth/token`, {
                  method: "POST",
                  headers: headers("application/json"),
                  body: JSON.stringify({ device_auth_id: device.device_auth_id, user_code: device.user_code }),
                  signal,
                }),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #48df41ccb260aa6f User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/core/src/session/compaction.ts:197 · flow /tmp/closeopen-qjyvbc5c/repo/packages/core/src/session/compaction.ts:176 → /tmp/closeopen-qjyvbc5c/repo/packages/core/src/session/compaction.ts:197
        LLM.request({
          model: input.model,
          messages: [Message.user(summaryPrompt)],
          tools: [],
          generation: { maxTokens: summaryOutput },
        }),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 94 low-confidence finding(s)
low env_fs production #6455aa3d0787373d Filesystem access.
repo/packages/core/script/fix-node-pty.ts:3
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb3495ecbb52f493 Filesystem access.
repo/packages/core/script/migration.ts:4
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aca17494254b9e91 Environment-variable access.
repo/packages/core/src/database/database.ts:50
    process.env.OPENCODE_DISABLE_CHANNEL_DB === "1" ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #265763003cbe339f Environment-variable access.
repo/packages/core/src/database/database.ts:51
    process.env.OPENCODE_DISABLE_CHANNEL_DB === "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #07519b5ca48733a6 Filesystem access.
repo/packages/core/src/file-mutation.ts:112
          const current = yield* fs
            .readFile(input.target.canonical)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #33716a02d04efaed Filesystem access.
repo/packages/core/src/file-mutation.ts:130
              : fs.writeFile(input.target.canonical, input.content, { flag: "wx" })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4da2e2e952976827 Filesystem access.
repo/packages/core/src/file-mutation.ts:147
          const current = yield* fs.readFile(input.target.canonical)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #921984335c39ba9d Filesystem access.
repo/packages/core/src/file-mutation.ts:153
            : fs.writeFile(input.target.canonical, input.content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5ddd9759ae8c73a0 Filesystem access.
repo/packages/core/src/filesystem.ts:83
          content: yield* fs.readFile(target.real).pipe(Effect.orDie),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #24cb7eb57fb72ab3 Environment-variable access.
repo/packages/core/src/flag/flag.ts:4
  const value = process.env[key]?.toLowerCase()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #993b64d4e8b954fa Environment-variable access.
repo/packages/core/src/flag/flag.ts:8
const copy = process.env["OPENCODE_EXPERIMENTAL_DISABLE_COPY_ON_SELECT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ba1583e7a56d8fba Environment-variable access.
repo/packages/core/src/flag/flag.ts:9
const fff = process.env["OPENCODE_DISABLE_FFF"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7cf91d32ebf1ffd9 Environment-variable access.
repo/packages/core/src/flag/flag.ts:12
  return process.env[key] === undefined ? truthy("OPENCODE_EXPERIMENTAL") : truthy(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b8ce61fbf0d4c5a0 Environment-variable access.
repo/packages/core/src/flag/flag.ts:16
  OTEL_EXPORTER_OTLP_ENDPOINT: process.env["OTEL_EXPORTER_OTLP_ENDPOINT"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e287aad6a5386f95 Environment-variable access.
repo/packages/core/src/flag/flag.ts:17
  OTEL_EXPORTER_OTLP_HEADERS: process.env["OTEL_EXPORTER_OTLP_HEADERS"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6e98ec9dd3c6110a Environment-variable access.
repo/packages/core/src/flag/flag.ts:20
  OPENCODE_GIT_BASH_PATH: process.env["OPENCODE_GIT_BASH_PATH"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2fd2b8c75e06e84b Environment-variable access.
repo/packages/core/src/flag/flag.ts:21
  OPENCODE_CONFIG: process.env["OPENCODE_CONFIG"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #16046eea84a65050 Environment-variable access.
repo/packages/core/src/flag/flag.ts:22
  OPENCODE_CONFIG_CONTENT: process.env["OPENCODE_CONFIG_CONTENT"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #83543276630f9196 Environment-variable access.
repo/packages/core/src/flag/flag.ts:31
  OPENCODE_FAKE_VCS: process.env["OPENCODE_FAKE_VCS"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #62dc1dd2f38580cc Environment-variable access.
repo/packages/core/src/flag/flag.ts:32
  OPENCODE_SERVER_PASSWORD: process.env["OPENCODE_SERVER_PASSWORD"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #250be4fe7f55b87b Environment-variable access.
repo/packages/core/src/flag/flag.ts:33
  OPENCODE_SERVER_USERNAME: process.env["OPENCODE_SERVER_USERNAME"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1f899a4a7729f7af Environment-variable access.
repo/packages/core/src/flag/flag.ts:45
  OPENCODE_MODELS_URL: process.env["OPENCODE_MODELS_URL"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #33ffbce70358d1bc Environment-variable access.
repo/packages/core/src/flag/flag.ts:46
  OPENCODE_MODELS_PATH: process.env["OPENCODE_MODELS_PATH"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fb6140b73107dfc8 Environment-variable access.
repo/packages/core/src/flag/flag.ts:47
  OPENCODE_DB: process.env["OPENCODE_DB"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee2ba9fa91f5ccf5 Environment-variable access.
repo/packages/core/src/flag/flag.ts:49
  OPENCODE_WORKSPACE_ID: process.env["OPENCODE_WORKSPACE_ID"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cb50eddfd855e634 Environment-variable access.
repo/packages/core/src/flag/flag.ts:61
    return process.env["OPENCODE_TUI_CONFIG"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5159a20b6dfcb5e4 Environment-variable access.
repo/packages/core/src/flag/flag.ts:64
    return process.env["OPENCODE_CONFIG_DIR"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9d21112a06190b92 Environment-variable access.
repo/packages/core/src/flag/flag.ts:70
    return process.env["OPENCODE_PERMISSION"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1dd14b0e59a156d8 Environment-variable access.
repo/packages/core/src/flag/flag.ts:73
    return process.env["OPENCODE_PLUGIN_META_FILE"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7be36af69768c372 Environment-variable access.
repo/packages/core/src/flag/flag.ts:76
    return process.env["OPENCODE_CLIENT"] ?? "cli"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #54c82cf921a0d43c Filesystem access.
repo/packages/core/src/fs-util.ts:3
import { realpathSync } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #da8575061c815403 Filesystem access.
repo/packages/core/src/fs-util.ts:4
import * as NFS from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #224e28b09db0edb0 Filesystem access.
repo/packages/core/src/global.ts:2
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6934e1ef0fe2af88 Environment-variable access.
repo/packages/core/src/global.ts:19
    return process.env.OPENCODE_TEST_HOME ?? os.homedir()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6d550b1808ad0358 Environment-variable access.
repo/packages/core/src/integration.ts:298
        .flatMap((method) => method.names.filter((name) => process.env[name]))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e77cceadb98a911a Environment-variable access.
repo/packages/core/src/integration.ts:387
            const key = process.env[connection.name]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5003a161bf70b3ce Environment-variable access.
repo/packages/core/src/observability/logging.ts:57
  const value = process.env.OPENCODE_LOG_LEVEL?.toUpperCase()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a7ae8bf47c2ab4b3 Environment-variable access.
repo/packages/core/src/observability/logging.ts:68
  return process.env.OPENCODE_PRINT_LOGS === "1" ? [fileLogger(), stderrLogger] : [fileLogger()]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #48c2ef296dca2002 Environment-variable access.
repo/packages/core/src/observability/otlp.ts:21
  const value = process.env.OTEL_RESOURCE_ATTRIBUTES

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b1ff4d1342fc0cd6 Environment-variable access.
repo/packages/core/src/plugin/provider/amazon-bedrock.ts:85
        const profile = typeof options.profile === "string" ? options.profile : process.env.AWS_PROFILE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1a120b73e116c56c Environment-variable access.
repo/packages/core/src/plugin/provider/amazon-bedrock.ts:86
        const region = typeof options.region === "string" ? options.region : (process.env.AWS_REGION ?? "us-east-1")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6810081b0f63c67b Environment-variable access.
repo/packages/core/src/plugin/provider/amazon-bedrock.ts:88
          process.env.AWS_BEARER_TOKEN_BEDROCK ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f44d12d5b2b9a1b7 Environment-variable access.
repo/packages/core/src/plugin/provider/amazon-bedrock.ts:90
        if (bearerToken && !process.env.AWS_BEARER_TOKEN_BEDROCK) process.env.AWS_BEARER_TOKEN_BEDROCK = bearerToken

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #64a90b96e47982c4 Environment-variable access.
repo/packages/core/src/plugin/provider/amazon-bedrock.ts:92
          process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI || process.env.AWS_CONTAINER_CREDENTIALS_FULL_URI,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e4aa70092a4603c2 Environment-variable access.
repo/packages/core/src/plugin/provider/amazon-bedrock.ts:121
        const region = typeof evt.options.region === "string" ? evt.options.region : process.env.AWS_REGION

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7513e22efcdf5563 Environment-variable access.
repo/packages/core/src/plugin/provider/azure.ts:23
            typeof configured === "string" && configured.trim() !== "" ? configured : process.env.AZURE_RESOURCE_NAME

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ba34ef6cb34f110f Environment-variable access.
repo/packages/core/src/plugin/provider/azure.ts:63
        const resourceName = process.env.AZURE_COGNITIVE_SERVICES_RESOURCE_NAME

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d956628db25d20fc Environment-variable access.
repo/packages/core/src/plugin/provider/cloudflare-ai-gateway.ts:47
  const accountId = process.env.CLOUDFLARE_ACCOUNT_ID ?? stringOption(options, "accountId")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cd0119087f739842 Environment-variable access.
repo/packages/core/src/plugin/provider/cloudflare-ai-gateway.ts:51
    process.env.CLOUDFLARE_GATEWAY_ID ?? stringOption(options, "gatewayId") ?? stringOption(options, "gateway")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9e3b331df9a10a59 Environment-variable access.
repo/packages/core/src/plugin/provider/cloudflare-ai-gateway.ts:52
  const apiKey = process.env.CLOUDFLARE_API_TOKEN ?? process.env.CF_AIG_TOKEN ?? stringOption(options, "apiKey")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3832c56cba9988f9 Environment-variable access.
repo/packages/core/src/plugin/provider/cloudflare-workers-ai.ts:50
  return process.env.CLOUDFLARE_ACCOUNT_ID ?? stringOption(options, "accountId")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0b498cbd51c9bcf2 Environment-variable access.
repo/packages/core/src/plugin/provider/cloudflare-workers-ai.ts:65
    apiKey: process.env.CLOUDFLARE_API_KEY ?? options.apiKey,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5d34a41f1a039022 Environment-variable access.
repo/packages/core/src/plugin/provider/cloudflare-workers-ai.ts:76
  return baseURL.replaceAll("${CLOUDFLARE_ACCOUNT_ID}", process.env.CLOUDFLARE_ACCOUNT_ID ?? "${CLOUDFLARE_ACCOUNT_ID}")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f0a3ac8e2465d3d9 Environment-variable access.
repo/packages/core/src/plugin/provider/gitlab.ts:19
              : (process.env.GITLAB_INSTANCE_URL ?? "https://gitlab.com"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #89997e423331cab2 Environment-variable access.
repo/packages/core/src/plugin/provider/gitlab.ts:20
          apiKey: typeof evt.options.apiKey === "string" ? evt.options.apiKey : process.env.GITLAB_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d23285160e369a82 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:10
    process.env.GOOGLE_VERTEX_PROJECT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #359a50b4b1127c9e Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:11
    process.env.GOOGLE_CLOUD_PROJECT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #78e4f9481f06cd0c Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:12
    process.env.GCP_PROJECT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cbbfe8ea0ae66b0b Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:13
    process.env.GCLOUD_PROJECT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #67985073a79ce3a1 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:20
    process.env.GOOGLE_VERTEX_LOCATION ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5fa97b933a61cba0 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:21
    process.env.GOOGLE_CLOUD_LOCATION ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cac274a660a03274 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:22
    process.env.VERTEX_LOCATION ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7f639fe73b5ff168 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:125
            process.env.GOOGLE_CLOUD_PROJECT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #391c6612d9fe6fda Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:126
            process.env.GCP_PROJECT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a503cc74cd775dc4 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:127
            process.env.GCLOUD_PROJECT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a66db00249f8b4d4 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:130
            process.env.GOOGLE_CLOUD_LOCATION ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #036b4de7c560c5c7 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:131
            process.env.VERTEX_LOCATION ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #99eb761fd24bcf1c Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:147
            : (process.env.GOOGLE_CLOUD_PROJECT ?? process.env.GCP_PROJECT ?? process.env.GCLOUD_PROJECT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8738b076f3ca123e Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:151
            : (process.env.GOOGLE_CLOUD_LOCATION ?? process.env.VERTEX_LOCATION ?? "global")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #833ec9ca9dbb5e22 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/core/src/plugin/provider/openai.ts:122
                fetch(`${issuer}/api/accounts/deviceauth/token`, {
                  method: "POST",
                  headers: headers("application/json"),
                  body: JSON.stringify({ device_auth_id: device.device_auth_id, user_code: device.user_code }),
                  signal,
                }),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #b1b10d12e7422ce8 Environment-variable access.
repo/packages/core/src/plugin/provider/opencode.ts:167
      const hasKey = Boolean(process.env.OPENCODE_API_KEY || connected || item.provider.request.body.apiKey)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7aa8274b89b62adb Environment-variable access.
repo/packages/core/src/plugin/provider/sap-ai-core.ts:15
          process.env.AICORE_SERVICE_KEY ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d29788fbfb3dbdf7 Environment-variable access.
repo/packages/core/src/plugin/provider/sap-ai-core.ts:17
        if (serviceKey && !process.env.AICORE_SERVICE_KEY) process.env.AICORE_SERVICE_KEY = serviceKey

