Close Open Privacy Scan

link https://github.com/chalk/chalk
bolt Snapshot: commit aa06bb5
science engine v1
schedule 2026-06-26T05:02:58.882940+00:00

verified_user No application data leak found

No high-confidence exfiltration was found in application code.

App Privacy Score

100 /100
Low privacy risk

Low risk · 27 finding(s)

Dependency score: 97 (Low risk)

bar_chart Score Breakdown

No category deductions recorded.

list Scan Summary

0 high 0 medium 27 low
First-party packages: 0
Dependency packages: 3
Ecosystem: npm

swap_horiz Application data flows

No high- or medium-confidence application data-flow findings in this scan.

</> Dependencies

ava

npm dependency
expand_more 9 low-confidence finding(s)
low env_fs dependency Excluded from app score #e98fff8730c928f9 Environment-variable access.
pkgs/npm/[email protected]/lib/cli.js:297 
		if (debug !== null && !process.env.TEST_AVA) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #ff979a3e58cda8c7 Environment-variable access.
pkgs/npm/[email protected]/lib/cli.js:454 
	if (process.env.TEST_AVA) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #0599cb7c003cfd7d Environment-variable access.
pkgs/npm/[email protected]/lib/cli.js:496 
		if (process.env.TEST_AVA) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #b2571b74bd364f07 Filesystem access.
pkgs/npm/[email protected]/lib/code-excerpt.js:21 
		contents = fs.readFileSync(new URL(file), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #0f5b3de1a0dd93e4 Environment-variable access.
pkgs/npm/[email protected]/lib/load-config.js:44 
const gitScmFile = process.env.AVA_FAKE_SCM_ROOT ?? '.git';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #d02f4f78fcb8bb80 Filesystem access.
pkgs/npm/[email protected]/lib/scheduler.js:43 
			failedTestFiles = JSON.parse(fs.readFileSync(filePath));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #7511f4fd0d4abc58 Filesystem access.
pkgs/npm/[email protected]/lib/snapshot-manager.js:80 
		return fs.readFileSync(file);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #baa8b9537946c505 Environment-variable access.
pkgs/npm/[email protected]/lib/watcher.js:20 
const takeCoverageForSelfTests = process.env.TEST_AVA ? v8.takeCoverage : undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #027386c2caa57903 Filesystem access.
pkgs/npm/[email protected]/lib/worker/line-numbers.js:10 
	const ast = acorn.parse(fs.readFileSync(file, 'utf8'), {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

c8

npm dependency
expand_more 14 low-confidence finding(s)
low env_fs dependency Excluded from app score #1c46721556465416 Environment-variable access.
pkgs/npm/[email protected]/bin/c8.js:27 
    process.env.NODE_V8_COVERAGE = argv.tempDirectory

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #53de22859481dd12 Environment-variable access.
pkgs/npm/[email protected]/lib/commands/report.js:40 
    monocartArgv: (argv.experimentalMonocart || process.env.EXPERIMENTAL_MONOCART) ? argv : null

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #42b4eaa5f8ee032a Filesystem access.
pkgs/npm/[email protected]/lib/parse-args.js:4 
const { readFileSync } = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #42b4eaa5f8ee032a Filesystem access.
pkgs/npm/[email protected]/lib/parse-args.js:4 
const { readFileSync } = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #23bbbeb4e53ad6cf Filesystem access.
pkgs/npm/[email protected]/lib/parse-args.js:18 
        const config = JSON.parse(readFileSync(path))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #899cdca4d93b3e84 Environment-variable access.
pkgs/npm/[email protected]/lib/parse-args.js:129 
      default: process.env.NODE_V8_COVERAGE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #53a933e30097a96a Filesystem access.
pkgs/npm/[email protected]/lib/report.js:9 
  ;({ readFile } = require('fs').promises)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #30648d110fe04ed4 Filesystem access.
pkgs/npm/[email protected]/lib/report.js:11 
const { readdirSync, readFileSync, statSync } = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #30648d110fe04ed4 Filesystem access.
pkgs/npm/[email protected]/lib/report.js:11 
const { readdirSync, readFileSync, statSync } = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #9f9077720d4b44e2 Filesystem access.
pkgs/npm/[email protected]/lib/report.js:452 
        reports.push(JSON.parse(readFileSync(
          resolve(this.tempDirectory, file),
          'utf8'
        )))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #50c49b9fb042e958 Filesystem access.
pkgs/npm/[email protected]/lib/source-map-from-file.js:27 
const { readFileSync } = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #50c49b9fb042e958 Filesystem access.
pkgs/npm/[email protected]/lib/source-map-from-file.js:27 
const { readFileSync } = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #3f8858b6016e4d3c Filesystem access.
pkgs/npm/[email protected]/lib/source-map-from-file.js:40 
  const fileBody = readFileSync(filename).toString()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #e71ffa4c163bd747 Filesystem access.
pkgs/npm/[email protected]/lib/source-map-from-file.js:71 
    const content = readFileSync(fileURLToPath(mapURL), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

execa

npm dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #a90ba6a95b0808fd Filesystem access.
pkgs/npm/[email protected]/lib/io/output-sync.js:132 
			writeFileSync(path, serializedResult);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #3e6669184bdc649f Filesystem access.
pkgs/npm/[email protected]/lib/stdio/handle-sync.js:41 
		fileUrl: ({value}) => ({contents: [bufferToUint8Array(readFileSync(value))]}),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #f6932e3068832493 Filesystem access.
pkgs/npm/[email protected]/lib/stdio/handle-sync.js:42 
		filePath: ({value: {file}}) => ({contents: [bufferToUint8Array(readFileSync(file))]}),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.
low env_fs dependency Excluded from app score #89d1f408023efd6e Filesystem access.
pkgs/npm/[email protected]/lib/stdio/native.js:59 
	return {type: 'uint8Array', value: bufferToUint8Array(readFileSync(targetFdNumber)), optionName};

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

Skipped dependencies

Development

  • tsd dev — dist-only: no readable source
  • xo dev — dist-only: no readable source