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a4619cc4543e04e2 Environment-variable access.
repo/packages/core/src/plugin/provider/sap-ai-core.ts:34
            ? { deploymentId: process.env.AICORE_DEPLOYMENT_ID, resourceGroup: process.env.AICORE_RESOURCE_GROUP }

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1b6ebae0bdfc2b3c Environment-variable access.
repo/packages/core/src/plugin/provider/snowflake-cortex.ts:74
          process.env.SNOWFLAKE_CORTEX_TOKEN ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9739b28bc7635f6e Environment-variable access.
repo/packages/core/src/plugin/provider/snowflake-cortex.ts:75
          process.env.SNOWFLAKE_CORTEX_PAT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #985122e31a37d851 Environment-variable access.
repo/packages/core/src/repository.ts:169
  const base = process.env.OPENCODE_REPO_CLONE_GITHUB_BASE_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #de8fa13f9e8538d8 Filesystem access.
repo/packages/core/src/shell.ts:5
import { readFile } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d9002171cdc2831f Filesystem access.
repo/packages/core/src/shell.ts:6
import { statSync } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #38eab68bdbb23167 Environment-variable access.
repo/packages/core/src/shell.ts:101
      [which("pwsh"), which("powershell"), gitbash(), process.env.COMSPEC || "cmd.exe"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8cf8973f1552df48 Filesystem access.
repo/packages/core/src/shell.ts:109
  const text = await readFile("/etc/shells", "utf8").catch(() => "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8bfe535cfad0e86d Environment-variable access.
repo/packages/core/src/shell.ts:207
  defaultPreferred ??= select(process.env.SHELL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2502ed3075a5d2da Environment-variable access.
repo/packages/core/src/shell.ts:216
  defaultAcceptable ??= select(process.env.SHELL, { acceptable: true })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f2dce7065f1cc9b9 Filesystem access.
repo/packages/core/src/tool/apply-patch.ts:139
                    const source = yield* fs.readFile(target.canonical)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7e9791fa234a4358 Environment-variable access.
repo/packages/core/src/tool/bash.ts:49
const defaultShell = () => (process.platform === "win32" ? (process.env.COMSPEC ?? "cmd.exe") : "/bin/sh")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd53e6a1a4316805 Filesystem access.
repo/packages/core/src/tool/edit.ts:161
                const source = decodeUtf8(yield* unableToEdit(fs.readFile(target.canonical)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e213f0695e0f269a Environment-variable access.
repo/packages/core/src/tool/websearch.ts:76
      process.env.OPENCODE_WEBSEARCH_PROVIDER === "exa" || process.env.OPENCODE_WEBSEARCH_PROVIDER === "parallel"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8deb770086be51d0 Environment-variable access.
repo/packages/core/src/tool/websearch.ts:77
        ? process.env.OPENCODE_WEBSEARCH_PROVIDER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #40922e362b8c3200 Environment-variable access.
repo/packages/core/src/tool/websearch.ts:81
    exaApiKey: process.env.EXA_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #94f61655de105c85 Environment-variable access.
repo/packages/core/src/tool/websearch.ts:82
    parallelApiKey: process.env.PARALLEL_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #0227f3f4768ce896 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/core/src/tool/websearch.ts:147
  const url = new URL(EXA_URL)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #afb66c135a06e9d2 Filesystem access.
repo/packages/core/src/util/flock.ts:4
import { mkdir, readFile, rm, stat, utimes, writeFile } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f213615e5d67bd3d Environment-variable access.
repo/packages/core/src/util/which.ts:6
  const base = env?.PATH ?? env?.Path ?? process.env.PATH ?? process.env.Path ?? ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e39083a22e047e47 Environment-variable access.
repo/packages/core/src/util/which.ts:11
    pathExt: env?.PATHEXT ?? env?.PathExt ?? process.env.PATHEXT ?? process.env.PathExt,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/ui

npm first-party
high pii_flow production #e10f4ef12dce0111 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/ui/vite.config.ts:49 · flow /tmp/closeopen-qjyvbc5c/repo/packages/ui/vite.config.ts:48 → /tmp/closeopen-qjyvbc5c/repo/packages/ui/vite.config.ts:49
  const providers = await fetch(`${url}/api.json`)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #486f95807f9e1ac5 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/ui/vite.config.ts:54 · flow /tmp/closeopen-qjyvbc5c/repo/packages/ui/vite.config.ts:48 → /tmp/closeopen-qjyvbc5c/repo/packages/ui/vite.config.ts:54
      fetch(`${url}/logos/${provider}.svg`)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 3 low-confidence finding(s)
low env_fs production #5f4ccf33521f7a86 Filesystem access.
repo/packages/ui/vite.config.ts:4
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7fca1c6a91c664d5 Environment-variable access.
repo/packages/ui/vite.config.ts:48
  const url = process.env.OPENCODE_MODELS_URL || "https://models.dev"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #56ef3c6c5937f600 Filesystem access.
repo/packages/ui/vite.config.ts:56
        .then((svg) => fs.writeFileSync(`./src/assets/icons/provider/${provider}.svg`, svg)),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/cli

npm first-party
high pii_flow production #903da80f40fc096a User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/cli/script/generate.ts:5 · flow /tmp/closeopen-qjyvbc5c/repo/packages/cli/script/generate.ts:1 → /tmp/closeopen-qjyvbc5c/repo/packages/cli/script/generate.ts:5
  : await fetch(`${modelsUrl}/api.json`).then((response) => response.text())

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 8 low-confidence finding(s)
low env_fs production #b1ad42515bcb0d7e Filesystem access.
repo/packages/cli/bin/lildax.cjs:4
const fs = require("fs")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e9ddd5180ef5579f Environment-variable access.
repo/packages/cli/bin/lildax.cjs:32
const envPath = process.env.OPENCODE_BIN_PATH

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #177b76983ef2f33b Filesystem access.
repo/packages/cli/bin/lildax.cjs:44
      return /(^|\s)avx2(\s|$)/i.test(fs.readFileSync("/proc/cpuinfo", "utf8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52b62b1fcb15d769 Filesystem access.
repo/packages/cli/script/build.ts:4
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #18e579edea5a4d9c Filesystem access.
repo/packages/cli/script/build.ts:5
import { rm } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4411383a33b9a6d9 Environment-variable access.
repo/packages/cli/script/generate.ts:1
const modelsUrl = process.env.OPENCODE_MODELS_URL || "https://models.dev"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #69fe23c9003affef Environment-variable access.
repo/packages/cli/script/generate.ts:3
export const modelsData = process.env.MODELS_DEV_API_JSON

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd77141fe4595474 Environment-variable access.
repo/packages/cli/script/generate.ts:4
  ? await Bun.file(process.env.MODELS_DEV_API_JSON).text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/stats/app

npm first-party
high pii_flow production #a338be4c7b7b8852 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/stats/app/src/routes/api/newsletter.ts:17 · flow /tmp/closeopen-qjyvbc5c/repo/packages/stats/app/src/routes/api/newsletter.ts:20 → /tmp/closeopen-qjyvbc5c/repo/packages/stats/app/src/routes/api/newsletter.ts:17
  const response = await fetch(`https://api.emailoctopus.com/lists/${listId}/contacts`, {
    method: "PUT",
    headers: {
      Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      email_address: emailAddress.trim(),
    }),
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 1 low-confidence finding(s)
low egress production #4229e7ff95f57201 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/stats/app/src/routes/api/newsletter.ts:17
  const response = await fetch(`https://api.emailoctopus.com/lists/${listId}/contacts`, {
    method: "PUT",
    headers: {
      Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      email_address: emailAddress.trim(),
    }),
  })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

first-party (npm): packages/app

npm first-party
medium telemetry production #347b3d90cb969334 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/app/src/app.tsx:2
import * as Sentry from "@sentry/solid"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a50e14c8b5826789 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/app/src/entry.tsx:3
import * as Sentry from "@sentry/solid"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #66bae91c64170acd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/app/src/pages/error.tsx:2
import * as Sentry from "@sentry/solid"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #af45d7f671dd4740 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/app/vite.config.ts:1
import { sentryVitePlugin } from "@sentry/vite-plugin"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 66 low-confidence finding(s)
low env_fs production #80582e7019819320 Environment-variable access.
repo/packages/app/e2e/performance/benchmark.ts:32
          runID: process.env.OPENCODE_PERFORMANCE_RUN_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #de1b52c79219b51e Environment-variable access.
repo/packages/app/e2e/performance/benchmark.ts:125
      runID: process.env.OPENCODE_PERFORMANCE_RUN_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1b42ea2d1a3a951b Environment-variable access.
repo/packages/app/e2e/performance/benchmark.ts:133
        selectorTrace: process.env.OPENCODE_PERFORMANCE_SELECTOR_TRACE === "1",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2e262291f863406a Environment-variable access.
repo/packages/app/e2e/performance/chrome-trace.ts:22
  const directory = process.env.OPENCODE_PERFORMANCE_TRACE_DIR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a9508a58d271746b Environment-variable access.
repo/packages/app/e2e/performance/chrome-trace.ts:25
  const selectors = process.env.OPENCODE_PERFORMANCE_SELECTOR_TRACE === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #565c3f7cbc97c72a Environment-variable access.
repo/packages/app/e2e/performance/chrome-trace.ts:76
  const run = process.env.OPENCODE_PERFORMANCE_RUN_ID ?? "manual"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e615d934053eb1e9 Environment-variable access.
repo/packages/app/e2e/performance/playwright.config.ts:3
const port = Number(process.env.PLAYWRIGHT_PORT ?? 3000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5d22251665a3b0c6 Environment-variable access.
repo/packages/app/e2e/performance/playwright.config.ts:4
process.env.PLAYWRIGHT_SERVER_PORT = String(port)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #907e5c9152c23d99 Environment-variable access.
repo/packages/app/e2e/performance/playwright.config.ts:5
process.env.OPENCODE_PERFORMANCE_RUN_ID ??= `${new Date().toISOString().replace(/[:.]/g, "-")}-${process.pid}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d0ddb972860ce023 Environment-variable access.
repo/packages/app/e2e/performance/timeline-stability/fixture.ts:113
    server: `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #688b050b535cabdd Environment-variable access.
repo/packages/app/e2e/performance/timeline/review-pane-scaling-benchmark.spec.ts:10
const completionTimeoutMs = Number(process.env.REVIEW_PANE_COMPLETION_TIMEOUT_MS ?? 900_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #903aa8a19f5d46dd Environment-variable access.
repo/packages/app/e2e/performance/timeline/review-pane-scaling-benchmark.spec.ts:44
        const patchByteLimit = Number(process.env.REVIEW_PANE_PATCH_BYTE_LIMIT ?? Number.POSITIVE_INFINITY)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #51fef64110b72242 Environment-variable access.
repo/packages/app/e2e/performance/timeline/review-pane-scaling-benchmark.spec.ts:46
          throw new Error(`Invalid REVIEW_PANE_PATCH_BYTE_LIMIT: ${process.env.REVIEW_PANE_PATCH_BYTE_LIMIT}`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7f8816758325f7fb Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-parent-hydration-benchmark.spec.ts:11
const mode = process.env.SESSION_PARENT_HYDRATION_BENCHMARK_MODE ?? "natural"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a410600651eee24b Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-tab-switch-benchmark.spec.ts:33
    const runs = Number(process.env.SESSION_TAB_SWITCH_RUNS ?? 5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #244915e9311c43a2 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:43
    benchmark.setTimeout(Number(process.env.TIMELINE_COMPLETION_TIMEOUT_MS ?? 420_000) + 60_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b1ebd3dc3b359302 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:49
    benchmark.setTimeout(Number(process.env.TIMELINE_COMPLETION_TIMEOUT_MS ?? 420_000) + 60_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e764d920a6bad871 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:55
    benchmark.setTimeout(Number(process.env.TIMELINE_COMPLETION_TIMEOUT_MS ?? 420_000) + 60_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #78785107037697c2 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:61
    benchmark.setTimeout(Number(process.env.TIMELINE_COMPLETION_TIMEOUT_MS ?? 420_000) + 60_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e3a41890b12caab4 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:70
    const historyTurns = Number(process.env.REVIEW_PANE_HISTORY_TURNS ?? 72)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #840817f3c7239f2e Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:103
  const completionTimeoutMs = Number(process.env.TIMELINE_COMPLETION_TIMEOUT_MS ?? 420_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #44d6d37a681588ff Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:104
  const cpuThrottle = Number(process.env.TIMELINE_CPU_THROTTLE ?? 30)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d86a58e1c5c63313 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:105
  const deltaCount = Number(process.env.TIMELINE_DELTA_COUNT ?? 160)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ed3ff97049c2c763 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:106
  const historyTurns = Number(process.env.TIMELINE_HISTORY_TURNS ?? 320)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #75a2b46fb9db985e Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:107
  const eventBatch = Number(process.env.TIMELINE_EVENT_BATCH ?? 1)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5640b59926f67ec8 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:108
  const minimal = process.env.TIMELINE_MINIMAL === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #69803bc63235b134 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:109
  const profileCPU = process.env.TIMELINE_CPU_PROFILE === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #620e057df53c6c35 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:110
  const profileVisual = !minimal && profileCPU && process.env.TIMELINE_VISUAL_PROFILE !== "0"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9b806fca74b5e7d9 Environment-variable access.
repo/packages/app/e2e/performance/timeline/timeline-test-helpers.ts:83
  return `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #15c8fe7b7ef10fad Environment-variable access.
repo/packages/app/e2e/performance/timeline/timeline-test-helpers.ts:87
  return Array.from({ length: Number(process.env.REVIEW_PANE_DIFF_COUNT ?? 72) }, (_, index) => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7b6976ef15706bc4 Environment-variable access.
repo/packages/app/e2e/regression/legacy-new-session.spec.ts:7
const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6cca2aa043d07d69 Environment-variable access.
repo/packages/app/e2e/regression/new-session-panel-corner.spec.ts:7
const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a5a73e116ec0d6f3 Environment-variable access.
repo/packages/app/e2e/regression/review-open-file.spec.ts:10
const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cc7fabf6bc2d5afe Environment-variable access.
repo/packages/app/e2e/regression/review-state-persistence.spec.ts:12
const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ea16cd83a323896 Environment-variable access.
repo/packages/app/e2e/regression/review-tab-switch.spec.ts:12
const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0cf72b649f7f2b23 Environment-variable access.
repo/packages/app/e2e/regression/session-timeline-history-root.spec.ts:56
      server: `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #658e32952f3b99f1 Environment-variable access.
repo/packages/app/e2e/regression/session-todo-dock-navigation.spec.ts:136
  const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f7ea01e6aa346946 Environment-variable access.
repo/packages/app/e2e/regression/session-todo-dock-navigation.spec.ts:157
  const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2235b8433bc8b6c6 Environment-variable access.
repo/packages/app/e2e/regression/subagent-child-navigation.spec.ts:78
    (url) => url.pathname === "/session" && url.port === (process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #031a5fbce7b2bbc2 Environment-variable access.
repo/packages/app/e2e/regression/subagent-child-navigation.spec.ts:180
  const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ce96236159111bba Environment-variable access.
repo/packages/app/e2e/regression/subagent-child-navigation.spec.ts:198
  const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fe9a45d19b7f7932 Environment-variable access.
repo/packages/app/e2e/regression/terminal-tab-switch.spec.ts:13
const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd6957f7b583682d Environment-variable access.
repo/packages/app/e2e/utils/mock-server.ts:50
    const targetPort = process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4df76032b3289c67 Environment-variable access.
repo/packages/app/e2e/utils/mock-server.ts:52
      process.env.PLAYWRIGHT_BASE_URL ?? `http://127.0.0.1:${process.env.PLAYWRIGHT_PORT ?? "3000"}`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #57fd3c072e2804ba Environment-variable access.
repo/packages/app/e2e/utils/visual-stability/capture.ts:13
  if (process.env.OPENCODE_STABILITY_CAPTURE !== "1") return

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7e7f630a075e07ce Filesystem access.
repo/packages/app/e2e/utils/visual-stability/reporter.ts:19
  await writeFile(tracePath, JSON.stringify(trace, null, 2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #78559db079fbd7b6 Filesystem access.
repo/packages/app/e2e/utils/visual-stability/reporter.ts:20
  await writeFile(
    issuesPath,
    JSON.stringify({ issues, markers: result.markers, capturedFrameCount: result.frames.length }, null, 2),
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4bc545bbf8999874 Environment-variable access.
repo/packages/app/playwright.config.ts:3
const port = Number(process.env.PLAYWRIGHT_PORT ?? 3000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #83313e47dbf5c052 Environment-variable access.
repo/packages/app/playwright.config.ts:4
const baseURL = process.env.PLAYWRIGHT_BASE_URL ?? `http://127.0.0.1:${port}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #08707ebc6a8b324b Environment-variable access.
repo/packages/app/playwright.config.ts:5
const serverHost = process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c60862ff39372db9 Environment-variable access.
repo/packages/app/playwright.config.ts:6
const serverPort = process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0af30509adccab91 Environment-variable access.
repo/packages/app/playwright.config.ts:8
const reuse = !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #df008d7aedf6b04e Environment-variable access.
repo/packages/app/playwright.config.ts:9
const workers = Number(process.env.PLAYWRIGHT_WORKERS ?? (process.env.CI ? 5 : 0)) || undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e4d1feed14f059c9 Environment-variable access.
repo/packages/app/playwright.config.ts:12
  testIgnore: process.env.OPENCODE_PERFORMANCE === "1" ? "performance/**/*.test.ts" : "performance/**",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #29fd8272eb5739dc Environment-variable access.
repo/packages/app/playwright.config.ts:18
  fullyParallel: process.env.PLAYWRIGHT_FULLY_PARALLEL === "1",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a1416668291d1bb5 Environment-variable access.
repo/packages/app/playwright.config.ts:19
  forbidOnly: !!process.env.CI,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #62ee5bfd43ea635f Environment-variable access.
repo/packages/app/playwright.config.ts:20
  retries: process.env.CI ? 2 : 0,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #65a5e700f655442e Environment-variable access.
repo/packages/app/src/i18n/parity.test.ts:45
describe.skipIf(!!process.env.CI)("i18n parity", () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #47d463ede45344f7 Environment-variable access.
repo/packages/app/vite.config.ts:6
  process.env.SENTRY_AUTH_TOKEN && process.env.SENTRY_ORG && process.env.SENTRY_PROJECT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #987c82919f87c87d Environment-variable access.
repo/packages/app/vite.config.ts:8
        authToken: process.env.SENTRY_AUTH_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3ce1895a3cb0cf70 Environment-variable access.
repo/packages/app/vite.config.ts:9
        org: process.env.SENTRY_ORG,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f6fa7098287195a4 Environment-variable access.
repo/packages/app/vite.config.ts:10
        project: process.env.SENTRY_PROJECT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #35a5476d795bb252 Environment-variable access.
repo/packages/app/vite.config.ts:13
          name: process.env.SENTRY_RELEASE ?? process.env.VITE_SENTRY_RELEASE,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6c8c94135be47501 Environment-variable access.
repo/packages/app/vite.js:9
  const raw = process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5bd789a9421e0ec5 Environment-variable access.
repo/packages/app/vite.js:11
  if (process.env.OPENCODE_CHANNEL === "latest") return "prod"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3579a15f2b02f679 Filesystem access.
repo/packages/app/vite.js:42
        `<script id="oc-theme-preload-script">${readFileSync(theme, "utf8")}</script>`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/session-ui

npm first-party
medium telemetry production #cd44ec0c0c2e7047 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/session-ui/src/components/file.tsx:231
    if (bridge.track(event.buttons, hit.line)) return

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 1 low-confidence finding(s)
low env_fs production #ba53f7c30b5d9b0b Filesystem access.
repo/packages/session-ui/src/components/file-media.tsx:104
    void input.readFile(input.path).then(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/enterprise

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #3f28ae89ed9a78ba Environment-variable access.
repo/packages/enterprise/vite.config.ts:7
  const target = process.env.OPENCODE_DEPLOYMENT_TARGET

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #621de505a13f41b3 Environment-variable access.
repo/packages/enterprise/vite.config.ts:26
      baseURL: process.env.OPENCODE_BASE_URL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/function

npm first-party
expand_more 1 low-confidence finding(s)
low egress production #cb472f3d233e82d1 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/function/src/api.ts:271
    const JWKS = createRemoteJWKSet(new URL(JWKS_URL))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

first-party (npm): packages/http-recorder

npm first-party
expand_more 4 low-confidence finding(s)
low env_fs production #244ed005c76946a5 Filesystem access.
repo/packages/http-recorder/script/verify-package.ts:16
    await writeFile(
      path.join(directory, "package.json"),
      JSON.stringify({ name: "http-recorder-consumer", private: true, type: "module" }),
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b46924b988a8a083 Filesystem access.
repo/packages/http-recorder/script/verify-package.ts:20
    await writeFile(
      path.join(directory, "consumer.ts"),
      `import { HttpRecorder } from "@opencode-ai/http-recorder"
import { NodeSocket } from "@effect/platform-node"
import { Layer } from "effect"
import { HttpClient } from "effect/unstable/http"
import { Socket } from "effect/unstable/socket"

const options: HttpRecorder.RecorderOptions = { redact: { jsonFields: ["access_token"] } }
HttpRecorder.http("consumer", options) satisfies Layer.Layer<HttpClient.HttpClient>
HttpRecorder.socket("consumer/socket", options).pipe(
  Layer.provide(NodeSocket.layerWebSocket("wss://example.test")),
) satisfies Layer.Layer<Socket.Socket>
`,
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ea25b29a14a189d Filesystem access.
repo/packages/http-recorder/script/verify-package.ts:35
    await writeFile(
      path.join(directory, "tsconfig.json"),
      JSON.stringify({
        compilerOptions: {
          target: "ES2022",
          module: "NodeNext",
          moduleResolution: "NodeNext",
          strict: true,
          noEmit: true,
          // Required by [email protected]: its schema.d.ts references an undeclared SchemaErrorTypeId.
          skipLibCheck: true,
          lib: ["ES2022", "DOM", "ESNext.Disposable"],
        },
        include: ["consumer.ts"],
      }),
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a51b10b71af59eb Environment-variable access.
repo/packages/http-recorder/src/recorder.ts:7
  const value = process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/llm

npm first-party
expand_more 3 low-confidence finding(s)
low egress production #120da168f8eb05f3 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/llm/script/recording-cost-report.ts:219
const models = (await (await fetch(MODELS_DEV_URL)).json()) as JsonRecord

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #a795052e8ceae4d3 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/llm/script/setup-recording-env.ts:44
      HttpClientRequest.get("https://api.anthropic.com/v1/models").pipe(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #1d162b980430437d Environment-variable access.
repo/packages/llm/script/setup-recording-env.ts:290
  if (process.env[name]) return "shell"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/script

npm first-party
expand_more 5 low-confidence finding(s)
low env_fs production #9298a43af6cc2113 Environment-variable access.
repo/packages/script/src/index.ts:21
  OPENCODE_CHANNEL: process.env["OPENCODE_CHANNEL"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e459ef079e077b1 Environment-variable access.
repo/packages/script/src/index.ts:22
  OPENCODE_BUMP: process.env["OPENCODE_BUMP"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #442650696bdd6523 Environment-variable access.
repo/packages/script/src/index.ts:23
  OPENCODE_VERSION: process.env["OPENCODE_VERSION"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b203938b1a651acc Environment-variable access.
repo/packages/script/src/index.ts:24
  OPENCODE_RELEASE: process.env["OPENCODE_RELEASE"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #d8a01cd8aaeb5b3b Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/script/src/index.ts:37
  const version = await fetch("https://registry.npmjs.org/opencode-ai/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

first-party (npm): packages/server

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #c3cf3ac5a7b56f12 Environment-variable access.
repo/packages/server/src/auth.ts:53
  const password = credentials?.password ?? process.env.OPENCODE_SERVER_PASSWORD

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3f6091fbfab9ec04 Environment-variable access.
repo/packages/server/src/auth.ts:56
  return `Basic ${Buffer.from(`${credentials?.username ?? process.env.OPENCODE_SERVER_USERNAME ?? "opencode"}:${password}`).toString("base64")}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/slack

npm first-party
expand_more 6 low-confidence finding(s)
low env_fs production #07699a87b7c53702 Environment-variable access.
repo/packages/slack/src/index.ts:5
  token: process.env.SLACK_BOT_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #99a9c53af65df014 Environment-variable access.
repo/packages/slack/src/index.ts:6
  signingSecret: process.env.SLACK_SIGNING_SECRET,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #65e37d0ca1f08167 Environment-variable access.
repo/packages/slack/src/index.ts:8
  appToken: process.env.SLACK_APP_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b263501230a0377d Environment-variable access.
repo/packages/slack/src/index.ts:12
console.log("- Bot token present:", !!process.env.SLACK_BOT_TOKEN)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d9e0e9c8a0e21529 Environment-variable access.
repo/packages/slack/src/index.ts:13
console.log("- Signing secret present:", !!process.env.SLACK_SIGNING_SECRET)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a5eebf8c8643fb58 Environment-variable access.
repo/packages/slack/src/index.ts:14
console.log("- App token present:", !!process.env.SLACK_APP_TOKEN)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/stats/core

npm first-party
expand_more 10 low-confidence finding(s)
low env_fs production #744e15df0ceb228c Environment-variable access.
repo/packages/stats/core/src/domain/home.ts:282
  return process.env.DATABASE_URL ?? Resource.StatsDatabase.url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #db2bfb0220e5e2b2 Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:32
    process.env.PLANETSCALE_HOST &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c1139378b57e9b4c Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:33
    process.env.PLANETSCALE_USERNAME &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #22b6211c08c3ed1f Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:34
    process.env.PLANETSCALE_PASSWORD &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4dc6d243d327f330 Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:35
    process.env.PLANETSCALE_DATABASE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #82f718effd8be938 Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:37
    return `mysql://${encodeURIComponent(process.env.PLANETSCALE_USERNAME)}:${encodeURIComponent(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5ad80cfc86d4eca9 Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:38
      process.env.PLANETSCALE_PASSWORD,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3ab0c63c1954756d Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:39
    )}@${process.env.PLANETSCALE_HOST}/${process.env.PLANETSCALE_DATABASE}?ssl=${encodeURIComponent(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0b31a0992d14430d Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:43
  return process.env.DATABASE_URL ?? Resource.StatsDatabase.url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6b165991c4cf91d1 Environment-variable access.
repo/packages/stats/core/src/honeycomb-backfill.ts:944
    databaseUrl: flags.get("database-url")?.[0] ?? process.env.DATABASE_URL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/storybook

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #93c259de3e616ffc Filesystem access.
repo/packages/storybook/.storybook/playground-css-plugin.ts:117
              const content = fs.readFileSync(abs, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6c0d8aff9c8a3316 Filesystem access.
repo/packages/storybook/.storybook/playground-css-plugin.ts:122
                fs.writeFileSync(abs, applied.content, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/tui

npm first-party
expand_more 27 low-confidence finding(s)
low env_fs production #77f17e09430d7359 Environment-variable access.
repo/packages/tui/src/app.tsx:267
                        multiplexer: process.env.TMUX ? "tmux" : process.env.STY ? "screen" : undefined,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #50772e5d20fbe892 Environment-variable access.
repo/packages/tui/src/app.tsx:268
                        displayServer: process.env.WAYLAND_DISPLAY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3582a8d579ab3d8d Environment-variable access.
repo/packages/tui/src/app.tsx:270
                          : process.env.DISPLAY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6c4b3259f8acb508 Environment-variable access.
repo/packages/tui/src/app.tsx:277
                          initialRoute: process.env.OPENCODE_ROUTE ? JSON.parse(process.env.OPENCODE_ROUTE) : undefined,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b7f265cc16d7b0e3 Environment-variable access.
repo/packages/tui/src/app.tsx:278
                          skipInitialLoading: Boolean(process.env.OPENCODE_FAST_BOOT),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #655ecd4882d847df Filesystem access.
repo/packages/tui/src/audio.ts:28
  const task = readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #93d8dd9268a19b93 Environment-variable access.
repo/packages/tui/src/clipboard.ts:26
  process.stdout.write(process.env.TMUX || process.env.STY ? `\x1bPtmux;\x1b${sequence}\x1b\\` : sequence)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #41d6b8b85c321d34 Filesystem access.
repo/packages/tui/src/clipboard.ts:45
      return { data: (await readFile(file)).toString("base64"), mime: "image/png" }

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3cc40f92528347dd Environment-variable access.
repo/packages/tui/src/clipboard.ts:101
    const native = copyCommand(platform(), Boolean(process.env.WAYLAND_DISPLAY), (name) => Boolean(which(name)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #f52f73e4b24be4dd Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/tui/src/component/error-component.tsx:207
  const url = new URL("https://github.com/anomalyco/opencode/issues/new?template=bug-report.yml")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #c4a02d1d60b3c4d6 Filesystem access.
repo/packages/tui/src/component/prompt/local-attachment.ts:17
      readText: (value) => readFile(value, "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a630f75ac0aee11c Filesystem access.
repo/packages/tui/src/component/prompt/local-attachment.ts:18
      readBytes: (value) => readFile(value),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eb075cf1b5d28fde Environment-variable access.
repo/packages/tui/src/context/editor.ts:117
    const value = process.env.CLAUDE_CODE_SSE_PORT || process.env.OPENCODE_EDITOR_SSE_PORT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6a514cd91610d4b4 Environment-variable access.
repo/packages/tui/src/context/editor.ts:121
    const zedTerminal = process.env.ZED_TERM === "true" || process.env.TERM_PROGRAM?.toLowerCase() === "zed"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #25282f9d740341f6 Filesystem access.
repo/packages/tui/src/context/theme.tsx:57
      result[path.basename(file, ".json")] = JSON.parse(await readFile(file, "utf8")) as unknown

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e7d5705eb547e46a Filesystem access.
repo/packages/tui/src/editor-zed.ts:67
      : await readFileAsync(row.buffer_path, "utf8").catch(() => undefined)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #19d4c77edea5f942 Environment-variable access.
repo/packages/tui/src/editor-zed.ts:189
    process.env.OPENCODE_ZED_DB,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9e779721b0c754e8 Environment-variable access.
repo/packages/tui/src/editor-zed.ts:198
  return process.env.ZED_TERM === "true" || process.env.TERM_PROGRAM?.toLowerCase() === "zed"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c8b9de63582c4d8f Environment-variable access.
repo/packages/tui/src/editor.ts:27
  const editor = process.env.VISUAL || process.env.EDITOR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b018e18906cfc4d6 Filesystem access.
repo/packages/tui/src/editor.ts:30
  await writeFile(file, input.value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ed0f3ade77887624 Filesystem access.
repo/packages/tui/src/editor.ts:47
    return (await readFile(file, "utf8")) || undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #03f091d7afde409b Filesystem access.
repo/packages/tui/src/editor.ts:71
          const value = JSON.parse(readFileSync(file, "utf8")) as Record<string, unknown>

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6e628f8430fc7270 Filesystem access.
repo/packages/tui/src/routes/session/index.tsx:183
    await writeFile(file, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #67775475526bbc96 Filesystem access.
repo/packages/tui/src/util/persistence.ts:2
import { appendFile, mkdir, rename, rm } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #70ef55139201f010 Environment-variable access.
repo/packages/tui/src/util/system.ts:16
  const program = process.env.TERM_PROGRAM || process.env.TERM || "unknown"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5713e98a0c885864 Environment-variable access.
repo/packages/tui/src/util/system.ts:17
  const version = process.env.TERM_PROGRAM_VERSION ? ` ${process.env.TERM_PROGRAM_VERSION}` : ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1da317649512d06d Environment-variable access.
repo/packages/tui/src/util/system.ts:18
  const multiplexer = process.env.TMUX ? " in tmux" : process.env.STY ? " in screen" : ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/web

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #e2ea5a886876c8cd Environment-variable access.
repo/packages/web/config.mjs:1
const stage = process.env.SST_STAGE || "dev"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

</> Dependencies

@openauthjs/openauth

npm dependency
high pii_flow dependency Excluded from app score #a5cde2cecfb2d322 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/@[email protected]/src/provider/oauth2.ts:193 · flow /tmp/closeopen-qjyvbc5c/pkgs/npm/@[email protected]/src/provider/oauth2.ts:193 → /tmp/closeopen-qjyvbc5c/pkgs/npm/@[email protected]/src/provider/oauth2.ts:193
        const json: any = await fetch(config.endpoint.token, {
          method: "POST",
          headers: {
            "Content-Type": "application/x-www-form-urlencoded",
            Accept: "application/json",
          },
          body: body.toString(),
        }).then((r) => r.json())

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 13 low-confidence finding(s)
low env_fs dependency Excluded from app score #58163cadd2bede14 Environment-variable access.
pkgs/npm/@[email protected]/src/client.ts:550
  const issuer = input.issuer || process.env.OPENAUTH_ISSUER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d6e18d479f932a6 Environment-variable access.
pkgs/npm/@[email protected]/src/issuer.ts:491
  if (process.env.OPENAUTH_STORAGE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a06bf24b617a6e5 Environment-variable access.
pkgs/npm/@[email protected]/src/issuer.ts:492
    const parsed = JSON.parse(process.env.OPENAUTH_STORAGE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e3f26bd9cb885a2 Environment-variable access.
pkgs/npm/@[email protected]/src/storage/aws.ts:31
  if (process.env.AWS_ACCESS_KEY_ID && process.env.AWS_SECRET_ACCESS_KEY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #52a02387da608b87 Environment-variable access.
pkgs/npm/@[email protected]/src/storage/aws.ts:33
      accessKeyId: process.env.AWS_ACCESS_KEY_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #773712eedbba7519 Environment-variable access.
pkgs/npm/@[email protected]/src/storage/aws.ts:34
      secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a48eae7b81993ac Environment-variable access.
pkgs/npm/@[email protected]/src/storage/aws.ts:35
      sessionToken: process.env.AWS_SESSION_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f82c4b0698c907cc Environment-variable access.
pkgs/npm/@[email protected]/src/storage/aws.ts:36
      region: process.env.AWS_REGION,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a7f3521eaced176 Environment-variable access.
pkgs/npm/@[email protected]/src/storage/aws.ts:40
  if (process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #700cc954caf8eb95 Environment-variable access.
pkgs/npm/@[email protected]/src/storage/aws.ts:43
        process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1ec96fea660fdaf Environment-variable access.
pkgs/npm/@[email protected]/src/storage/aws.ts:49
      region: process.env.AWS_REGION,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17286329c90f972d Filesystem access.
pkgs/npm/@[email protected]/src/storage/memory.ts:59
      const file = readFileSync(input?.persist)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4eea083f5c995d49 Filesystem access.
pkgs/npm/@[email protected]/src/storage/memory.ts:67
    await writeFile(input.persist, file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

ai

npm dependency
high pii_flow dependency Excluded from app score #e068e000f553aab0 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]/src/realtime/realtime-session.ts:110 · flow /tmp/closeopen-qjyvbc5c/pkgs/npm/[email protected]/src/realtime/realtime-session.ts:110 → /tmp/closeopen-qjyvbc5c/pkgs/npm/[email protected]/src/realtime/realtime-session.ts:110
      const response = await fetch(this.api.token, {
        method: 'POST',
        headers: { 'Content-Type': 'application/json' },
        body: JSON.stringify({ sessionConfig: this.sessionConfig }),
      });

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

@actions/core

npm dependency
expand_more 15 low-confidence finding(s)
low env_fs dependency Excluded from app score #cfffe1541c59166c Environment-variable access.
pkgs/npm/@[email protected]/lib/core.js:67
    process.env[name] = convertedVal;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #badff92f03715f22 Environment-variable access.
pkgs/npm/@[email protected]/lib/core.js:68
    const filePath = process.env['GITHUB_ENV'] || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef5c43371a7ee360 Environment-variable access.
pkgs/npm/@[email protected]/lib/core.js:88
    const filePath = process.env['GITHUB_PATH'] || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #059745fb9ce1e889 Environment-variable access.
pkgs/npm/@[email protected]/lib/core.js:95
    process.env['PATH'] = `${inputPath}${path.delimiter}${process.env['PATH']}`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6eb2e931bd61b29c Environment-variable access.
pkgs/npm/@[email protected]/lib/core.js:108
    const val = process.env[`INPUT_${name.replace(/ /g, '_').toUpperCase()}`] || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1173291340536842 Environment-variable access.
pkgs/npm/@[email protected]/lib/core.js:166
    const filePath = process.env['GITHUB_OUTPUT'] || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #548d464fd3b6a466 Environment-variable access.
pkgs/npm/@[email protected]/lib/core.js:203
    return process.env['RUNNER_DEBUG'] === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6bfa8579b02bbc92 Environment-variable access.
pkgs/npm/@[email protected]/lib/core.js:300
    const filePath = process.env['GITHUB_STATE'] || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0a6ffc043a5a630 Environment-variable access.
pkgs/npm/@[email protected]/lib/core.js:314
    return process.env[`STATE_${name}`] || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5c289dc76ed44da Filesystem access.
pkgs/npm/@[email protected]/lib/file-command.js:31
const fs = __importStar(require("fs"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4bb66a9cde6d3fcf Environment-variable access.
pkgs/npm/@[email protected]/lib/file-command.js:35
    const filePath = process.env[`GITHUB_${command}`];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2281bc9415cafc3b Environment-variable access.
pkgs/npm/@[email protected]/lib/oidc-utils.js:25
        const token = process.env['ACTIONS_ID_TOKEN_REQUEST_TOKEN'];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2276cd502887e8c Environment-variable access.
pkgs/npm/@[email protected]/lib/oidc-utils.js:32
        const runtimeUrl = process.env['ACTIONS_ID_TOKEN_REQUEST_URL'];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9d1f6d372defcec Filesystem access.
pkgs/npm/@[email protected]/lib/summary.js:14
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e4654a74e91463d Environment-variable access.
pkgs/npm/@[email protected]/lib/summary.js:33
            const pathFromEnv = process.env[exports.SUMMARY_ENV_VAR];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@actions/github

npm dependency
expand_more 21 low-confidence finding(s)
low env_fs dependency Excluded from app score #c58b050eed291810 Filesystem access.
pkgs/npm/@[email protected]/lib/context.js:4
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ffdd210ee6f53de8 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:13
        if (process.env.GITHUB_EVENT_PATH) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9af8647999be6bfe Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:14
            if ((0, fs_1.existsSync)(process.env.GITHUB_EVENT_PATH)) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f04a604907afb1b5 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:15
                this.payload = JSON.parse((0, fs_1.readFileSync)(process.env.GITHUB_EVENT_PATH, { encoding: 'utf8' }));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6d0c722c96e91e3 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:18
                const path = process.env.GITHUB_EVENT_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d9513b5b84b2e304 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:22
        this.eventName = process.env.GITHUB_EVENT_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #341ecbfdc3186464 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:23
        this.sha = process.env.GITHUB_SHA;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd46795edac9006e Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:24
        this.ref = process.env.GITHUB_REF;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1edd083f6e59ae6b Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:25
        this.workflow = process.env.GITHUB_WORKFLOW;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aabbf8b606bfd2f8 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:26
        this.action = process.env.GITHUB_ACTION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #becae9e625f2e8c4 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:27
        this.actor = process.env.GITHUB_ACTOR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #654153e3c0b40778 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:28
        this.job = process.env.GITHUB_JOB;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e3bf9e55dfac0db Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:29
        this.runAttempt = parseInt(process.env.GITHUB_RUN_ATTEMPT, 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a3a2dab53518ecc Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:30
        this.runNumber = parseInt(process.env.GITHUB_RUN_NUMBER, 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d41596bf9d8b17f8 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:31
        this.runId = parseInt(process.env.GITHUB_RUN_ID, 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62a08670f3c9b87f Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:32
        this.apiUrl = (_a = process.env.GITHUB_API_URL) !== null && _a !== void 0 ? _a : `https://api.github.com`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2eac855ca56ff27 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:33
        this.serverUrl = (_b = process.env.GITHUB_SERVER_URL) !== null && _b !== void 0 ? _b : `https://github.com`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #801588d507fc8d1e Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:35
            (_c = process.env.GITHUB_GRAPHQL_URL) !== null && _c !== void 0 ? _c : `https://api.github.com/graphql`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3cf24f6eef812c3 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:42
        if (process.env.GITHUB_REPOSITORY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c93c321029f00dcd Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:43
            const [owner, repo] = process.env.GITHUB_REPOSITORY.split('/');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5035fc091a1d8249 Environment-variable access.
pkgs/npm/@[email protected]/lib/internal/utils.js:67
    return process.env['GITHUB_API_URL'] || 'https://api.github.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@ai-sdk/google-vertex

npm dependency
expand_more 1 low-confidence finding(s)
low egress dependency Excluded from app score #af2c8d07c40eedec Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/@[email protected]/src/edge/google-vertex-auth-edge.ts:139
    const response = await fetch('https://oauth2.googleapis.com/token', {
      method: 'POST',
      headers: withUserAgentSuffix(
        { 'Content-Type': 'application/x-www-form-urlencoded' },
        `ai-sdk/google-vertex/${VERSION}`,
        getRuntimeEnvironmentUserAgent(),
      ),
      body: new URLSearchParams({
        grant_type: 'urn:ietf:params:oauth:grant-type:jwt-bearer',
        assertion: jwt,
      }),
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

@ai-sdk/provider-utils

npm dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #456fd588c273df2a Environment-variable access.
pkgs/npm/@[email protected]/src/load-api-key.ts:30
  apiKey = process.env[environmentVariableName];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4eb498f479e21e03 Environment-variable access.
pkgs/npm/@[email protected]/src/load-optional-setting.ts:23
  settingValue = process.env[environmentVariableName];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce0abd5a4842c182 Environment-variable access.
pkgs/npm/@[email protected]/src/load-setting.ts:42
  settingValue = process.env[environmentVariableName];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@ai-sdk/togetherai

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #ff981fbbc7c831cb Environment-variable access.
pkgs/npm/@[email protected]/src/togetherai-provider.ts:105
  if (typeof process.env.TOGETHER_API_KEY === 'string') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ae3f7029ae0f2d0 Environment-variable access.
pkgs/npm/@[email protected]/src/togetherai-provider.ts:108
  const key = process.env.TOGETHER_AI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@astrojs/starlight

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #b197e10d7c57149f Filesystem access.
pkgs/npm/@[email protected]/utils/translations-fs.ts:36
			const content = fs.readFileSync(new URL(file, i18nDir), 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@aws-sdk/credential-providers

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #62dfaa9b5a48abbe Environment-variable access.
pkgs/npm/@[email protected]/dist-cjs/fromTemporaryCredentials.js:8
    return (0, fromTemporaryCredentials_base_1.fromTemporaryCredentials)(options, fromNodeProviderChain_1.fromNodeProviderChain, async ({ profile = process.env.AWS_PROFILE }) => (0, config_1.loadConfig)({

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #15d4df794d143ed7 Environment-variable access.
pkgs/npm/@[email protected]/dist-es/fromTemporaryCredentials.js:5
    return fromTemporaryCredentialsBase(options, fromNodeProviderChain, async ({ profile = process.env.AWS_PROFILE }) => loadConfig({

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@dnd-kit/dom

npm dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #f104c4bf0a58b46a Environment-variable access.
pkgs/npm/@[email protected]/index.cjs:451
  if (!("adoptedStyleSheets" in root && Array.isArray(root.adoptedStyleSheets)) && process.env.NODE_ENV !== "production") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cda6f7a9ea54304b Environment-variable access.
pkgs/npm/@[email protected]/index.cjs:459
    if (process.env.NODE_ENV !== "production") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d90068385ddb5310 Environment-variable access.
pkgs/npm/@[email protected]/index.js:450
  if (!("adoptedStyleSheets" in root && Array.isArray(root.adoptedStyleSheets)) && process.env.NODE_ENV !== "production") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff1fa512cbe8e5d5 Environment-variable access.
pkgs/npm/@[email protected]/index.js:458
    if (process.env.NODE_ENV !== "production") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@dnd-kit/solid

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #31b5e61beaf758f6 Environment-variable access.
pkgs/npm/@[email protected]/index.cjs:428
      if (process.env.NODE_ENV !== "production") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b4077ce6f0ff4c4c Environment-variable access.
pkgs/npm/@[email protected]/index.js:427
      if (process.env.NODE_ENV !== "production") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@effect/platform-node-shared

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #7b75421ba2d2f026 Filesystem access.
pkgs/npm/@[email protected]/src/NodeFileSystem.ts:416
      NFS.readFile(path, { signal }, (err, data) => {
        if (err) {
          resume(Effect.fail(handleErrnoException("FileSystem", "readFile")(err, [path])))
        } else {
          resume(Effect.succeed(data))
        }
      })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58886db42a88d1c4 Filesystem access.
pkgs/npm/@[email protected]/src/NodeFileSystem.ts:599
      NFS.writeFile(path, data, {
        signal,
        flag: options?.flag,
        mode: options?.mode
      }, (err) => {
        if (err) {
          resume(Effect.fail(handleErrnoException("FileSystem", "writeFile")(err, [path])))
        } else {
          resume(Effect.void)
        }
      })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@ff-labs/fff-bun

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs tooling Excluded from app score unknown #a09054a2d3729028 Environment-variable access.
pkgs/npm/@[email protected]/examples/search.ts:171
  const nvimCache = process.env.XDG_CACHE_HOME || join(homedir(), ".cache", "nvim");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #d0681c8a24e8f810 Environment-variable access.
pkgs/npm/@[email protected]/examples/search.ts:173
    process.env.XDG_DATA_HOME || join(homedir(), ".local", "share", "nvim");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@kobalte/core

npm dependency
expand_more 13 low-confidence finding(s)
low env_fs dependency Excluded from app score #701827a30877b6ff Environment-variable access.
pkgs/npm/@[email protected]/src/accordion/accordion.test.tsx:34
describe.skipIf(process.env.GITHUB_ACTIONS)("Accordion", () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d4957855b6ba909 Environment-variable access.
pkgs/npm/@[email protected]/src/image/image.test.tsx:18
describe.skipIf(process.env.GITHUB_ACTIONS)("Image", () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ddfebb4cd0339ec Environment-variable access.
pkgs/npm/@[email protected]/src/tabs/tabs.test.tsx:371
	it.skipIf(process.env.GITHUB_ACTIONS)(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0fd8acb5c6eb6211 Environment-variable access.
pkgs/npm/@[email protected]/src/tabs/tabs.test.tsx:396
	it.skipIf(process.env.GITHUB_ACTIONS)(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71ec5f7405cbc686 Environment-variable access.
pkgs/npm/@[email protected]/src/tabs/tabs.test.tsx:420
	it.skipIf(process.env.GITHUB_ACTIONS)(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #beb0ff8df1ceeda6 Environment-variable access.
pkgs/npm/@[email protected]/src/tabs/tabs.test.tsx:457
	it.skipIf(process.env.GITHUB_ACTIONS)(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b5a964c90351105 Environment-variable access.
pkgs/npm/@[email protected]/src/tabs/tabs.test.tsx:490
	it.skipIf(process.env.GITHUB_ACTIONS)(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6fa437d78ceceb2b Environment-variable access.
pkgs/npm/@[email protected]/src/toast/toast.test.tsx:343
	it.skipIf(process.env.GITHUB_ACTIONS)(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ef247ba3ad5da2e Environment-variable access.
pkgs/npm/@[email protected]/src/toast/toast.test.tsx:604
		it.skipIf(process.env.GITHUB_ACTIONS)(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d627d1a49509db6c Environment-variable access.
pkgs/npm/@[email protected]/src/toast/toast.test.tsx:660
		it.skipIf(process.env.GITHUB_ACTIONS)(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a48490ecfc56c3f Environment-variable access.
pkgs/npm/@[email protected]/src/toggle-group/toggle-group.test.tsx:303
	it.skipIf(process.env.GITHUB_ACTIONS)(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e77b6c900e27cff9 Environment-variable access.
pkgs/npm/@[email protected]/src/toggle-group/toggle-group.test.tsx:329
	it.skipIf(process.env.GITHUB_ACTIONS)(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b3b9cccc4807bec Environment-variable access.
pkgs/npm/@[email protected]/src/toggle-group/toggle-group.test.tsx:353
	it.skipIf(process.env.GITHUB_ACTIONS)(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@npmcli/arborist

npm dependency
expand_more 9 low-confidence finding(s)
low env_fs dependency Excluded from app score #4fe70e767fcde1d9 Environment-variable access.
pkgs/npm/@[email protected]/bin/lib/options.js:57
    cache: `${process.env.HOME}/.npm/_cacache`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34edd2c7f10b7374 Environment-variable access.
pkgs/npm/@[email protected]/lib/debug.js:16
const debug = process.env.ARBORIST_DEBUG !== '0' && (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f531500c820f9137 Environment-variable access.
pkgs/npm/@[email protected]/lib/debug.js:17
  process.env.ARBORIST_DEBUG === '1' ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dde9e35ac02de58a Environment-variable access.
pkgs/npm/@[email protected]/lib/debug.js:18
  /\barborist\b/.test(process.env.NODE_DEBUG || '') ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad215b55e367ebde Environment-variable access.
pkgs/npm/@[email protected]/lib/debug.js:19
  process.env.npm_package_name === '@npmcli/arborist' &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b337e77a284a846 Environment-variable access.
pkgs/npm/@[email protected]/lib/debug.js:20
  ['test', 'snap'].includes(process.env.npm_lifecycle_event) ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #469a03a686d0eadb Filesystem access.
pkgs/npm/@[email protected]/lib/shrinkwrap.js:387
      this.#filenameSet.map(file => file && readFile(file, 'utf8').then(d => d, er => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14ad6c6e679a33cb Filesystem access.
pkgs/npm/@[email protected]/lib/shrinkwrap.js:1165
      writeFile(this.filename, json).catch(er => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d419b2f9aceeb3e Filesystem access.
pkgs/npm/@[email protected]/lib/shrinkwrap.js:1177
        writeFile(this.path + '/yarn.lock', this.yarnLock.toString()),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@npmcli/config

npm dependency
expand_more 18 low-confidence finding(s)
low env_fs dependency Excluded from app score #81703b4eae280a58 Filesystem access.
pkgs/npm/@[email protected]/lib/definitions/definitions.js:13
    return readFileSync(file, 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #52f574a8ad2d3ae6 Environment-variable access.
pkgs/npm/@[email protected]/lib/definitions/definitions.js:51
    process.env.NODE_ENV = 'production'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba43fd0ac68809c5 Environment-variable access.
pkgs/npm/@[email protected]/lib/definitions/definitions.js:57
const editor = process.env.EDITOR ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d3cc400615cd1c2 Environment-variable access.
pkgs/npm/@[email protected]/lib/definitions/definitions.js:58
  process.env.VISUAL ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #350d876b9f277f0a Environment-variable access.
pkgs/npm/@[email protected]/lib/definitions/definitions.js:59
  (isWindows ? `${process.env.SYSTEMROOT}\\notepad.exe` : 'vi')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55d724f5d3460bde Environment-variable access.
pkgs/npm/@[email protected]/lib/definitions/definitions.js:61
const shell = isWindows ? process.env.ComSpec || 'cmd'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #314344d884a2f919 Environment-variable access.
pkgs/npm/@[email protected]/lib/definitions/definitions.js:62
  : process.env.SHELL || 'sh'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a6ca901e8be62ab Environment-variable access.
pkgs/npm/@[email protected]/lib/definitions/definitions.js:76
  process.env.LC_ALL ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7222b6d94758f1f3 Environment-variable access.
pkgs/npm/@[email protected]/lib/definitions/definitions.js:77
  process.env.LC_CTYPE ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3da179774bb1aae3 Environment-variable access.
pkgs/npm/@[email protected]/lib/definitions/definitions.js:78
  process.env.LANG

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4725ce9725b6925c Environment-variable access.
pkgs/npm/@[email protected]/lib/definitions/definitions.js:83
const cacheRoot = (isWindows && process.env.LOCALAPPDATA) || '~'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf3cbe57a6172713 Environment-variable access.
pkgs/npm/@[email protected]/lib/definitions/definitions.js:450
    default: !process.env.NO_COLOR || process.env.NO_COLOR === '0',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e629ea2c6a9f5e6a Environment-variable access.
pkgs/npm/@[email protected]/lib/definitions/definitions.js:1442
    default: process.env.NODE_ENV === 'production' ? ['dev'] : [],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3a812a56f717bc7 Environment-variable access.
pkgs/npm/@[email protected]/lib/definitions/definitions.js:1678
    default: !(ciInfo.isCI || !process.stderr.isTTY || !process.stdout.isTTY || process.env.TERM === 'dumb'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #924ec498f8f6efb8 Environment-variable access.
pkgs/npm/@[email protected]/lib/definitions/definitions.js:1691
      flatOptions.progress = !!obj.progress && !!process.stderr.isTTY && !!process.stdout.isTTY && process.env.TERM !== 'dumb'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aba074c33506b37f Environment-variable access.
pkgs/npm/@[email protected]/lib/definitions/definitions.js:2341
      process.env.npm_config_user_agent = flatOptions.userAgent

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d90452ae9e7d479 Filesystem access.
pkgs/npm/@[email protected]/lib/index.js:646
    await readFile(file, 'utf8').then(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e86d53a0c3da438 Filesystem access.
pkgs/npm/@[email protected]/lib/index.js:804
    await writeFile(conf.source, iniData, 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@opentui/core

npm dependency
expand_more 37 low-confidence finding(s)
low env_fs dependency Excluded from app score #bc28e05923b3e733 Filesystem access.
pkgs/npm/@[email protected]/index-d5xqskty.js:714
  await writeFileNode(destinationPath, bytes, { mode: options?.mode });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f12048c2e6f5242b Filesystem access.
pkgs/npm/@[email protected]/index-d5xqskty.js:719
import { existsSync as existsSync3, writeFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f91ee0c60b11d28 Environment-variable access.
pkgs/npm/@[email protected]/index-d5xqskty.js:5935
  const envValue = process.env[config.name];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f4afc82021a1f57c Filesystem access.
pkgs/npm/@[email protected]/index-d5xqskty.js:7917
import { existsSync as existsSync2 } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f58c9ace0b2299a4 Environment-variable access.
pkgs/npm/@[email protected]/index-d5xqskty.js:11808
  const libc = process.env.OPENTUI_LIBC;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76a0b29b95663ab5 Environment-variable access.
pkgs/npm/@[email protected]/index-d5xqskty.js:11823
      if (process.env.OPENTUI_LIBC === "musl") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #722d36f24c402756 Environment-variable access.
pkgs/npm/@[email protected]/index-d5xqskty.js:11830
      if (process.env.OPENTUI_LIBC === "musl") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0846b046aca76294 Filesystem access.
pkgs/npm/@[email protected]/index-d5xqskty.js:13284
      writeFileSync(logPath, msg + `
`, { flag: "a" });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c2f016bda6f0d39 Filesystem access.
pkgs/npm/@[email protected]/index-xt9f071j.js:5371
      fs.writeFileSync(filepath, content, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c68437dd1e1a5963 Environment-variable access.
pkgs/npm/@[email protected]/index-xt9f071j.js:6658
  if (process.env.OTUI_USE_ALTERNATE_SCREEN !== undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6781ec81acbd146d Environment-variable access.
pkgs/npm/@[email protected]/index-xt9f071j.js:6663
  if (process.env.OTUI_OVERRIDE_STDOUT !== undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9e21fffc3629507 Environment-variable access.
pkgs/npm/@[email protected]/index-xt9f071j.js:7208
      const value = process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c8800b3f16e7b43 Filesystem access.
pkgs/npm/@[email protected]/index.js:2643
    const bytes = await readFile(filePath).catch((err) => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db5374d9e94ca93b Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:5
import { readFile as readFile2, writeFile as writeFile2, mkdir as mkdir2 } from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #930f574c5b2c301e Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:9
import { mkdir, readFile, writeFile } from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d39ab134b342923 Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:35
        const cachedContent = await readFile(cacheFile);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0342236b4d36c7c8 Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:49
          await writeFile(cacheFile, Buffer.from(content));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4f0a744c181b770 Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:61
        const content = await readFile(source);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2ec9bba0f6ccf46 Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:79
        await writeFile(targetPath, Buffer.from(content));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d489888f6de8fa5 Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:88
        const content = await readFile(source);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #143f542a01a25047 Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:89
        await writeFile(targetPath, Buffer.from(content));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e0d61bb6db28b83 Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:118
import { readdir } from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6fbcc569b95eba5a Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:142
    const configContent = await readFile2(resolvedConfigPath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3fb336e3eeddbccf Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:170
        const content = await readFile2(localPath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b2ed7a03bb92b11 Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:204
  await writeFile2(queryPath, combinedContent, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #220b6827886c4cf6 Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:276
  await writeFile2(outputPath, fileContent, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #552bcd15eef5b4c9 Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:44
import { mkdir as mkdir3 } from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d078289ee4d7a220 Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:48
import { mkdir, readFile, writeFile } from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b483ef57ad289bed Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:74
        const cachedContent = await readFile(cacheFile);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86f1b219967b6cbf Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:88
          await writeFile(cacheFile, Buffer.from(content));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9eb8027cb765497 Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:100
        const content = await readFile(source);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d025243eea92fdc Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:118
        await writeFile(targetPath, Buffer.from(content));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a261a9a562c4e456 Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:127
        const content = await readFile(source);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e679bf425b704c44 Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:128
        await writeFile(targetPath, Buffer.from(content));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31a1cf20393d1aa7 Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:322
  await writeFileNode(destinationPath, bytes, { mode: options?.mode });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be316c50b05543d2 Filesystem access.
pkgs/npm/@[email protected]/runtime-plugin.js:113
                const packageJson = JSON.parse(readFileSync(packageJsonPath, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4493154de947923d Filesystem access.
pkgs/npm/@[email protected]/runtime-plugin.js:374
                    contents = readFileSync(normalizedPath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@opentui/solid

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #6f62d057a570f8f9 Environment-variable access.
pkgs/npm/@[email protected]/index.bun.js:517
  if (process.env.DEBUG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ab3225231c6feea Environment-variable access.
pkgs/npm/@[email protected]/index.js:491
  if (process.env.DEBUG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@parcel/watcher

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs tooling Excluded from app score unknown #65b90d411b2c0a79 Environment-variable access.
pkgs/npm/@[email protected]/scripts/build-from-source.js:5
if (process.env.npm_config_build_from_source === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@silvia-odwyer/photon-node

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #9b21c7241cfa7ee8 Filesystem access.
pkgs/npm/@[email protected]/photon_rs.js:4513
const bytes = require('fs').readFileSync(path);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@tanstack/solid-query

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #c508cd97bcb6c3d0 Environment-variable access.
pkgs/npm/@[email protected]/src/useBaseQuery.ts:46
      if (process.env.NODE_ENV !== 'production') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@upstash/redis

npm dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #d393b78ada067e6b Environment-variable access.
pkgs/npm/@[email protected]/nodejs.js:5712
    const url = process.env.UPSTASH_REDIS_REST_URL || process.env.KV_REST_API_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #edb69b3b77690b1f Environment-variable access.
pkgs/npm/@[email protected]/nodejs.js:5716
    const token = process.env.UPSTASH_REDIS_REST_TOKEN || process.env.KV_REST_API_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4c2a193b8bd54c5 Environment-variable access.
pkgs/npm/@[email protected]/nodejs.mjs:272
    const url = process.env.UPSTASH_REDIS_REST_URL || process.env.KV_REST_API_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5ff3e371bfb1207 Environment-variable access.
pkgs/npm/@[email protected]/nodejs.mjs:276
    const token = process.env.UPSTASH_REDIS_REST_TOKEN || process.env.KV_REST_API_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

bun-pty

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #6c1a94e954cf58e6 Environment-variable access.
pkgs/npm/[email protected]/src/terminal.integration.test.ts:7
const runIntegrationTests = process.env.RUN_INTEGRATION_TESTS === "true";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3fb79b4bc4c1bfb6 Environment-variable access.
pkgs/npm/[email protected]/src/terminal.ts:32
	const env = process.env.BUN_PTY_LIB;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

chokidar

npm dependency
expand_more 14 low-confidence finding(s)
low env_fs dependency Excluded from app score #c39791ebe504395b Filesystem access.
pkgs/npm/[email protected]/esm/handler.d.ts:1
import type { WatchEventType, Stats, FSWatcher as NativeFsWatcher } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7240f5bc8262a6db Filesystem access.
pkgs/npm/[email protected]/esm/handler.js:1
import { watchFile, unwatchFile, watch as fs_watch } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1358f31577675e7d Filesystem access.
pkgs/npm/[email protected]/esm/handler.js:2
import { open, stat, lstat, realpath as fsrealpath } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98316b7ba85bc302 Filesystem access.
pkgs/npm/[email protected]/esm/index.d.ts:2
import { Stats } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e3637e7708f2cd8 Filesystem access.
pkgs/npm/[email protected]/esm/index.js:2
import { stat as statcb } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67029f1998d4cdab Filesystem access.
pkgs/npm/[email protected]/esm/index.js:3
import { stat, readdir } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c96d11a82965dd5 Environment-variable access.
pkgs/npm/[email protected]/esm/index.js:260
        const envPoll = process.env.CHOKIDAR_USEPOLLING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50542c00260d4396 Environment-variable access.
pkgs/npm/[email protected]/esm/index.js:270
        const envInterval = process.env.CHOKIDAR_INTERVAL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1cd8c9aaf6598029 Filesystem access.
pkgs/npm/[email protected]/handler.d.ts:1
import type { WatchEventType, Stats, FSWatcher as NativeFsWatcher } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3699a7275a79d5c2 Filesystem access.
pkgs/npm/[email protected]/handler.js:4
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d31f924612844ff7 Filesystem access.
pkgs/npm/[email protected]/index.d.ts:2
import { Stats } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #772d73bac7541de1 Filesystem access.
pkgs/npm/[email protected]/index.js:6
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd0e896a825138a0 Environment-variable access.
pkgs/npm/[email protected]/index.js:265
        const envPoll = process.env.CHOKIDAR_USEPOLLING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ccc8d513e31c8ce Environment-variable access.
pkgs/npm/[email protected]/index.js:275
        const envInterval = process.env.CHOKIDAR_INTERVAL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

clipboardy

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #59d31a94831ab25b Environment-variable access.
pkgs/npm/[email protected]/index.js:19
			if (process.env.PREFIX !== '/data/data/com.termux/files/usr') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

cross-spawn

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #b7a7fb4f2da96ef6 Environment-variable access.
pkgs/npm/[email protected]/lib/parse.js:58
        parsed.command = process.env.comspec || 'cmd.exe';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #607ae540e83033f8 Filesystem access.
pkgs/npm/[email protected]/lib/util/readShebang.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

drizzle-orm

npm dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #c14b359a55443a19 Filesystem access.
pkgs/npm/[email protected]/migrator.cjs:43
  const journalAsString = import_node_fs.default.readFileSync(`${migrationFolderTo}/meta/_journal.json`).toString();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #445c55413a1e0759 Filesystem access.
pkgs/npm/[email protected]/migrator.cjs:48
      const query = import_node_fs.default.readFileSync(`${migrationFolderTo}/${journalEntry.tag}.sql`).toString();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ce8d85401b06ddc Filesystem access.
pkgs/npm/[email protected]/migrator.js:10
  const journalAsString = fs.readFileSync(`${migrationFolderTo}/meta/_journal.json`).toString();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dce77fd2da07693e Filesystem access.
pkgs/npm/[email protected]/migrator.js:15
      const query = fs.readFileSync(`${migrationFolderTo}/${journalEntry.tag}.sql`).toString();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

electron-context-menu

npm dependency
expand_more 1 low-confidence finding(s)
low egress dependency Excluded from app score #8fa567404b232c8b Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/index.js:66
					const url = new URL('https://www.google.com/search');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

electron-log

npm dependency
expand_more 18 low-confidence finding(s)
low env_fs dependency Excluded from app score #f24c9617b8a7753f Filesystem access.
pkgs/npm/[email protected]/src/main/initialize.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed84fb0f3ebf005b Filesystem access.
pkgs/npm/[email protected]/src/main/initialize.js:81
    fs.writeFileSync(preloadPath, preloadCode, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #53906ba9e1316f04 Environment-variable access.
pkgs/npm/[email protected]/src/node/NodeExternalApi.js:121
        return process.env.APPDATA || path.join(home, 'AppData/Roaming');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e392a0c0bcc5248 Environment-variable access.
pkgs/npm/[email protected]/src/node/NodeExternalApi.js:125
        return process.env.XDG_CONFIG_HOME || path.join(home, '.config');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f65e3c4cddd8e659 Environment-variable access.
pkgs/npm/[email protected]/src/node/NodeExternalApi.js:131
    return os.homedir?.() || process.env.HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3eef27c02bedfc9e Environment-variable access.
pkgs/npm/[email protected]/src/node/NodeExternalApi.js:147
    return process.env.NODE_ENV === 'development'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3f2285c9adec5e5 Environment-variable access.
pkgs/npm/[email protected]/src/node/NodeExternalApi.js:148
      || process.env.ELECTRON_IS_DEV === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d884f7c6554b4ba Filesystem access.
pkgs/npm/[email protected]/src/node/packageJson.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0b6dbeb1b6f215f Filesystem access.
pkgs/npm/[email protected]/src/node/packageJson.js:39
    const json = JSON.parse(fs.readFileSync(fileName, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e95fc63c461fe597 Environment-variable access.
pkgs/npm/[email protected]/src/node/transports/console.js:56
    useStyles: process.env.FORCE_STYLES,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ffe1ee5cf6f1f63 Filesystem access.
pkgs/npm/[email protected]/src/node/transports/file/File.js:4
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6eb267b449095c8f Filesystem access.
pkgs/npm/[email protected]/src/node/transports/file/File.js:34
      fs.writeFileSync(this.path, '', {
        mode: this.writeOptions.mode,
        flag: 'w',
      });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4438066d35e067d5 Filesystem access.
pkgs/npm/[email protected]/src/node/transports/file/File.js:96
    fs.writeFile(this.path, text, this.writeOptions, (e) => {
      file.hasActiveAsyncWriting = false;

      if (e) {
        file.emit(
          'error',
          new Error(`Couldn't write to ${file.path}. ${e.message}`),
          this,
        );
      } else {
        file.increaseBytesWrittenCounter(text);
      }

      file.nextAsyncWrite();
    });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07d5209f51a87803 Filesystem access.
pkgs/npm/[email protected]/src/node/transports/file/File.js:132
      fs.writeFileSync(this.path, text, this.writeOptions);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #367c54ad90790b95 Filesystem access.
pkgs/npm/[email protected]/src/node/transports/file/FileRegistry.js:4
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34013034a0f82d52 Filesystem access.
pkgs/npm/[email protected]/src/node/transports/file/FileRegistry.js:72
    fs.writeFileSync(filePath, '', { flag: 'a', mode: writeOptions.mode });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f8911e8aee9418f Filesystem access.
pkgs/npm/[email protected]/src/node/transports/file/index.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4a1c138dbf3eaf2 Filesystem access.
pkgs/npm/[email protected]/src/node/transports/file/index.js:149
            lines: fs.readFileSync(logPath, 'utf8').split(os.EOL),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

electron-updater

npm dependency
expand_more 15 low-confidence finding(s)
low env_fs dependency Excluded from app score #55f3fd0c09e2d26a Environment-variable access.
pkgs/npm/[email protected]/out/AppAdapter.js:11
        result = process.env["LOCALAPPDATA"] || path.join(homedir, "AppData", "Local");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76bd0389f6e12d21 Environment-variable access.
pkgs/npm/[email protected]/out/AppAdapter.js:17
        result = process.env["XDG_CACHE_HOME"] || path.join(homedir, ".cache");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47d86f02b9a58bfc Filesystem access.
pkgs/npm/[email protected]/out/AppImageUpdater.js:7
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f107e7a2a859839 Environment-variable access.
pkgs/npm/[email protected]/out/AppImageUpdater.js:18
        if (process.env["APPIMAGE"] == null && !this.forceDevUpdateConfig) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67400a0b29a8115d Environment-variable access.
pkgs/npm/[email protected]/out/AppImageUpdater.js:19
            if (process.env["SNAP"] == null) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe19bdb07a6120f5 Environment-variable access.
pkgs/npm/[email protected]/out/AppImageUpdater.js:38
                const oldFile = process.env["APPIMAGE"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b4405e0b74569872 Environment-variable access.
pkgs/npm/[email protected]/out/AppImageUpdater.js:73
        const appImageFile = process.env["APPIMAGE"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31e426f577dd24d5 Filesystem access.
pkgs/npm/[email protected]/out/DownloadedUpdateHelper.js:6
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c07e8d95cb03f6be Environment-variable access.
pkgs/npm/[email protected]/out/LinuxUpdater.js:96
        const pmOverride = (_a = process.env.ELECTRON_BUILDER_LINUX_PACKAGE_MANAGER) === null || _a === void 0 ? void 0 : _a.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #238ea38fd2e936c1 Filesystem access.
pkgs/npm/[email protected]/out/MacUpdater.js:6
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d54b39e62f51570a Filesystem access.
pkgs/npm/[email protected]/out/differentialDownloader/DataSplitter.js:6
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1189a407d891ec62 Filesystem access.
pkgs/npm/[email protected]/out/differentialDownloader/DifferentialDownloader.js:6
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0909e6c1c248d9b Environment-variable access.
pkgs/npm/[email protected]/out/differentialDownloader/downloadPlanBuilder.js:73
const isValidateOperationRange = process.env["DIFFERENTIAL_DOWNLOAD_PLAN_BUILDER_VALIDATE_RANGES"] === "true";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f6da0bc14f619be Environment-variable access.
pkgs/npm/[email protected]/out/providerFactory.js:24
            const token = (githubOptions.private ? process.env["GH_TOKEN"] || process.env["GITHUB_TOKEN"] : null) || githubOptions.token;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24be5d3736e61d5e Environment-variable access.
pkgs/npm/[email protected]/out/providers/Provider.js:32
            const arch = process.env["TEST_UPDATER_ARCH"] || process.arch;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

electron-window-state

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #c90a701f455e43e3 Filesystem access.
pkgs/npm/[email protected]/index.js:110
      jsonfile.writeFileSync(fullStoreFileName, state);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66442546ea15577e Filesystem access.
pkgs/npm/[email protected]/index.js:159
    state = jsonfile.readFileSync(fullStoreFileName);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

gray-matter

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #57d67c292ade276f Filesystem access.
pkgs/npm/[email protected]/index.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aee26db605de6e56 Filesystem access.
pkgs/npm/[email protected]/index.js:179
  const str = fs.readFileSync(filepath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

immer

npm dependency
expand_more 5 low-confidence finding(s)
low env_fs dependency Excluded from app score #0293e5a1098a04b6 Environment-variable access.
pkgs/npm/[email protected]/src/core/proxy.ts:269
	if (process.env.NODE_ENV !== "production" && isNaN(parseInt(prop as any)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c6e48e2a212735f Environment-variable access.
pkgs/npm/[email protected]/src/core/proxy.ts:276
		process.env.NODE_ENV !== "production" &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2a4792e9ec7ff02 Environment-variable access.
pkgs/npm/[email protected]/src/plugins/patches.ts:37
	if (process.env.NODE_ENV !== "production") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f892449c8fa17ad Environment-variable access.
pkgs/npm/[email protected]/src/utils/errors.ts:4
	process.env.NODE_ENV !== "production"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9082d7160c478257 Environment-variable access.
pkgs/npm/[email protected]/src/utils/errors.ts:42
	if (process.env.NODE_ENV !== "production") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

katex

npm dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #7174300f768545e7 Filesystem access.
pkgs/npm/[email protected]/cli.js:21
const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb8be1be120c0afc Filesystem access.
pkgs/npm/[email protected]/cli.js:42
        fs.readFile(options.macroFile, "utf-8", function(err, data) {
            if (err) {throw err;}
            splitMacros(data.toString().split('\n'));
        });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a03df23e6fb00949 Filesystem access.
pkgs/npm/[email protected]/cli.js:73
        fs.readFile(options.input, "utf-8", function(err, data) {
            if (err) {throw err;}
            input = data.toString();
            writeOutput(input);
        });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c06755a141637df Filesystem access.
pkgs/npm/[email protected]/cli.js:97
        fs.writeFile(outputFile, output, function(err) {
            if (err) {
                return console.log(err);
            }
        });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

open

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #12919837c2d27d78 Filesystem access.
pkgs/npm/[email protected]/index.js:52
		const configContent = await fs.readFile(configFilePath, {encoding: 'utf8'});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6e864b47549b1d2 Environment-variable access.
pkgs/npm/[email protected]/index.js:219
			: `${process.env.SYSTEMROOT || process.env.windir || 'C:\\Windows'}\\System32\\WindowsPowerShell\\v1.0\\powershell`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

postgres

npm dependency
expand_more 8 low-confidence finding(s)
low env_fs dependency Excluded from app score #361af8417d55d2de Filesystem access.
pkgs/npm/[email protected]/cf/src/index.js:133
        fs.readFile(path, 'utf8', (err, string) => {
          if (err)
            return query.reject(err)

          query.strings = [string]
          handler(query)
        })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7086b5358e792d97 Environment-variable access.
pkgs/npm/[email protected]/cf/src/index.js:565
    return process.env.USERNAME || process.env.USER || process.env.LOGNAME  // eslint-disable-line

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24780e366b44670e Filesystem access.
pkgs/npm/[email protected]/cjs/src/index.js:2
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #440475d639a5ef4a Filesystem access.
pkgs/npm/[email protected]/cjs/src/index.js:132
        fs.readFile(path, 'utf8', (err, string) => {
          if (err)
            return query.reject(err)

          query.strings = [string]
          handler(query)
        })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1810beca0ba9c7bb Environment-variable access.
pkgs/npm/[email protected]/cjs/src/index.js:564
    return process.env.USERNAME || process.env.USER || process.env.LOGNAME  // eslint-disable-line

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96744ad27815798b Filesystem access.
pkgs/npm/[email protected]/src/index.js:2
import fs from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f788174d024bbf93 Filesystem access.
pkgs/npm/[email protected]/src/index.js:132
        fs.readFile(path, 'utf8', (err, string) => {
          if (err)
            return query.reject(err)

          query.strings = [string]
          handler(query)
        })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a470b21fa337593 Environment-variable access.
pkgs/npm/[email protected]/src/index.js:564
    return process.env.USERNAME || process.env.USER || process.env.LOGNAME  // eslint-disable-line

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

typescript

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #e49401fd85c87baf Filesystem access.
pkgs/npm/[email protected]/lib/getExePath.js:11
    const pkg = JSON.parse(fs.readFileSync(path.join(__dirname, "..", "package.json"), "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

vscode-jsonrpc

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #fc908c5f2c8c8500 Environment-variable access.
pkgs/npm/[email protected]/lib/node/main.js:152
const XDG_RUNTIME_DIR = process.env['XDG_RUNTIME_DIR'];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

web-tree-sitter

npm dependency
expand_more 20 low-confidence finding(s)
low env_fs dependency Excluded from app score #aec4abcda46dd9d0 Filesystem access.
pkgs/npm/[email protected]/debug/tree-sitter.cjs:83
          var fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d410213270fb434c Filesystem access.
pkgs/npm/[email protected]/debug/tree-sitter.cjs:88
            var ret = fs.readFileSync(filename);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4575ed1870197a84 Filesystem access.
pkgs/npm/[email protected]/debug/tree-sitter.cjs:94
            var ret = fs.readFileSync(filename, binary2 ? void 0 : "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #883e0eaa6c458679 Filesystem access.
pkgs/npm/[email protected]/debug/tree-sitter.cjs:4287
        bytes = fs2.readFile(input);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7cef35d5afd5173 Filesystem access.
pkgs/npm/[email protected]/debug/tree-sitter.js:2035
        bytes = fs2.readFile(input);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f871c97c9380040 Filesystem access.
pkgs/npm/[email protected]/debug/tree-sitter.js:2109
      var fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4fecaa514da6234 Filesystem access.
pkgs/npm/[email protected]/debug/tree-sitter.js:2116
        var ret = fs.readFileSync(filename);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f817bb6bacf8b851 Filesystem access.
pkgs/npm/[email protected]/debug/tree-sitter.js:2122
        var ret = fs.readFileSync(filename, binary2 ? void 0 : "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d9bc4095f8dd3b95 Filesystem access.
pkgs/npm/[email protected]/lib/tree-sitter.cjs:98
  var fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d5a159578dd8f045 Filesystem access.
pkgs/npm/[email protected]/lib/tree-sitter.cjs:105
    var ret = fs.readFileSync(filename);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1082989e4d306849 Filesystem access.
pkgs/npm/[email protected]/lib/tree-sitter.cjs:112
    var ret = fs.readFileSync(filename, binary ? undefined : "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #675563579605d397 Filesystem access.
pkgs/npm/[email protected]/src/language.ts:265
        bytes = fs.readFile(input);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b4dbfaa6efe6a87a Filesystem access.
pkgs/npm/[email protected]/tree-sitter.cjs:75
          var fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31c6a72cdc687eb1 Filesystem access.
pkgs/npm/[email protected]/tree-sitter.cjs:80
            var ret = fs.readFileSync(filename);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #460b3fd28a975971 Filesystem access.
pkgs/npm/[email protected]/tree-sitter.cjs:85
            var ret = fs.readFileSync(filename, binary2 ? void 0 : "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d249a10aa3983d39 Filesystem access.
pkgs/npm/[email protected]/tree-sitter.cjs:3760
        bytes = fs2.readFile(input);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be0b802e442eec99 Filesystem access.
pkgs/npm/[email protected]/tree-sitter.js:2035
        bytes = fs2.readFile(input);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31b6cc6da07e035e Filesystem access.
pkgs/npm/[email protected]/tree-sitter.js:2101
      var fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7217915dd3803a0a Filesystem access.
pkgs/npm/[email protected]/tree-sitter.js:2108
        var ret = fs.readFileSync(filename);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #542f25cd04c4d694 Filesystem access.
pkgs/npm/[email protected]/tree-sitter.js:2113
        var ret = fs.readFileSync(filename, binary2 ? void 0 : "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

ws

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #0722633bfced4b92 Environment-variable access.
pkgs/npm/[email protected]/lib/buffer-util.js:115
if (!process.env.WS_NO_BUFFER_UTIL) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b25a8c38caa52973 Environment-variable access.
pkgs/npm/[email protected]/lib/validation.js:142
} /* istanbul ignore else  */ else if (!process.env.WS_NO_UTF_8_VALIDATE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

yargs

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #c39add969591b108 Environment-variable access.
pkgs/npm/[email protected]/lib/platform-shims/esm.mjs:29
    return process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

Skipped dependencies

Production

  • @opencode-ai/plugin prod — dist-only: no readable source
  • @opencode-ai/script prod — registry 404
  • @opencode-ai/sdk prod — dist-only: no readable source
  • @agentclientprotocol/sdk prod — dist-only: no readable source
  • @clack/prompts prod — dist-only: no readable source
  • @gitlab/opencode-gitlab-auth prod — dist-only: no readable source
  • @modelcontextprotocol/sdk prod — dist-only: no readable source
  • @opencode-ai/codemode prod — registry 404
  • @opencode-ai/llm prod — registry 404
  • @opencode-ai/tui prod — registry 404
  • @openrouter/ai-sdk-provider prod — dist-only: no readable source
  • @pierre/diffs prod — dist-only: no readable source
  • @solid-primitives/event-bus prod — dist-only: no readable source
  • @solid-primitives/scheduled prod — dist-only: no readable source
  • @standard-schema/spec prod — dist-only: no readable source
  • ai-gateway-provider prod — dist-only: no readable source
  • gitlab-ai-provider prod — dist-only: no readable source
  • minimatch prod — dist-only: no readable source
  • opencode-gitlab-auth prod — dist-only: no readable source
  • opencode-poe-auth prod — dist-only: no readable source
  • opentui-spinner prod — dist-only: no readable source
  • partial-json prod — dist-only: no readable source
  • remeda prod — dist-only: no readable source
  • ulid prod — dist-only: no readable source
  • venice-ai-sdk-provider prod — dist-only: no readable source
  • hono prod — dist-only: no readable source
  • jose prod — dist-only: no readable source
  • @opencode-ai/client prod — no javascript source
  • acorn prod — dist-only: no readable source
  • @opencode-ai/effect-drizzle-sqlite prod — registry 404
  • @opencode-ai/effect-sqlite-node prod — registry 404
  • @shikijs/transformers prod — dist-only: no readable source
  • @solid-primitives/bounds prod — dist-only: no readable source
  • @solid-primitives/event-listener prod — dist-only: no readable source
  • @solid-primitives/media prod — dist-only: no readable source
  • @solid-primitives/resize-observer prod — dist-only: no readable source
  • @shikijs/stream prod — dist-only: no readable source
  • dompurify prod — dist-only: no readable source
  • marked-shiki prod — dist-only: no readable source
  • motion prod — dist-only: no readable source
  • motion-dom prod — dist-only: no readable source
  • motion-utils prod — dist-only: no readable source
  • remend prod — dist-only: no readable source
  • shiki prod — dist-only: no readable source
  • solid-list prod — dist-only: no readable source
  • @slack/bolt prod — dist-only: no readable source
  • @corvu/drawer prod — dist-only: no readable source
  • @dnd-kit/helpers prod — dist-only: no readable source
  • @pierre/trees prod — dist-only: no readable source
  • @solid-primitives/active-element prod — dist-only: no readable source
  • @solid-primitives/audio prod — dist-only: no readable source
  • @solid-primitives/scroll prod — dist-only: no readable source
  • @solid-primitives/timer prod — dist-only: no readable source
  • @solid-primitives/websocket prod — dist-only: no readable source
  • @thisbeyond/solid-dnd prod — dist-only: no readable source
  • solid-presence prod — dist-only: no readable source
  • ghostty-web prod — dist-only: no readable source
  • aws4fetch prod — dist-only: no readable source
  • @hono/standard-validator prod — dist-only: no readable source
  • hono-openapi prod — dist-only: no readable source
  • @astrojs/cloudflare prod — dist-only: no readable source
  • @astrojs/markdown-remark prod — dist-only: no readable source
  • @astrojs/solid-js prod — dist-only: no readable source
  • @fontsource/ibm-plex-mono prod — no javascript source
  • @jsx-email/all prod — dist-only: no readable source
  • @jsx-email/cli prod — dist-only: no readable source
  • @opencode-ai/console-core prod — registry 404
  • @opencode-ai/console-resource prod — registry 404
  • @jsx-email/render prod — dist-only: no readable source
  • @opencode-ai/console-mail prod — registry 404
  • @planetscale/database prod — dist-only: no readable source
  • @cloudflare/vite-plugin prod — dist-only: no readable source
  • @ibm/plex prod — tarball exceeds byte cap
  • solid-stripe prod — dist-only: no readable source
  • @opencode-ai/stats-core prod — registry 404
  • d3-geo prod — scan budget exceeded
  • d3-scale prod — scan budget exceeded
  • i18n-iso-countries prod — scan budget exceeded
  • topojson-client prod — scan budget exceeded
  • world-atlas prod — scan budget exceeded